diff options
author | z0rglub <z0rglub@piwigo.org> | 2003-07-01 09:27:20 +0000 |
---|---|---|
committer | z0rglub <z0rglub@piwigo.org> | 2003-07-01 09:27:20 +0000 |
commit | 0ec91d8b4834d63c65dcbef6ac49ab5a8f68ddd1 (patch) | |
tree | b21ebe1713021f8f783f10b948acdb03878d5223 /admin | |
parent | 1080c51deb551ec63677adb842025065fa0999ba (diff) |
*** empty log message ***
git-svn-id: http://piwigo.org/svn/trunk@21 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | admin/admin.php | 110 | ||||
-rw-r--r-- | admin/cat_list.php (renamed from admin/cat.php) | 122 | ||||
-rw-r--r-- | admin/cat_modify.php (renamed from admin/edit_cat.php) | 71 | ||||
-rw-r--r-- | admin/cat_perm.php | 210 | ||||
-rw-r--r-- | admin/configuration.php | 77 | ||||
-rw-r--r-- | admin/group_list.php | 135 | ||||
-rw-r--r-- | admin/group_perm.php | 104 | ||||
-rw-r--r-- | admin/include/functions.php | 63 | ||||
-rw-r--r-- | admin/include/isadmin.inc.php | 4 | ||||
-rw-r--r-- | admin/perm.php | 270 | ||||
-rw-r--r-- | admin/user_list.php | 69 | ||||
-rw-r--r-- | admin/user_modify.php | 97 | ||||
-rw-r--r-- | admin/user_perm.php | 174 |
13 files changed, 1035 insertions, 471 deletions
diff --git a/admin/admin.php b/admin/admin.php index 5730356fe..3825ca71a 100644 --- a/admin/admin.php +++ b/admin/admin.php @@ -25,55 +25,110 @@ $vtp->setGlobalVar( $handle, 'page_title', $lang['title_default'] ); $vtp->setGlobalVar( $handle, 'menu_title', $lang['menu_title'] ); //--------------------------------------- validating page and creation of title $page_valide = false; +$title = ''; switch ( $_GET['page'] ) { case 'user_add': - $titre = $lang['title_add']; $page_valide = true; break; + $title = $lang['title_add']; $page_valide = true; break; case 'user_list': - $titre = $lang['title_liste_users']; $page_valide = true; break; + $title = $lang['title_liste_users']; $page_valide = true; break; case 'user_modify': - $titre = $lang['title_modify']; $page_valide = true; break; + $title = $lang['title_modify']; $page_valide = true; break; + case 'user_perm': + if ( !is_numeric( $_GET['user_id'] ) ) $_GET['user_id'] = -1; + $query = 'SELECT status,username'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ' WHERE id = '.$_GET['user_id']; + $query.= ';'; + $result = mysql_query( $query ); + if ( mysql_num_rows( $result ) > 0 ) + { + $row = mysql_fetch_array( $result ); + $page['user_status'] = $row['status']; + if ( $row['username'] == 'guest' ) $row['username'] = $lang['guest']; + $page['user_username'] = $row['username']; + $page_valide = true; + $title = $lang['title_user_perm'].' "'.$page['user_username'].'"'; + } + else + { + $page_valide = false; + } + break; + case 'group_list' : + $title = $lang['title_groups']; $page_valide = true; break; + case 'group_perm' : + if ( !is_numeric( $_GET['group_id'] ) ) $_GET['group_id'] = -1; + $query = 'SELECT name'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' WHERE id = '.$_GET['group_id']; + $query.= ';'; + $result = mysql_query( $query ); + if ( mysql_num_rows( $result ) > 0 ) + { + $row = mysql_fetch_array( $result ); + $title = $lang['title_group_perm'].' "'.$row['name'].'"'; + $page_valide = true; + } + else + { + $page_valide = false; + } + break; case 'historique': - $titre = $lang['title_history']; $page_valide = true; break; + $title = $lang['title_history']; $page_valide = true; break; case 'update': - $titre = $lang['title_update']; $page_valide = true; break; + $title = $lang['title_update']; $page_valide = true; break; case 'configuration': - $titre = $lang['title_configuration']; $page_valide = true; break; + $title = $lang['title_configuration']; $page_valide = true; break; case 'manuel': - $titre = $lang['title_instructions']; $page_valide = true; break; - case 'perm': - $titre = $lang['title_permissions']; $page_valide = true; break; - case 'cat': - $titre = $lang['title_categories']; $page_valide = true; break; - case 'edit_cat': - $titre = $lang['title_edit_cat']; $page_valide = true; break; + $title = $lang['title_instructions']; $page_valide = true; break; + case 'cat_perm': + $title = $lang['title_cat_perm']; + if ( isset( $_GET['cat_id'] ) ) + { + check_cat_id( $_GET['cat_id'] ); + if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) + { + $result = get_cat_info( $page['cat'] ); + $name = get_cat_display_name( $result['name'],' > ', '' ); + $title.= ' "'.$name.'"'; + } + } + $page_valide = true; + break; + case 'cat_list': + $title = $lang['title_categories']; $page_valide = true; break; + case 'cat_modify': + $title = $lang['title_edit_cat']; $page_valide = true; break; case 'infos_images': - $titre = $lang['title_info_images']; $page_valide = true; break; + $title = $lang['title_info_images']; $page_valide = true; break; case 'waiting': - $titre = $lang['title_waiting']; $page_valide = true; break; + $title = $lang['title_waiting']; $page_valide = true; break; case 'thumbnail': - $titre = $lang['title_thumbnails']; + $title = $lang['title_thumbnails']; if ( isset( $_GET['dir'] ) ) { - $titre.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">'; + $title.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">'; // $_GET['dir'] contient : // ../galleries/vieux_lyon ou // ../galleries/vieux_lyon/visite ou // ../galleries/vieux_lyon/visite/truc ... $dir = explode( "/", $_GET['dir'] ); - $titre.= $dir[2]; + $title.= $dir[2]; for ( $i = 3; $i < sizeof( $dir ) - 1; $i++ ) { - $titre.= ' > '.$dir[$i]; + $title.= ' > '.$dir[$i]; } - $titre.= "</span>"; + $title.= "</span>"; } $page_valide = true; break; default: - $titre = $lang['title_default']; break; + $title = $lang['title_default']; break; } -$vtp->setGlobalVar( $handle, 'title', $titre ); +if ( $title == '' ) $title = $lang['title_default']; +$vtp->setGlobalVar( $handle, 'title', $title ); //--------------------------------------------------------------------- summary $link_start = './admin.php?page='; // configuration @@ -87,7 +142,7 @@ $vtp->closeSession( $handle, 'summary' ); $vtp->addSession( $handle, 'summary' ); $vtp->setVar( $handle, 'summary.indent', '' ); $vtp->setVar( $handle, 'summary.link', - add_session_id( $link_start.'liste_users' ) ); + add_session_id( $link_start.'user_list' ) ); $vtp->setVar( $handle, 'summary.name', $lang['menu_users'] ); $vtp->closeSession( $handle, 'summary' ); // user list @@ -104,10 +159,17 @@ $vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'user_add' ) ); $vtp->setVar( $handle, 'summary.name', $lang['menu_add_user'] ); $vtp->closeSession( $handle, 'summary' ); +// groups +$vtp->addSession( $handle, 'summary' ); +$vtp->setVar( $handle, 'summary.indent', '' ); +$vtp->setVar( $handle, 'summary.link', + add_session_id( $link_start.'group_list' ) ); +$vtp->setVar( $handle, 'summary.name', $lang['menu_groups'] ); +$vtp->closeSession( $handle, 'summary' ); // categories $vtp->addSession( $handle, 'summary' ); $vtp->setVar( $handle, 'summary.indent', '' ); -$vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'cat' ) ); +$vtp->setVar( $handle, 'summary.link',add_session_id( $link_start.'cat_list')); $vtp->setVar( $handle, 'summary.name', $lang['menu_categories'] ); $vtp->closeSession( $handle, 'summary' ); // waiting diff --git a/admin/cat.php b/admin/cat_list.php index 890fa866a..a0c7696b7 100644 --- a/admin/cat.php +++ b/admin/cat_list.php @@ -17,7 +17,7 @@ ***************************************************************************/ include_once( './include/isadmin.inc.php' ); //----------------------------------------------------- template initialization -$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat.vtp' ); +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_list.vtp' ); // language $vtp->setGlobalVar( $sub, 'cat_edit', $lang['cat_edit'] ); $vtp->setGlobalVar( $sub, 'cat_up', $lang['cat_up'] ); @@ -30,41 +30,41 @@ if ( isset( $_GET['up'] ) && is_numeric( $_GET['up'] ) ) { // 1. searching level (id_uppercat) // and rank of the category to move - $query = 'select id_uppercat,rank'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where id = '.$_GET['up']; + $query = 'SELECT id_uppercat,rank'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id = '.$_GET['up']; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $level = $row['id_uppercat']; $rank = $row['rank']; // 2. searching the id and the rank of the category // just above at the same level - $query = 'select id,rank'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where rank < '.$rank; + $query = 'SELECT id,rank'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE rank < '.