diff options
Diffstat (limited to 'admin/group_list.php')
-rw-r--r-- | admin/group_list.php | 261 |
1 files changed, 122 insertions, 139 deletions
diff --git a/admin/group_list.php b/admin/group_list.php index f789a6b27..7bc08b3f4 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -24,171 +24,154 @@ // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ + if( !defined("PHPWG_ROOT_PATH") ) { - die ("Hacking attempt!"); + die ("Hacking attempt!"); } include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); -//-------------------------------------------------------------- delete a group -if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) ) +// +-----------------------------------------------------------------------+ +// | delete a group | +// +-----------------------------------------------------------------------+ + +if (isset($_GET['delete']) and is_numeric($_GET['delete'])) { // destruction of the access linked to the group - $query = 'DELETE FROM '.GROUP_ACCESS_TABLE; - $query.= ' WHERE group_id = '.$_POST['group_id']; - $query.= ';'; - pwg_query( $query ); - - // destruction of the users links for this group - $query = 'DELETE FROM ' . USER_GROUP_TABLE; - $query.= ' WHERE group_id = '.$_POST['group_id']; - pwg_query( $query ); - - // destruction of the group - $query = 'DELETE FROM ' . GROUPS_TABLE; - $query.= ' WHERE id = '.$_POST['group_id']; - $query.= ';'; - pwg_query( $query ); + $query = ' +DELETE + FROM '.GROUP_ACCESS_TABLE.' + WHERE group_id = '.$_GET['delete'].' +;'; + pwg_query($query); + + // destruction of the users links for this group + $query = ' +DELETE + FROM '.USER_GROUP_TABLE.' + WHERE group_id = '.$_GET['delete'].' +;'; + pwg_query($query); + + $query = ' +SELECT name + FROM '.GROUPS_TABLE.' + WHERE id = '.$_GET['delete'].' +;'; + list($groupname) = mysql_fetch_row(pwg_query($query)); + + // destruction of the group + $query = ' +DELETE + FROM '.GROUPS_TABLE.' + WHERE id = '.$_GET['delete'].' +;'; + pwg_query($query); + + array_push( + $page['infos'], + sprintf(l10n('group "%s" deleted'), $groupname) + ); } -//----------------------------------------------------------------- add a group -elseif ( isset( $_POST['new'] ) ) + +// +-----------------------------------------------------------------------+ +// | add a group | +// +-----------------------------------------------------------------------+ + +if (isset($_POST['submit_add'])) { - if ( empty($_POST['newgroup']) || preg_match( "/'/", $_POST['newgroup'] ) - or preg_match( '/"/', $_POST['newgroup'] ) ) + if (empty($_POST['groupname'])) { - array_push( $page['errors'], $lang['group_add_error1'] ); + array_push($page['errors'], $lang['group_add_error1']); } - if ( count( $page['errors'] ) == 0 ) + if (count($page['errors']) == 0) { // is the group not already existing ? - $query = 'SELECT id FROM '.GROUPS_TABLE; - $query.= " WHERE name = '".$_POST['newgroup']."'"; - $query.= ';'; - $result = pwg_query( $query ); - if ( mysql_num_rows( $result ) > 0 ) + $query = ' +SELECT COUNT(*) + FROM '.GROUPS_TABLE.' + WHERE name = \''.$_POST['groupname'].'\' +;'; + list($count) = mysql_fetch_row(pwg_query($query)); + if ($count != 0) { - array_push( $page['errors'], $lang['group_add_error2'] ); + array_push($page['errors'], $lang['group_add_error2']); } } - if ( count( $page['errors'] ) == 0 ) + if (count($page['errors']) == 0) { // creating the group - $query = ' INSERT INTO '.GROUPS_TABLE; - $query.= " (name) VALUES ('".$_POST['newgroup']."')"; - $query.= ';'; - pwg_query( $query ); - } -} -//------------------------------------------------------------- user management -elseif ( isset( $_POST['add'] ) ) -{ - $userdata = getuserdata($_POST['username']); - if (!$userdata) - { - array_push($page['errors'], $lang['user_err_unknown']); - } - else - { - // create a new association between the user and a group $query = ' -INSERT INTO '.USER_GROUP_TABLE.' - (user_id,group_id) +INSERT INTO '.GROUPS_TABLE.' + (name) VALUES - ('.$userdata['id'].','.$_POST['edit_group_id'].') + (\''.mysql_escape_string($_POST['groupname']).'\') ;'; pwg_query($query); + + array_push( + $page['infos'], + sprintf(l10n('group "%s" added'), $_POST['groupname']) + ); } } -elseif (isset( $_POST['deny_user'] )) -{ - $sql_in = ''; - $members = $_POST['members']; - for($i = 0; $i < count($members); $i++) - { - $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]); - } - $query = 'DELETE FROM ' . USER_GROUP_TABLE; - $query.