$rank; if ( $level == '' ) { - $query.= ' and id_uppercat is null'; + $query.= ' AND id_uppercat IS NULL'; } else { - $query.= ' and id_uppercat = '.$level; + $query.= ' AND id_uppercat = '.$level; } - $query.= ' order by rank desc'; - $query.= ' limit 0,1'; + $query.= ' ORDER BY rank DESC'; + $query.= ' LIMIT 0,1'; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $new_rank = $row['rank']; $replaced_cat = $row['id']; // 3. exchanging ranks between the two categories - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$new_rank; - $query.= ' where id = '.$_GET['up']; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$new_rank; + $query.= ' WHERE id = '.$_GET['up']; $query.= ';'; mysql_query( $query ); - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$rank; - $query.= ' where id = '.$replaced_cat; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$rank; + $query.= ' WHERE id = '.$replaced_cat; $query.= ';'; mysql_query( $query ); } @@ -72,41 +72,41 @@ if ( isset( $_GET['down'] ) && is_numeric( $_GET['down'] ) ) { // 1. searching level (id_uppercat) // and rank of the category to move - $query = 'select id_uppercat,rank'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where id = '.$_GET['down']; + $query = 'SELECT id_uppercat,rank'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id = '.$_GET['down']; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $level = $row['id_uppercat']; $rank = $row['rank']; // 2. searching the id and the rank of the category // just below at the same level - $query = 'select id,rank'; - $query.= ' from '.PREFIX_TABLE.'categories'; - $query.= ' where rank > '.$rank; + $query = 'SELECT id,rank'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE rank > '.$rank; if ( $level == '' ) { - $query.= ' and id_uppercat is null'; + $query.= ' AND id_uppercat is null'; } else { - $query.= ' and id_uppercat = '.$level; + $query.= ' AND id_uppercat = '.$level; } - $query.= ' order by rank asc'; - $query.= ' limit 0,1'; + $query.= ' ORDER BY rank ASC'; + $query.= ' LIMIT 0,1'; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $new_rank = $row['rank']; $replaced_cat = $row['id']; // 3. exchanging ranks between the two categories - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$new_rank; - $query.= ' where id = '.$_GET['down']; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$new_rank; + $query.= ' WHERE id = '.$_GET['down']; $query.= ';'; mysql_query( $query ); - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$rank; - $query.= ' where id = '.$replaced_cat; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$rank; + $query.= ' WHERE id = '.$replaced_cat; $query.= ';'; mysql_query( $query ); } @@ -115,24 +115,24 @@ function ordering( $id_uppercat ) { $rank = 1; - $query = 'select id'; - $query.= ' from '.PREFIX_TABLE.'categories'; + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; if ( !is_numeric( $id_uppercat ) ) { - $query.= ' where id_uppercat is NULL'; + $query.= ' WHERE id_uppercat IS NULL'; } else { - $query.= ' where id_uppercat = '.$id_uppercat; + $query.= ' WHERE id_uppercat = '.$id_uppercat; } - $query.= ' order by rank asc, dir asc'; + $query.= ' ORDER BY rank ASC, dir ASC'; $query.= ';'; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) { - $query = 'update '.PREFIX_TABLE.'categories'; - $query.= ' set rank = '.$rank; - $query.= ' where id = '.$row['id']; + $query = 'UPDATE '.PREFIX_TABLE.'categories'; + $query.= ' SET rank = '.$rank; + $query.= ' WHERE id = '.$row['id']; $query.= ';'; mysql_query( $query ); $rank++; @@ -148,15 +148,15 @@ function display_cat_manager( $id_uppercat, $indent, global $lang,$conf,$sub,$vtp; // searching the min_rank and the max_rank of the category - $query = 'select min(rank) as min, max(rank) as max'; - $query.= ' from '.PREFIX_TABLE.'categories'; + $query = 'SELECT MIN(rank) AS min, MAX(rank) AS max'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; if ( !is_numeric( $id_uppercat ) ) { - $query.= ' where id_uppercat is NULL'; + $query.= ' WHERE id_uppercat IS NULL'; } else { - $query.= ' where id_uppercat = '.$id_uppercat; + $query.= ' WHERE id_uppercat = '.$id_uppercat; } $query.= ';'; $result = mysql_query( $query ); @@ -176,17 +176,17 @@ function display_cat_manager( $id_uppercat, $indent, $td = 'th'; } - $query = 'select id,name,dir,nb_images,status,rank,site_id'; - $query.= ' from '.PREFIX_TABLE.'categories'; + $query = 'SELECT id,name,dir,nb_images,status,rank,site_id,visible'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; if ( !is_numeric( $id_uppercat ) ) { - $query.= ' where id_uppercat is NULL'; + $query.= ' WHERE id_uppercat IS NULL'; } else { - $query.= ' where id_uppercat = '.$id_uppercat; + $query.= ' WHERE id_uppercat = '.$id_uppercat; } - $query.= ' order by rank asc'; + $query.= ' ORDER BY rank ASC'; $query.= ';'; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) @@ -207,13 +207,17 @@ function display_cat_manager( $id_uppercat, $indent, } $vtp->setVar( $sub, 'cat.name', $name ); $vtp->setVar( $sub, 'cat.dir', $row['dir'] ); - if ( $row['status'] == 'invisible' || !$uppercat_visible ) + if ( $row['visible'] == 'false' or !$uppercat_visible ) { $subcat_visible = false; $vtp->setVar( $sub, 'cat.invisible', $lang['cat_invisible'] ); } + if ( $row['status'] == 'private' ) + { + $vtp->setVar( $sub, 'cat.private', $lang['private'] ); + } $vtp->setVar( $sub, 'cat.nb_picture', $row['nb_images'] ); - $url = add_session_id( './admin.php?page=edit_cat&cat='.$row['id'] ); + $url = add_session_id( './admin.php?page=cat_modify&cat='.$row['id'] ); $vtp->setVar( $sub, 'cat.edit_url', $url ); if ( $row['rank'] != $min_rank ) { @@ -252,8 +256,18 @@ function display_cat_manager( $id_uppercat, $indent, $vtp->addSession( $sub, 'no_image_info' ); $vtp->closeSession( $sub, 'no_image_info' ); } - $url = add_session_id( './admin.php?page=perm&cat_id='.$row['id'] ); - $vtp->setVar( $sub, 'cat.permission_url', $url ); + if ( $row['status'] == 'private' ) + { + $vtp->addSession( $sub, 'permission' ); + $url=add_session_id('./admin.php?page=cat_perm&cat_id='.$row['id']); + $vtp->setVar( $sub, 'permission.url', $url ); + $vtp->closeSession( $sub, 'permission' ); + } + else + { + $vtp->addSession( $sub, 'no_permission' ); + $vtp->closeSession( $sub, 'no_permission' ); + } if ( $row['site_id'] == 1 ) { $vtp->addSession( $sub, 'update' ); diff --git a/admin/edit_cat.php b/admin/cat_modify.php index bcd78b751..3e171139f 100644 --- a/admin/edit_cat.php +++ b/admin/cat_modify.php @@ -1,6 +1,6 @@ <?php /*************************************************************************** - * edit_cat.php * + * cat_modify.php * * ------------------- * * application : PhpWebGallery 1.3 * * author : Pierrick LE GALL <pierrick@z0rglub.com> * @@ -17,14 +17,41 @@ include_once( './include/isadmin.inc.php' ); //----------------------------------------------------- template initialization -$sub = $vtp->Open( '../template/'.$user['template'].'/admin/edit_cat.vtp' ); +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_modify.vtp' ); $tpl = array( 'remote_site','editcat_confirm','editcat_back','editcat_title1', - 'editcat_name', 'editcat_comment', 'editcat_status', - 'editcat_status_info', 'submit' ); + 'editcat_name','editcat_comment','editcat_status', + 'editcat_visible','editcat_status_info', 'submit' ); templatize_array( $tpl, 'lang', $sub ); +//---------------------------------------------------------------- verification +if ( !is_numeric( $_GET['cat'] ) ) +{ + $_GET['cat'] = '-1'; +} //--------------------------------------------------------- form criteria check if ( isset( $_POST['submit'] ) ) { + // if new status is different from previous one, deletion of all related + // links for access rights + $query = 'SELECT status'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= ' WHERE id = '.$_GET['cat']; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + + if ( $_POST['status'] != $row['status'] ) + { + // deletion of all access for groups concerning this category + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$_GET['cat']; + mysql_query( $query ); + // deletion of all access for users concerning this category + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'user_access'; + $query.= ' WHERE cat_id = '.$_GET['cat']; + mysql_query( $query ); + } + $query = 'UPDATE '.PREFIX_TABLE.'categories'; if ( $_POST['name'] == '' ) { @@ -43,6 +70,7 @@ if ( isset( $_POST['submit'] ) ) $query.= ", comment = '".htmlentities( $_POST['comment'], ENT_QUOTES )."'"; } $query.= ", status = '".$_POST['status']."'"; + $query.= ", visible = '".$_POST['visible']."'"; $query.= " WHERE id = '".$_GET['cat']."'"; $query.= ';'; mysql_query( $query ); @@ -57,26 +85,28 @@ if ( isset( $_POST['submit'] ) ) check_favorites( $row['id'] ); } $vtp->addSession( $sub, 'confirmation' ); - $url = add_session_id( './admin.php?page=cat' ); + $url = add_session_id( './admin.php?page=cat_list' ); $vtp->setVar( $sub, 'confirmation.back_url', $url ); $vtp->closeSession( $sub, 'confirmation' ); } //------------------------------------------------------------------------ form -$form_action = './admin.php?page=edit_cat&cat='.$_GET['cat']; +$form_action = './admin.php?page=cat_modify&cat='.$_GET['cat']; $vtp->setVar( $sub, 'form_action', add_session_id( $form_action ) ); $query = 'SELECT a.id,name,dir,status,comment'; -$query.= ',id_uppercat,site_id,galleries_url'; +$query.= ',id_uppercat,site_id,galleries_url,visible'; $query.= ' FROM '.PREFIX_TABLE.'categories as a, '.PREFIX_TABLE.'sites as b'; $query.= ' WHERE a.id = '.$_GET['cat']; $query.= ' AND a.site_id = b.id'; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); $result = get_cat_info( $row['id'] ); - +// cat name $cat_name = get_cat_display_name( $result['name'], ' - ', '' ); $vtp->setVar( $sub, 'cat:name', $cat_name ); +// cat dir $vtp->setVar( $sub, 'cat:dir', $row['dir'] ); +// remote site ? if ( $row['site_id'] != 1 ) { $vtp->addSession( $sub, 'server' ); @@ -85,16 +115,39 @@ if ( $row['site_id'] != 1 ) } $vtp->setVar( $sub, 'name', $row['name'] ); $vtp->setVar( $sub, 'comment', $row['comment'] ); +// status : public, private... $options = get_enums( PREFIX_TABLE.'categories', 'status' ); foreach ( $options as $option ) { $vtp->addSession( $sub, 'status_option' ); - $vtp->setVar( $sub, 'status_option.option', $option ); + $vtp->setVar( $sub, 'status_option.option', $lang[$option] ); + $vtp->setVar( $sub, 'status_option.value', $option ); if ( $option == $row['status'] ) { $vtp->setVar( $sub, 'status_option.checked', ' checked="checked"' ); } $vtp->closeSession( $sub, 'status_option' ); } +// visible : true or false +$vtp->addSession( $sub, 'visible_option' ); +$vtp->setVar( $sub, 'visible_option.value', 'true' ); +$vtp->setVar( $sub, 'visible_option.option', $lang['yes'] ); +$checked = ''; +if ( $row['visible'] == 'true' ) +{ + $checked = ' checked="checked"'; +} +$vtp->setVar( $sub, 'visible_option.checked', $checked ); +$vtp->closeSession( $sub, 'visible_option' ); +$vtp->addSession( $sub, 'visible_option' ); +$vtp->setVar( $sub, 'visible_option.value', 'false' ); +$vtp->setVar( $sub, 'visible_option.option', $lang['no'] ); +$checked = ''; +if ( $row['visible'] == 'false' ) +{ + $checked = ' checked="checked"'; +} +$vtp->setVar( $sub, 'visible_option.checked', $checked ); +$vtp->closeSession( $sub, 'visible_option' ); //----------------------------------------------------------- sending html code $vtp->Parse( $handle , 'sub', $sub ); ?>
\ No newline at end of file diff --git a/admin/cat_perm.php b/admin/cat_perm.php new file mode 100644 index 000000000..d8e0f28dc --- /dev/null +++ b/admin/cat_perm.php @@ -0,0 +1,210 @@ +<?php +/*************************************************************************** + * cat_perm.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_perm.vtp' ); +$error = array(); +$tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups', + 'submit','menu_users','permuser_parent_forbidden' ); +templatize_array( $tpl, 'lang', $sub ); +//-------------------------------------------------------------- category infos +if ( isset( $_GET['cat_id'] ) ) +{ + check_cat_id( $_GET['cat_id'] ); + if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) + { + $result = get_cat_info( $page['cat'] ); + $page['cat_name'] = $result['name']; + $page['id_uppercat'] = $result['id_uppercat']; + } +} +//---------------------------------------------------------- permission updates +if ( isset( $_POST['submit'] ) ) +{ + // groups access update + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$page['cat']; + $query.= ';'; + mysql_query( $query ); + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'groupaccess-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'group_access'; + $query.= ' (cat_id,group_id) VALUES'; + $query.= ' ('.$page['cat'].','.$row['id'].')'; + $query.= ';'; + mysql_query( $query ); + } + } + // users access update + $query = 'DELETE'; + $query.= ' FROM '.PREFIX_TABLE.'user_access'; + $query.= ' WHERE cat_id = '.$page['cat']; + $query.= ';'; + mysql_query( $query ); + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'useraccess-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; + $query.= ' (cat_id,user_id) VALUES'; + $query.= ' ('.$page['cat'].','.$row['id'].')'; + $query.= ';'; + mysql_query( $query ); + } + check_favorites( $row['id'] ); + } + // echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>"; +} +//---------------------------------------------------------------------- groups +$query = 'SELECT id,name'; +$query.= ' FROM '.PREFIX_TABLE.'groups'; +$query. ';'; +$result = mysql_query( $query ); +if ( mysql_num_rows( $result ) > 0 ) +{ + $vtp->addSession( $sub, 'groups' ); + // creating an array with all authorized groups for this category + $query = 'SELECT group_id'; + $query.= ' FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$_GET['cat_id']; + $query.= ';'; + $subresult = mysql_query( $query ); + $authorized_groups = array(); + while ( $subrow = mysql_fetch_array( $subresult ) ) + { + array_push( $authorized_groups, $subrow['group_id'] ); + } + // displaying each group + while( $row = mysql_fetch_array( $result ) ) + { + $vtp->addSession( $sub, 'group' ); + if ( in_array( $row['id'], $authorized_groups ) ) + { + $vtp->setVar( $sub, 'group.color', 'green' ); + $vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'group.color', 'red' ); + $vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' ); + } + $vtp->setVar( $sub, 'group.groupname', $row['name'] ); + $vtp->setVar( $sub, 'group.id', $row['id'] ); + $vtp->closeSession( $sub, 'group' ); + } + $vtp->closeSession( $sub, 'groups' ); +} +//----------------------------------------------------------------------- users +$query = 'SELECT id,username,status'; +$query.= ' FROM '.PREFIX_TABLE.'users'; +$query.= " WHERE username != '".$conf['webmaster']."'"; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'user' ); + $vtp->setVar( $sub, 'user.id', $row['id'] ); + $url = add_session_id( './admin.php?page=user_perm&user_id='.$row['id']); + $vtp->setVar( $sub, 'user.user_perm_link', $url); + if ( $row['username'] == 'guest' ) + { + $row['username'] = $lang['guest']; + } + $vtp->setVar( $sub, 'user.username', $row['username'] ); + + // for color of user : (red means access forbidden, green authorized) we + // ask all forbidden categories, including the groups rights + $restrictions = get_restrictions( $row['id'], $row['status'], false ); + $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); + if ( $is_user_allowed == 0 ) + { + $vtp->setVar( $sub, 'user.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'user.color', 'red' ); + } + // for permission update button, we only ask forbidden categories for the + // user, not taking into account the groups the user belongs to + $restrictions = get_restrictions( $row['id'], $row['status'], false, false ); + $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); + if ( $is_user_allowed == 2 ) + { + $vtp->addSession( $sub, 'parent_forbidden' ); + $url = './admin.php?page=cat_perm&cat_id='.$page['id_uppercat']; + $vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'parent_forbidden' ); + } + if ( $is_user_allowed == 0 ) + { + $vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' ); + } + // user's group(s) + $query = 'SELECT g.name as groupname, g.id as groupid'; + $query.= ' FROM '.PREFIX_TABLE.'groups as g'; + $query.= ', '.PREFIX_TABLE.'user_group as ug'; + $query.= ' WHERE ug.group_id = g.id'; + $query.= ' AND ug.user_id = '.$row['id']; + $query.= ';'; + $subresult = mysql_query( $query ); + if ( mysql_num_rows( $subresult ) > 0 ) + { + $vtp->addSession( $sub, 'usergroups' ); + $i = 0; + while( $subrow = mysql_fetch_array( $subresult ) ) + { + $vtp->addSession( $sub, 'usergroup' ); + if ( in_array( $subrow['groupid'], $authorized_groups ) ) + { + $vtp->setVar( $sub, 'usergroup.