= ' WHERE user_id IN ('.$sql_in; - $query.= ') AND group_id = '.$_POST['edit_group_id']; - pwg_query( $query ); -} -//----------------------------------------------------------------- groups list - -$query = 'SELECT id,name FROM '.GROUPS_TABLE; -$query.= ' ORDER BY id ASC;'; -$result = pwg_query( $query ); -$groups_display = '<select name="group_id">'; -$groups_nb=0; -while ( $row = mysql_fetch_array( $result ) ) -{ - $groups_nb++; - $selected = ''; - if (isset($_POST['group_id']) && $_POST['group_id']==$row['id']) - $selected = 'selected'; - $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>'; -} -$groups_display .= '</select>'; - -$action = PHPWG_ROOT_PATH.'admin.php?page=group_list'; -//----------------------------------------------------- template initialization -$template->set_filenames( array('groups'=>'admin/group_list.tpl') ); -$template->assign_vars(array( - 'S_GROUP_SELECT'=>$groups_display, - - 'L_GROUP_SELECT'=>$lang['group_list_title'], - 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'], - 'L_LOOK_UP'=>$lang['edit'], - 'L_GROUP_DELETE'=>$lang['delete'], - 'L_CREATE_NEW_GROUP'=>$lang['group_add'], - 'L_GROUP_EDIT'=>$lang['group_edit'], - 'L_USER_NAME'=>$lang['login'], - 'L_USER_EMAIL'=>$lang['mail_address'], - 'L_USER_SELECT'=>$lang['Select'], - 'L_DENY_SELECTED'=>$lang['group_deny_user'], - 'L_ADD_MEMBER'=>$lang['group_add_user'], - 'L_FIND_USERNAME'=>$lang['Find_username'], - - 'S_GROUP_ACTION'=>add_session_id($action), - 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') - )); - -if ($groups_nb) -{ - $template->assign_block_vars('select_box',array()); -} -//----------------------------------------------------------------- add a group -if ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] )) +// +-----------------------------------------------------------------------+ +// | template init | +// +-----------------------------------------------------------------------+ + +$template->set_filenames(array('group_list' => 'admin/group_list.tpl')); + +$template->assign_vars( + array( + 'F_ADD_ACTION' => + add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_list') + ) + ); + +// +-----------------------------------------------------------------------+ +// | group list | +// +-----------------------------------------------------------------------+ + +$query = ' +SELECT id, name + FROM '.GROUPS_TABLE.' + ORDER BY id ASC +;'; +$result = pwg_query($query); + +$admin_url = PHPWG_ROOT_PATH.'admin.php?page='; +$perm_url = $admin_url.'group_perm&group_id='; +$del_url = $admin_url.'group_list&delete='; +$members_url = $admin_url.'user_list&group='; + +$num = 0; +while ($row = mysql_fetch_array($result)) { - // Retrieving the group name - $query = 'SELECT id, name FROM '.GROUPS_TABLE; - $query.= " WHERE id = '".$_POST['group_id']."'"; - $query.= ';'; - $result = mysql_fetch_array(pwg_query( $query )); - $template->assign_block_vars('edit_group',array( - 'GROUP_NAME'=>$result['name'], - 'GROUP_ID'=>$result['id'] - )); - - // Retrieving all the users - $query = 'SELECT id, username, mail_address'; - $query.= ' FROM ('.USERS_TABLE.' as u'; - $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)'; - $query.= " WHERE ug.group_id = '".$_POST['group_id']."';"; - $result = pwg_query( $query ); - $i=0; - while ( $row = mysql_fetch_array( $result ) ) - { - $class = ($i % 2)? 'row1':'row2'; $i++; - $template->assign_block_vars('edit_group.user',array( - 'ID'=>$row['id'], - 'NAME'=>$row['username'], - 'EMAIL'=>$row['mail_address'], - 'T_CLASS'=>$class - )); - } + $query = ' +SELECT COUNT(*) + FROM '.USER_GROUP_TABLE.' + WHERE group_id = '.$row['id'].' +;'; + list($counter) = mysql_fetch_row(pwg_query($query)); + + $template->assign_block_vars( + 'group', + array( + 'CLASS' => ($num++ % 2 == 1) ? 'row2' : 'row1', + 'NAME' => $row['name'], + 'MEMBERS' => sprintf(l10n('%d members'), $counter), + 'U_MEMBERS' => $members_url.$row['id'], + 'U_DELETE' => $del_url.$row['id'], + 'U_PERM' => $perm_url.$row['id'] + ) + ); } -//----------------------------------------------------------- sending html code -$template->assign_var_from_handle('ADMIN_CONTENT', 'groups'); +// +-----------------------------------------------------------------------+ +// | sending html code | +// +-----------------------------------------------------------------------+ + +$template->assign_var_from_handle('ADMIN_CONTENT', 'group_list'); + ?> |