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'usergroup.color', 'red' ); + } + $vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] ); + if ( $i < mysql_num_rows( $subresult ) - 1 ) + { + $vtp->setVar( $sub, 'usergroup.separation', ',' ); + } + $vtp->closeSession( $sub, 'usergroup' ); + $i++; + } + $vtp->closeSession( $sub, 'usergroups' ); + } + $vtp->closeSession( $sub, 'user' ); +} +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file diff --git a/admin/configuration.php b/admin/configuration.php index bb8978c65..34e148c4d 100644 --- a/admin/configuration.php +++ b/admin/configuration.php @@ -15,7 +15,7 @@ * the Free Software Foundation; * * * ***************************************************************************/ - + include_once( './include/isadmin.inc.php' ); $Caracs = array("¥" => "Y", "µ" => "u", "À" => "A", "Á" => "A", @@ -48,7 +48,8 @@ array( 'nb_image_line','nb_line_page','theme','language','maxwidth', $error = array(); if ( isset( $_POST['submit'] ) ) { - //purge de la table des session si demandé + $int_pattern = '/^\d+$/'; + // empty session table if asked if ( $_POST['empty_session_table'] == 1 ) { $query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; @@ -79,8 +80,8 @@ if ( isset( $_POST['submit'] ) ) array_push( $error, $lang['conf_err_mail'] ); } // periods must be integer values, they represents number of days - if ( !is_int( $_POST['short_period'] ) - or !is_int( $_POST['long_period'] ) ) + if ( !preg_match( $int_pattern, $_POST['short_period'] ) + or !preg_match( $int_pattern, $_POST['long_period'] ) ) { array_push( $error, $lang['err_periods'] ); } @@ -94,21 +95,21 @@ if ( isset( $_POST['submit'] ) ) } } // session_id size must be an integer between 4 and 50 - if ( !is_int( $_POST['session_id_size'] ) + if ( !preg_match( $int_pattern, $_POST['session_id_size'] ) or $_POST['session_id_size'] < 4 or $_POST['session_id_size'] > 50 ) { array_push( $error, $lang['conf_err_sid_size'] ); } // session_time must be an integer between 5 and 60, in minutes - if ( !is_int( $_POST['session_time'] ) + if ( !preg_match( $int_pattern, $_POST['session_time'] ) or $_POST['session_time'] < 5 or $_POST['session_time'] > 60 ) { array_push( $error, $lang['conf_err_sid_time'] ); } // max_user_listbox must be an integer between 0 and 255 included - if ( !is_int( $_POST['max_user_listbox'] ) + if ( !preg_match( $int_pattern, $_POST['max_user_listbox'] ) or $_POST['max_user_listbox'] < 0 or $_POST['max_user_listbox'] > 255 ) { @@ -116,14 +117,14 @@ if ( isset( $_POST['submit'] ) ) } // the number of comments per page must be an integer between 5 and 50 // included - if ( !is_int( $_POST['nb_comment_page'] ) + if ( !preg_match( $int_pattern, $_POST['nb_comment_page'] ) or $_POST['nb_comment_page'] < 5 or $_POST['nb_comment_page'] > 50 ) { array_push( $error, $lang['conf_err_comment_number'] ); } // the maximum upload filesize must be an integer between 10 and 1000 - if ( !is_int( $_POST['upload_maxfilesize'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxfilesize'] ) or $_POST['upload_maxfilesize'] < 10 or $_POST['upload_maxfilesize'] > 1000 ) { @@ -131,63 +132,57 @@ if ( isset( $_POST['submit'] ) ) } // the maximum width of uploaded pictures must be an integer superior to // 10 - if ( !is_int( $_POST['upload_maxwidth'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxwidth'] ) or $_POST['upload_maxwidth'] < 10 ) { array_push( $error, $lang['conf_err_upload_maxwidth'] ); } // the maximum height of uploaded pictures must be an integer superior to // 10 - if ( !is_int( $_POST['upload_maxheight'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxheight'] ) or $_POST['upload_maxheight'] < 10 ) { array_push( $error, $lang['conf_err_upload_maxheight'] ); } // the maximum width of uploaded thumbnails must be an integer superior to // 10 - if ( !is_int( $_POST['upload_maxwidth_thumbnail'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxwidth_thumbnail'] ) or $_POST['upload_maxwidth_thumbnail'] < 10 ) { array_push( $error, $lang['conf_err_upload_maxwidth_thumbnail'] ); } // the maximum width of uploaded thumbnails must be an integer superior to // 10 - if ( !is_int( $_POST['upload_maxheight_thumbnail'] ) + if ( !preg_match( $int_pattern, $_POST['upload_maxheight_thumbnail'] ) or $_POST['upload_maxheight_thumbnail'] < 10 ) { array_push( $error, $lang['conf_err_upload_maxheight_thumbnail'] ); } - $test = ''; - if ( is_int( $test ) ) echo 'salut'; exit(); - if ( $_POST['maxwidth'] != '' ) + + if ( $_POST['maxwidth'] != '' + and ( !preg_match( $int_pattern, $_POST['maxwidth'] ) + or $_POST['maxwidth'] < 50 ) ) { - if ( !ereg( "^[0-9]{2,}$", $_POST['maxwidth'] ) - or $_POST['maxwidth'] < 50 ) - { - $error[$i++] = $lang['err_maxwidth']; - } + array_push( $error, $lang['err_maxwidth'] ); } - if ( $_POST['maxheight'] != '' ) + if ( $_POST['maxheight'] + and ( !preg_match( $int_pattern, $_POST['maxheight'] ) + or $_POST['maxheight'] < 50 ) ) { - if ( !ereg( "^[0-9]{2,}$", $_POST['maxheight'] ) - or $_POST['maxheight'] < 50 ) - { - $error[$i++] = $lang['err_maxheight']; - } + array_push( $error, $lang['err_maxheight'] ); } - // on met à jour les paramètres de l'application - // dans le cas où il n'y aucune erreurs - if ( sizeof( $error ) == 0 ) + // updating configuraiton if no error found + if ( count( $error ) == 0 ) { - mysql_query( 'delete from '.PREFIX_TABLE.'config;' ); - $query = 'insert into '.PREFIX_TABLE.'config'; + mysql_query( 'DELETE FROM '.PREFIX_TABLE.'config;' ); + $query = 'INSERT INTO '.PREFIX_TABLE.'config'; $query.= ' ('; foreach ( $conf_infos as $i => $conf_info ) { if ( $i > 0 ) $query.= ','; $query.= $conf_info; } $query.= ')'; - $query.= ' values'; + $query.= ' VALUES'; $query.= ' ('; foreach ( $conf_infos as $i => $conf_info ) { if ( $i > 0 ) $query.= ','; @@ -260,15 +255,12 @@ else } } //----------------------------------------------------- template initialization -$sub = $vtp->Open( '../template/'.$user['template']. - '/admin/configuration.vtp' ); -// language -$vtp->setGlobalVar( $sub, 'conf_confirmation', $lang['conf_confirmation'] ); -$vtp->setGlobalVar( $sub, 'remote_site', $lang['remote_site'] ); -$vtp->setGlobalVar( $sub, 'delete', $lang['delete'] ); -$vtp->setGlobalVar( $sub, 'conf_remote_site_delete_info', - $lang['conf_remote_site_delete_info'] ); -$vtp->setGlobalVar( $sub, 'submit', $lang['submit'] ); +$sub = $vtp->Open( + '../template/'.$user['template'].'/admin/configuration.vtp' ); + +$tpl = array( 'conf_confirmation','remote_site','delete', + 'conf_remote_site_delete_info','submit' ); +templatize_array( $tpl, 'lang', $sub ); //-------------------------------------------------------------- errors display if ( sizeof( $error ) != 0 ) { @@ -345,7 +337,6 @@ $vtp->setVar( $sub, 'radio.name', 'access' ); $vtp->setVar( $sub, 'radio.value', 'free' ); $vtp->setVar( $sub, 'radio.option', $lang['conf_general_access_1'] ); $checked = ''; -echo $access.'<br />'; if ( $access == 'free' ) { $checked = ' checked="checked"'; diff --git a/admin/group_list.php b/admin/group_list.php new file mode 100644 index 000000000..f58dff1ff --- /dev/null +++ b/admin/group_list.php @@ -0,0 +1,135 @@ +<?php +/*************************************************************************** + * group.php * + * ------------------- * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_list.vtp' ); +$tpl = array( 'group_add','add','listuser_permission','delete', + 'group_confirm','yes','no','group_list_title' ); +templatize_array( $tpl, 'lang', $sub ); +//-------------------------------------------------------------- delete a group +$error = array(); +if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) +{ + $query = 'SELECT name'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' WHERE id = '.$_GET['delete']; + $query.= ';'; + $row = mysql_fetch_array( mysql_query( $query ) ); + // confirm group deletion ? + if ( $_GET['confirm'] != 1 ) + { + $vtp->addSession( $sub, 'deletion' ); + $vtp->setVar( $sub, 'deletion.name', $row['name'] ); + $yes_url = './admin.php?page=group&delete='.$_GET['delete']; + $yes_url.= '&confirm=1'; + $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) ); + $no_url = './admin.php?page=group'; + $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) ); + $vtp->closeSession( $sub, 'deletion' ); + } + // group deletion confirmed + else + { + $vtp->addSession( $sub, 'confirmation' ); + $query = 'SELECT COUNT(*) AS nb_result'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' WHERE id = '.$_GET['delete']; + $query.= ';'; + $row2 = mysql_fetch_array( mysql_query( $query ) ); + if ( $row2['nb_result'] > 0 ) + { + delete_group( $_GET['delete'] ); + $vtp->setVar( $sub, 'confirmation.class', 'info' ); + $info = '"'.$row['name'].'" '.$lang['listuser_info_deletion']; + $vtp->setVar( $sub, 'confirmation.info', $info ); + } + else + { + $vtp->setVar( $sub, 'confirmation.class', 'erreur' ); + $vtp->setVar( $sub, 'confirmation.info', $lang['group_err_unknown'] ); + } + $vtp->closeSession( $sub, 'confirmation' ); + } +} +//----------------------------------------------------------------- add a group +if ( isset( $_POST['submit'] ) ) +{ + if ( preg_match( "/'/", $_POST['name'] ) + or preg_match( '/"/', $_POST['name'] ) ) + { + array_push( $error, $lang['group_add_error1'] ); + } + if ( count( $error ) == 0 ) + { + // is the group not already existing ? + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= " WHERE name = '".$_POST['name']."'"; + $query.= ';'; + $result = mysql_query( $query ); + if ( mysql_num_rows( $result ) > 0 ) + { + array_push( $error, $lang['group_add_error2'] ); + } + } + if ( count( $error ) == 0 ) + { + // creating the group + $query = ' INSERT INTO '.PREFIX_TABLE.'groups'; + $query.= " (name) VALUES ('".$_POST['name']."')"; + $query.= ';'; + mysql_query( $query ); + } +} +//-------------------------------------------------------------- errors display +if ( sizeof( $error ) != 0 ) +{ + $vtp->addSession( $sub, 'errors' ); + for ( $i = 0; $i < sizeof( $error ); $i++ ) + { + $vtp->addSession( $sub, 'li' ); + $vtp->setVar( $sub, 'li.li', $error[$i] ); + $vtp->closeSession( $sub, 'li' ); + } + $vtp->closeSession( $sub, 'errors' ); +} +//----------------------------------------------------------------- groups list +$vtp->addSession( $sub, 'groups' ); + +$query = 'SELECT id,name'; +$query.= ' FROM '.PREFIX_TABLE.'groups'; +$query.= ' ORDER BY id ASC'; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'group' ); + $vtp->setVar( $sub, 'group.name', $row['name'] ); + $url = './admin.php?page=group_perm&group_id='.$row['id']; + $vtp->setVar( $sub, 'group.permission_url', add_session_id( $url ) ); + $url = './admin.php?page=group&delete='.$row['id']; + $vtp->setVar( $sub, 'group.deletion_url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'group' ); +} + +$vtp->closeSession( $sub, 'groups' ); +//------------------------------------------------------- create new group form +$action = './admin.php?'.$_SERVER['QUERY_STRING']; +$vtp->setVar( $sub, 'form_action', $action ); +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file diff --git a/admin/group_perm.php b/admin/group_perm.php new file mode 100644 index 000000000..67e5e2cd3 --- /dev/null +++ b/admin/group_perm.php @@ -0,0 +1,104 @@ +<?php +/*************************************************************************** + * group_perm.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_perm.vtp' ); +$error = array(); +$tpl = array( 'permuser_authorized','permuser_forbidden','submit', + 'permuser_parent_forbidden','permuser_info_message', + 'adduser_info_back' ); +templatize_array( $tpl, 'lang', $sub ); +//--------------------------------------------------------------------- updates +if ( isset( $_POST['submit'] ) ) +{ + // cleaning the user_access table for this group + $query = 'DELETE FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE group_id = '.$_GET['group_id']; + $query.= ';'; + mysql_query( $query ); + // selecting all private categories + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= " WHERE status = 'private'"; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'access-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'group_access'; + $query.= ' (group_id,cat_id) VALUES'; + $query.= ' ('.$_GET['group_id'].','.$row['id'].')'; + $query.= ';'; + mysql_query ( $query ); + } + } + $vtp->addSession( $sub, 'confirmation' ); + $url = './admin.php?page=group_list'; + $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'confirmation' ); +} +//---------------------------------------------------------------- form display +$restrictions = get_group_restrictions( $_GET['group_id'] ); +$action = './admin.php?page=group_perm&group_id='.$_GET['group_id']; +$vtp->setVar( $sub, 'action', add_session_id( $action ) ); +// only private categories are listed +$query = 'SELECT id'; +$query.= ' FROM '.PREFIX_TABLE.'categories'; +$query.= " WHERE status = 'private'"; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'category' ); + $vtp->setVar( $sub, 'category.id', $row['id'] ); + // Is the group allowed to access this category + $is_group_allowed = is_group_allowed( $row['id'], $restrictions ); + if ( $is_group_allowed == 0 ) + { + $vtp->setVar( $sub, 'category.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'category.color', 'red' ); + } + // category name + $cat_infos = get_cat_info( $row['id'] ); + $name = get_cat_display_name( $cat_infos['name'],' > ', + 'font-weight:bold;' ); + $vtp->setVar( $sub, 'category.name', $name ); + // any subcat forbidden for this group ? + if ( $is_group_allowed == 2 ) + { + $vtp->addSession( $sub, 'parent_forbidden' ); + $vtp->closeSession( $sub, 'parent_forbidden' ); + } + // forbidden or authorized access ? + if ( $is_group_allowed == 0 or $is_group_allowed == 2 ) + { + $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' ); + } + $vtp->closeSession( $sub, 'category' ); +} +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file diff --git a/admin/include/functions.php b/admin/include/functions.php index c6678caf0..cd58d0822 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -101,13 +101,17 @@ function delete_category( $id ) { delete_image( $row['id'] ); } - - // destruction of the restrictions linked to the category - $query = 'DELETE FROM '.PREFIX_TABLE.'restrictions'; + + // destruction of the access linked to the category + $query = 'DELETE FROM '.PREFIX_TABLE.'user_access'; $query.= ' WHERE cat_id = '.$id; $query.= ';'; mysql_query( $query ); - + $query = 'DELETE FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE cat_id = '.$id; + $query.= ';'; + mysql_query( $query ); + // destruction of the sub-categories $query = 'SELECT id'; $query.= ' FROM '.PREFIX_TABLE.'categories'; @@ -118,7 +122,7 @@ function delete_category( $id ) { delete_category( $row['id'] ); } - + // destruction of the category $query = 'DELETE FROM '.PREFIX_TABLE.'categories'; $query.= ' WHERE id = '.$id; @@ -156,21 +160,35 @@ function delete_image( $id ) // The delete_user function delete a user identified by the $user_id // It also deletes : -// - all the restrictions linked to this user +// - all the access linked to this user +// - all the links to any group // - all the favorites linked to this user +// - all sessions linked to this user function delete_user( $user_id ) { - // destruction of the restrictions linked to the user - $query = 'DELETE FROM '.PREFIX_TABLE.'restrictions'; + // destruction of the access linked to the user + $query = 'DELETE FROM '.PREFIX_TABLE.'user_access'; $query.= ' WHERE user_id = '.$user_id; $query.= ';'; mysql_query( $query ); - + + // destruction of the group links for this user + $query = 'DELETE FROM '.PREFIX_TABLE.'user_group'; + $query.= ' WHERE user_id = '.$user_id; + $query.= ';'; + mysql_query( $query ); + // destruction of the favorites associated with the user $query = 'DELETE FROM '.PREFIX_TABLE.'favorites'; $query.= ' WHERE user_id = '.$user_id; $query.= ';'; mysql_query( $query ); + + // destruction of the sessions linked with the user + $query = 'DELETE FROM '.PREFIX_TABLE.'sessions'; + $query.= ' WHERE user_id = '.$user_id; + $query.= ';'; + mysql_query( $query ); // destruction of the user $query = 'DELETE FROM '.PREFIX_TABLE.'users'; @@ -178,7 +196,32 @@ function delete_user( $user_id ) $query.= ';'; mysql_query( $query ); } - + +// delete_group deletes a group identified by its $group_id. +// It also deletes : +// - all the access linked to this group +// - all the links between this group and any user +function delete_group( $group_id ) +{ + // destruction of the access linked to the group + $query = 'DELETE FROM '.PREFIX_TABLE.'group_access'; + $query.= ' WHERE group_id = '.$group_id; + $query.= ';'; + mysql_query( $query ); + + // destruction of the group links for this group + $query = 'DELETE FROM '.PREFIX_TABLE.'user_group'; + $query.= ' WHERE group_id = '.$group_id; + $query.= ';'; + mysql_query( $query ); + + // destruction of the group + $query = 'DELETE FROM '.PREFIX_TABLE.'groups'; + $query.= ' WHERE id = '.$group_id; + $query.= ';'; + mysql_query( $query ); +} + // The check_favorites function deletes all the favorites of a user if he is // not allowed to see them (the category or an upper category is restricted // or invisible) diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php index 64a77e9f3..17ef1435f 100644 --- a/admin/include/isadmin.inc.php +++ b/admin/include/isadmin.inc.php @@ -14,14 +14,12 @@ * the Free Software Foundation; * * * ***************************************************************************/ -define( PREFIXE_INCLUDE, '.' ); +define( PREFIX_INCLUDE, '.' ); include_once( '../include/config.inc.php' ); include_once( '../include/user.inc.php' ); include( './include/functions.php' ); -$conf['lien_puce'] = $conf['repertoire_image'].'puce.gif'; - $isadmin = true; include_once( '../language/'.$user['language'].'.php' ); diff --git a/admin/perm.php b/admin/perm.php deleted file mode 100644 index 257bb21fb..000000000 --- a/admin/perm.php +++ /dev/null @@ -1,270 +0,0 @@ -<?php -/*************************************************************************** - * perm.php is a part of PhpWebGallery * - * ------------------- * - * last update : Tuesday, July 16, 2002 * - * email : pierrick@z0rglub.com * - * * - ***************************************************************************/ - -/*************************************************************************** - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; * - * * - ***************************************************************************/ - include_once( "./include/isadmin.inc.php" ); - //---------------------------------------------------données de l'utilisateur - if ( isset( $HTTP_GET_VARS['user_id'] ) ) - { - $query = "select id,pseudo,status from PREFIX_TABLE"."users where id = '".$HTTP_GET_VARS['user_id']."';"; - $result = mysql_query( $query ); - $row = mysql_fetch_array( $result ); - $page['pseudo'] = $row['pseudo']; - $page['status'] = $row['status']; - if ( mysql_num_rows( $result ) == 0 ) - { - echo"<div class=\"erreur\">".$lang['user_err_unknown']."</div>"; - $erreur = true; - } - if ( $row['pseudo'] == $conf['webmaster'] ) - { - echo"<div class=\"erreur\">".$lang['user_err_modify']."</div>"; - $erreur = true; - } - } - //---------------------------------------------------données de la catégorie - if ( isset( $HTTP_GET_VARS['cat_id'] ) ) - { - $HTTP_GET_VARS['cat'] = $HTTP_GET_VARS['cat_id']; - check_cat_id( $HTTP_GET_VARS['cat_id'] ); - if ( isset( $page['cat'] ) ) - { - $result = get_cat_info( $page['cat'] ); - $page['cat_name'] = $result['name']; - $page['id_uppercat'] = $result['id_uppercat']; - } - } - //--------------------------------------------------------------- mise à jour - if ( isset( $HTTP_POST_VARS['submit'] ) ) - { - if ( isset( $HTTP_GET_VARS['user_id'] ) ) - { - mysql_query ( "delete from PREFIX_TABLE"."restrictions where user_id = ".$HTTP_GET_VARS['user_id'].";" ); - $result = mysql_query ( "select id from PREFIX_TABLE"."categories;" ); - while ( $row = mysql_fetch_array ( $result ) ) - { - $nom_select = "acces-".$row['id']; - if ( $HTTP_POST_VARS[$nom_select] == 1 ) - { - mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$HTTP_GET_VARS['user_id']."','".$row['id']."');" ); - } - } - check_favorites( $HTTP_GET_VARS['user_id'] ); - echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>"; - } - else if ( isset( $HTTP_GET_VARS['cat_id'] ) ) - { - mysql_query ( "delete from PREFIX_TABLE"."restrictions where cat_id = '".$page['cat']."';" ); - $result = mysql_query( "select id from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" ); - while ( $row = mysql_fetch_array ( $result ) ) - { - $nom_select = "acces-".$row['id']; - if ( $HTTP_POST_VARS[$nom_select] == 1 ) - { - mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$row['id']."','".$page['cat']."');" ); - } - check_favorites( $row['id'] ); - } - echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>"; - } - } - //--------------------------------------------------------------- formulaire - function display_cat_manager( $id_uppercat, $indent, $uppercat_authorized, $level, $restriction ) - { - global PREFIX_TABLE,$lang,$conf; - - $output = ""; - - // will we use <th> or <td> lines ? - if ( $level == 0 ) - { - $start_line = "<th "; - $start_line2 = "<th "; - $end_line = "</th>"; - } - else - { - $start_line = "<td "; - $end_line = "</td>"; - if ( $level == 1 ) - { - $start_line2 = "<td class=\"row1\" "; - } - else if ( $level == 2 ) - { - $start_line2 = "<td class=\"row2\" "; - } - else if ( $level == 3 ) - { - $start_line2 = "<td class=\"row3\" "; - } - else if ( $level == 4 ) - { - $start_line2 = "<td class=\"row4\" "; - } - else - { - $start_line2 = "<td "; - } - } - - $query = "select id,name,dir,rank"; - $query.= " from PREFIX_TABLE"."categories"; - if ( !is_numeric( $id_uppercat ) ) - { - $query.= " where id_uppercat is NULL"; - } - else - { - $query.= " where id_uppercat = $id_uppercat"; - } - $query.= " order by rank asc;"; - $result = mysql_query( $query ); - while ( $row = mysql_fetch_array( $result ) ) - { - $subcat_authorized = true; - - $output.= "\n<tr>"; - $output.= "\n\t".$start_line."style=\"width:85%;text-align:left;\">$indent<img src=\"".$conf['lien_puce']."\" alt=\">\" /> "; - if ( in_array( $row['id'], $restriction ) || !$uppercat_authorized ) - { - $subcat_authorized = false; - $color = "red"; - } - else - { - $color = "green"; - } - $output.= "<span style=\"color:$color;\">"; - if ( $row['name'] == "" ) - { - $output.= str_replace( "_", " ", $row['dir'] ); - } - else - { - $output.= $row['name']; - } - $output.= " [ dir : ".$row['dir']." ]"; - $output.= "</span>".$end_line; - $output.= "\n\t".$start_line2." style=\"width:15%;white-space:nowrap;text-align:right;font-weight:normal;\">"; - $output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized']; - $output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\""; - if ( in_array( $row['id'], $restriction ) ) - { - $output.= " checked=\"checked\""; - } - $output.= "/>".$lang['permuser_forbidden']; - $output.= $end_line; - $output.= "\n<tr>"; - $output.= display_cat_manager( $row['id'], $indent." ", $subcat_authorized, $level + 1, $restriction ); - } - return $output; - } - - if ( !$erreur ) - { - //---------------------------------------------- - // cas 1 : permissions pour un utilisateur donné - if ( isset( $HTTP_GET_VARS['user_id'] ) ) - { - echo" - <table style=\"width:100%;\"> - <tr> - <th>".$lang['permuser_title']." \"".$page['pseudo']."\"</th> - </tr> - </table>"; - $restriction = get_restrictions( $HTTP_GET_VARS['user_id'], $page['status'], false ); - echo" - <form action=\"".add_session_id_to_url( "./admin.php?page=perm&user_id=".$HTTP_GET_VARS['user_id'] )."\" method=\"post\"> - <div style=\"color:darkblue;margin:10px;text-align:center;\">".$lang['permuser_warning']."</div> - <table style=\"width:100%;\">"; - - echo display_cat_manager( "NULL", " ", true, 0, $restriction ); - - echo" - <tr> - <td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td> - </tr> - <table> - </form>"; - } - //---------------------------------------------- - // cas 2 : permissions pour une catégorie donnée - else if ( isset( $HTTP_GET_VARS['cat_id'] ) ) - { - echo" - <table style=\"width:100%;\"> - <tr> - <th>".$lang['permuser_cat_title']."\"".get_cat_display_name( $page['cat_name'], " - ", "font-style:italic;" )."\"</th> - </tr> - </table>"; - echo" - <form action=\"".add_session_id_to_url( "./admin.php?page=perm&cat_id=".$page['cat'] )."\" method=\"post\"> - <table style=\"width:100%;\">"; - - $result = mysql_query( "select id,pseudo,status from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" ); - $i = 0; - while ( $row = mysql_fetch_array( $result ) ) - { - $restrictions = get_restrictions( $row['id'], $row['status'], false ); - $is_user_allowed = is_user_allowed( $page['cat'], $restrictions ); - $class = ""; - if ( $i%2 == 1 ) - { - $class = "class=\"row2\""; - } - echo" - <tr> - <td $class><a href=\"".add_session_id_to_url( "./admin.php?page=perm&user_id=".$row['id'] )."\">"; - echo "<span style=\"color:"; - if ( $is_user_allowed > 0 ) - { - echo "red"; - } - else - { - echo "green"; - } - echo "\">".$row['pseudo']."</span></a></td> - <td $class style=\"text-align:right;\">"; - if ( $is_user_allowed == 2 ) - { - echo "<a href=\"".add_session_id_to_url( "./admin.php?page=perm&cat_id=".$page['id_uppercat'] )."\"><span style=\"color:red;\">".$lang['permuser_parent_forbidden']."</span></a>"; - } - else - { - echo" - <input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized']." - <input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\""; - if ( $is_user_allowed == 1 ) - { - echo" checked=\"checked\""; - } - echo"/>".$lang['permuser_forbidden']; - } - echo" - </td> - </tr>"; - $i++; - } - echo" - <tr> - <td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td> - </tr> - </table> - </form>"; - } - } -?>
\ No newline at end of file diff --git a/admin/user_list.php b/admin/user_list.php index d4289489d..766bfc310 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -17,32 +17,18 @@ include_once( './include/isadmin.inc.php' ); //----------------------------------------------------- template initialization $sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_list.vtp' ); -// language -$vtp->setGlobalVar( $sub, 'listuser_confirm', $lang['listuser_confirm'] ); -$vtp->setGlobalVar( $sub, 'listuser_modify_hint', - $lang['listuser_modify_hint'] ); -$vtp->setGlobalVar( $sub, 'listuser_modify', $lang['listuser_modify'] ); -$vtp->setGlobalVar( $sub, 'listuser_permission', - $lang['listuser_permission'] ); -$vtp->setGlobalVar( $sub, 'listuser_permission_hint', - $lang['listuser_permission_hint'] ); -$vtp->setGlobalVar( $sub, 'listuser_delete_hint', - $lang['listuser_delete_hint'] ); -$vtp->setGlobalVar( $sub, 'listuser_delete', $lang['listuser_delete'] ); -$vtp->setGlobalVar( $sub, 'yes', $lang['yes'] ); -$vtp->setGlobalVar( $sub, 'no', $lang['no'] ); -$vtp->setGlobalVar( $sub, 'listuser_button_all', - $lang['listuser_button_all'] ); -$vtp->setGlobalVar( $sub, 'listuser_button_invert', - $lang['listuser_button_invert'] ); -$vtp->setGlobalVar( $sub, 'listuser_button_create_address', - $lang['listuser_button_create_address'] ); +$tpl = array( 'listuser_confirm','listuser_modify_hint','listuser_modify', + 'listuser_permission','listuser_permission_hint', + 'listuser_delete_hint','listuser_delete','yes','no', + 'listuser_button_all','listuser_button_invert', + 'listuser_button_create_address' ); +templatize_array( $tpl, 'lang', $sub ); //--------------------------------------------------------------- delete a user if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) { - $query = 'select username'; - $query.= ' from '.PREFIX_TABLE.'users'; - $query.= ' where id = '.$_GET['delete']; + $query = 'SELECT username'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ' WHERE id = '.$_GET['delete']; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); // confirm user deletion ? @@ -64,9 +50,9 @@ if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) if ( $row['username'] != 'guest' and $row['username'] != $conf['webmaster'] ) { - $query = 'select count(*) as nb_result'; - $query.= ' from '.PREFIX_TABLE.'users'; - $query.= ' where id = '.$_GET['delete']; + $query = 'SELECT COUNT(*) AS nb_result'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ' WHERE id = '.$_GET['delete']; $query.= ';'; $row2 = mysql_fetch_array( mysql_query( $query ) ); if ( $row2['nb_result'] > 0 ) @@ -102,9 +88,9 @@ else } $vtp->setVar( $sub, 'users.form_action', $action ); - $query = 'select id,username,status,mail_address'; - $query.= ' from '.PREFIX_TABLE.'users'; - $query.= ' order by status asc, username asc'; + $query = 'SELECT id,username,status,mail_address'; + $query.= ' FROM '.PREFIX_TABLE.'users'; + $query.= ' ORDER BY status ASC, username ASC'; $query.= ';'; $result = mysql_query( $query ); @@ -122,16 +108,8 @@ else $title = $lang['listuser_user_group'].' '; switch ( $row['status'] ) { - case 'admin' : - { - $title.= $lang['adduser_status_admin']; - break; - } - case 'guest' : - { - $title.= $lang['adduser_status_guest']; - break; - } + case 'admin' : $title.= $lang['adduser_status_admin']; break; + case 'guest' : $title.= $lang['adduser_status_guest']; break; } $vtp->setVar( $sub, 'category.title', $title ); $current_status = $row['status']; @@ -152,9 +130,6 @@ else if ( $row['username'] == 'guest' ) { $vtp->setVar( $sub, 'user.color', 'green' ); - } - if ( $row['username'] == 'guest' ) - { $vtp->setVar( $sub, 'user.login', $lang['guest'] ); } else @@ -179,7 +154,8 @@ else $vtp->closeSession( $sub, 'modify' ); } // manage permission or not ? - if ( $row['username'] == $conf['webmaster'] ) + if ( $row['username'] == $conf['webmaster'] + and $user['username'] != $conf['webmaster'] ) { $vtp->addSession( $sub, 'not_permission' ); $vtp->closeSession( $sub, 'not_permission' ); @@ -187,7 +163,7 @@ else else { $vtp->addSession( $sub, 'permission' ); - $url = './admin.php?page=perm&user_id='.$row['id']; + $url = './admin.php?page=user_perm&user_id='.$row['id']; $vtp->setVar( $sub, 'permission.url', add_session_id( $url ) ); $vtp->setVar( $sub, 'permission.login', $row['username'] ); $vtp->closeSession( $sub, 'permission' ); @@ -215,9 +191,8 @@ else { $mail_address = array(); $i = 0; - $query = 'select'; - $query.= ' id,mail_address'; - $query.= ' from '.PREFIX_TABLE.'users'; + $query = 'SELECT id,mail_address'; + $query.= ' FROM '.PREFIX_TABLE.'users'; $query.= ';'; $result = mysql_query( $query ); while ( $row = mysql_fetch_array( $result ) ) diff --git a/admin/user_modify.php b/admin/user_modify.php index 4989c31e2..792eef16b 100644 --- a/admin/user_modify.php +++ b/admin/user_modify.php @@ -20,7 +20,8 @@ $sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_modify.vtp' ); $error = array(); $tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form', 'login', 'new', 'password', 'mail_address', 'adduser_status', - 'submit', 'adduser_info_password_updated' ); + 'submit', 'adduser_info_password_updated','menu_groups', + 'dissociate','adduser_associate' ); templatize_array( $tpl, 'lang', $sub ); //--------------------------------------------------------- form criteria check $error = array(); @@ -34,7 +35,9 @@ $query.= ' from '.PREFIX_TABLE.'users'; $query.= ' where id = '.$_GET['user_id']; $query.= ';'; $row = mysql_fetch_array( mysql_query( $query ) ); - +$page['username'] = $row['username']; +$page['status'] = $row['status']; +$page['mail_address'] = $row['mail_address']; // user is not modifiable if : // 1. the selected user is the user "guest" // 2. the selected user is the webmaster and the user making the modification @@ -66,6 +69,34 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) $_POST['status'], $use_new_password, $_POST['password'] ) ); } +// association with groups management +if ( isset( $_POST['submit'] ) ) +{ + // deletion of checked groups + $query = 'SELECT id,name'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' ORDER BY id ASC'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $dissociate = 'dissociate-'.$row['id']; + if ( $_POST[$dissociate] == 1 ) + { + $query = 'DELETE FROM '.PREFIX_TABLE.'user_group'; + $query.= ' WHERE user_id = '.$_GET['user_id']; + $query.= ' AND group_id ='.$row['id']; + $query.= ';'; + mysql_query( $query ); + } + } + // create a new association between the user and a group + $query = 'INSERT INTO '.PREFIX_TABLE.'user_group'; + $query.= ' (user_id,group_id) VALUES'; + $query.= ' ('.$_GET['user_id'].','.$_POST['associate'].')'; + $query.= ';'; + mysql_query( $query ); +} //-------------------------------------------------------------- errors display if ( sizeof( $error ) != 0 ) { @@ -82,7 +113,7 @@ if ( sizeof( $error ) != 0 ) if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) { $vtp->addSession( $sub, 'confirmation' ); - $vtp->setVar( $sub, 'confirmation.username', $row['username'] ); + $vtp->setVar( $sub, 'confirmation.username', $page['username'] ); $url = add_session_id( './admin.php?page=user_list' ); $vtp->setVar( $sub, 'confirmation.url', $url ); $vtp->closeSession( $sub, 'confirmation' ); @@ -91,7 +122,6 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) ) $vtp->addSession( $sub, 'password_updated' ); $vtp->closeSession( $sub, 'password_updated' ); } - $display_form = false; } //------------------------------------------------------------------------ form if ( $display_form ) @@ -99,13 +129,15 @@ if ( $display_form ) $vtp->addSession( $sub, 'form' ); $action = './admin.php?page=user_modify&user_id='.$_GET['user_id']; $vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) ); - $vtp->setVar( $sub, 'form.user:username', $row['username'] ); - $vtp->setVar( $sub, 'form.user:password', $_POST['password'] ); - $vtp->setVar( $sub, 'form.user:mail_address', $_POST['mail_address'] ); - - if ( !isset( $_POST['status'] ) ) + $vtp->setVar( $sub, 'form.user:username', $page['username'] ); + if ( isset( $_POST['mail_address'] ) ) + { + $page['mail_address'] = $_POST['mail_address']; + } + $vtp->setVar( $sub, 'form.user:mail_address', $page['mail_address'] ); + if ( isset( $_POST['status'] ) ) { - $_POST['status'] = 'guest'; + $page['status'] = $_POST['status']; } $option = get_enums( PREFIX_TABLE.'users', 'status' ); for ( $i = 0; $i < sizeof( $option ); $i++ ) @@ -114,12 +146,55 @@ if ( $display_form ) $vtp->setVar( $sub, 'status_option.value', $option[$i] ); $vtp->setVar( $sub, 'status_option.option', $lang['adduser_status_'.$option[$i]] ); - if( $option[$i] == $_POST['status'] ) + if( $option[$i] == $page['status'] ) { $vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' ); } $vtp->closeSession( $sub, 'status_option' ); } + // groups linked with this user + $query = 'SELECT id,name'; + $query.= ' FROM '.PREFIX_TABLE.'user_group, '.PREFIX_TABLE.'groups'; + $query.= ' WHERE group_id = id'; + $query.= ' AND user_id = '.$_GET['user_id']; + $query.= ';'; + $result = mysql_query( $query ); + $user_groups = array(); + if ( mysql_num_rows( $result ) > 0 ) + { + $vtp->addSession( $sub, 'groups' ); + while ( $row = mysql_fetch_array( $result ) ) + { + $vtp->addSession( $sub, 'group' ); + $vtp->setVar( $sub, 'group.name', $row['name'] ); + $vtp->setVar( $sub, 'group.dissociate_id', $row['id'] ); + $vtp->closeSession( $sub, 'group' ); + array_push( $user_groups, $row['id'] ); + } + $vtp->closeSession( $sub, 'groups' ); + } + // empty group not to take into account + $vtp->addSession( $sub, 'associate_group' ); + $vtp->setVar( $sub, 'associate_group.value', 'undef' ); + $vtp->setVar( $sub, 'associate_group.option', '' ); + $vtp->closeSession( $sub, 'associate_group' ); + // groups not linked yet to the user + $query = 'SELECT id,name'; + $query.= ' FROM '.PREFIX_TABLE.'groups'; + $query.= ' ORDER BY id ASC'; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + if ( !in_array( $row['id'], $user_groups ) ) + { + $vtp->addSession( $sub, 'associate_group' ); + $vtp->setVar( $sub, 'associate_group.value', $row['id'] ); + $vtp->setVar( $sub, 'associate_group.option', $row['name'] ); + $vtp->closeSession( $sub, 'associate_group' ); + } + } + $url = add_session_id( './admin.php?page=user_list' ); $vtp->setVar( $sub, 'form.url_back', $url ); $vtp->closeSession( $sub, 'form' ); diff --git a/admin/user_perm.php b/admin/user_perm.php new file mode 100644 index 000000000..081560c54 --- /dev/null +++ b/admin/user_perm.php @@ -0,0 +1,174 @@ +<?php +/*************************************************************************** + * user_perm.php * + * ------------------ * + * application : PhpWebGallery 1.3 * + * author : Pierrick LE GALL <pierrick@z0rglub.com> * + * * + ***************************************************************************/ + +/*************************************************************************** + * * + * This program is free software; you can redistribute it and/or modify * + * it under the terms of the GNU General Public License as published by * + * the Free Software Foundation; * + * * + ***************************************************************************/ +include_once( './include/isadmin.inc.php' ); +//----------------------------------------------------- template initialization +$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_perm.vtp' ); +$error = array(); +$tpl = array( 'permuser_authorized','permuser_forbidden','submit', + 'permuser_parent_forbidden','permuser_info_message', + 'adduser_info_back' ); +templatize_array( $tpl, 'lang', $sub ); +//--------------------------------------------------------------------- updates +if ( isset( $_POST['submit'] ) ) +{ + // cleaning the user_access table for this user + $query = 'DELETE FROM '.PREFIX_TABLE.'user_access'; + $query.= ' WHERE user_id = '.$_GET['user_id']; + $query.= ';'; + mysql_query( $query ); + // selecting all private categories + $query = 'SELECT id'; + $query.= ' FROM '.PREFIX_TABLE.'categories'; + $query.= " WHERE status = 'private'"; + $query.= ';'; + $result = mysql_query( $query ); + while ( $row = mysql_fetch_array( $result ) ) + { + $radioname = 'access-'.$row['id']; + if ( $_POST[$radioname] == 0 ) + { + $query = 'INSERT INTO '.PREFIX_TABLE.'user_access'; + $query.= ' (user_id,cat_id) VALUES'; + $query.= ' ('.$_GET['user_id'].','.$row['id'].')'; + $query.= ';'; + mysql_query ( $query ); + } + } + check_favorites( $_GET['user_id'] ); + $vtp->addSession( $sub, 'confirmation' ); + $url = './admin.php?page=user_list'; + $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) ); + $vtp->closeSession( $sub, 'confirmation' ); +} +//---------------------------------------------------------------- form display +$restrictions = get_restrictions( $_GET['user_id'], $page['user_status'], + false, false ); +$action = './admin.php?page=user_perm&user_id='.$_GET['user_id']; +$vtp->setVar( $sub, 'action', add_session_id( $action ) ); +// Association of group_ids with group_names -> caching informations +$query = 'SELECT id,name'; +$query.= ' FROM '.PREFIX_TABLE.'groups'; +$query.= ';'; +$result = mysql_query( $query ); +$groups = array(); +while ( $row = mysql_fetch_array( $result ) ) +{ + $groups[$row['id']] = $row['name']; +} +// Listing of groups the user belongs to +$query = 'SELECT ug.group_id as groupid'; +$query.= ' FROM '.PREFIX_TABLE.'user_group as ug'; +$query.= ' WHERE user_id = '.$_GET['user_id']; +$query.= ';'; +$result = mysql_query( $query ); +$usergroups = array(); +while ( $row = mysql_fetch_array( $result ) ) +{ + array_push( $usergroups, $row['groupid'] ); +} +// only private categories are listed +$query = 'SELECT id'; +$query.= ' FROM '.PREFIX_TABLE.'categories'; +$query.= " WHERE status = 'private'"; +$query.= ';'; +$result = mysql_query( $query ); +while ( $row = mysql_fetch_array( $result ) ) +{ + $vtp->addSession( $sub, 'category' ); + $vtp->setVar( $sub, 'category.id', $row['id'] ); + // we have to know whether the user is authorized to access this + // category. The category can be accessible for this user thanks to his + // personnal access rights OR thanks to the access rights of a group he + // belongs to. + // 1. group access : + // retrieving all authorized groups for this category and for this user + $query = 'SELECT ga.group_id as groupid'; + $query.= ' FROM '.PREFIX_TABLE.'group_access as ga'; + $query.= ', '.PREFIX_TABLE.'user_group as ug'; + $query.= ' WHERE ga.group_id = ug.group_id'; + $query.= ' AND ug.user_id = '.$_GET['user_id']; + $query.= ' AND cat_id = '.$row['id']; + $query.= ';'; + $subresult = mysql_query( $query ); + $authorized_groups = array(); + while ( $subrow = mysql_fetch_array( $subresult ) ) + { + array_push( $authorized_groups, $subrow['groupid'] ); + } + // 2. personnal access + $is_user_allowed = is_user_allowed( $row['id'], $restrictions ); + // link to the category permission management + $url = './admin.php?page=cat_perm&cat_id='.$row['id']; + $vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) ); + // color of the category : green if the user is allowed by himself or + // thanks to a group he belongs to + if ( $is_user_allowed == 0 or count( $authorized_groups ) > 0 ) + { + $vtp->setVar( $sub, 'category.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'category.color', 'red' ); + } + // category name + $cat_infos = get_cat_info( $row['id'] ); + $name = get_cat_display_name( $cat_infos['name'],' > ', + 'font-weight:bold;' ); + $vtp->setVar( $sub, 'category.name', $name ); + // usergroups + if ( count( $usergroups ) > 0 ) + { + $vtp->addSession( $sub, 'usergroups' ); + foreach ( $usergroups as $i => $usergroup ) { + $vtp->addSession( $sub, 'usergroup' ); + $vtp->setVar( $sub, 'usergroup.name', $groups[$usergroup] ); + if ( in_array( $usergroup, $authorized_groups ) ) + { + $vtp->setVar( $sub, 'usergroup.color', 'green' ); + } + else + { + $vtp->setVar( $sub, 'usergroup.color', 'red' ); + } + if ( $i < count( $usergroups ) - 1 ) + { + $vtp->setVar( $sub, 'usergroup.separation', ',' ); + } + $vtp->closeSession( $sub, 'usergroup' ); + } + $vtp->closeSession( $sub, 'usergroups' ); + } + // any subcat forbidden for this user ? + if ( $is_user_allowed == 2 ) + { + $vtp->addSession( $sub, 'parent_forbidden' ); + $vtp->closeSession( $sub, 'parent_forbidden' ); + } + // personnal forbidden or authorized access ? + if ( $is_user_allowed == 0 ) + { + $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' ); + } + else + { + $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' ); + } + $vtp->closeSession( $sub, 'category' ); +} +//----------------------------------------------------------- sending html code +$vtp->Parse( $handle , 'sub', $sub ); +?>
\ No newline at end of file |