aboutsummaryrefslogtreecommitdiffstats
path: root/admin/user_perm.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--admin/user_perm.php121
1 files changed, 57 insertions, 64 deletions
diff --git a/admin/user_perm.php b/admin/user_perm.php
index 2583306a1..f23071696 100644
--- a/admin/user_perm.php
+++ b/admin/user_perm.php
@@ -31,26 +31,34 @@ if (!defined('IN_ADMIN'))
}
include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
-$userdata = array();
-if (isset($_POST['submituser']))
+// +-----------------------------------------------------------------------+
+// | variables init |
+// +-----------------------------------------------------------------------+
+
+if (isset($_GET['user_id']) and is_numeric($_GET['user_id']))
{
- $userdata = getuserdata($_POST['username']);
+ $page['user'] = $_GET['user_id'];
}
-else if (isset($_GET['user_id']))
+else
{
- $userdata = getuserdata(intval($_GET['user_id']));
+ echo l10n('user_id URL parameter is missing');
+ exit();
}
-else if (isset($_POST['falsify'])
- and isset($_POST['cat_true'])
- and count($_POST['cat_true']) > 0)
+
+// +-----------------------------------------------------------------------+
+// | updates |
+// +-----------------------------------------------------------------------+
+
+if (isset($_POST['falsify'])
+ and isset($_POST['cat_true'])
+ and count($_POST['cat_true']) > 0)
{
- $userdata = getuserdata(intval($_POST['userid']));
// if you forbid access to a category, all sub-categories become
// automatically forbidden
$subcats = get_subcat_ids($_POST['cat_true']);
$query = '
DELETE FROM '.USER_ACCESS_TABLE.'
- WHERE user_id = '.$userdata['id'].'
+ WHERE user_id = '.$page['user'].'
AND cat_id IN ('.implode(',', $subcats).')
;';
pwg_query($query);
@@ -59,8 +67,6 @@ else if (isset($_POST['trueify'])
and isset($_POST['cat_false'])
and count($_POST['cat_false']) > 0)
{
- $userdata = getuserdata(intval($_POST['userid']));
-
$uppercats = get_uppercat_ids($_POST['cat_false']);
$private_uppercats = array();
@@ -84,7 +90,7 @@ SELECT id
$query = '
SELECT cat_id
FROM '.USER_ACCESS_TABLE.'
- WHERE user_id = '.$userdata['id'].'
+ WHERE user_id = '.$page['user'].'
;';
$result = pwg_query($query);
@@ -97,74 +103,61 @@ SELECT cat_id
$to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
foreach ($to_autorize_ids as $to_autorize_id)
{
- array_push($inserts, array('user_id' => $userdata['id'],
+ array_push($inserts, array('user_id' => $page['user'],
'cat_id' => $to_autorize_id));
}
mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
}
//----------------------------------------------------- template initialization
-if (empty($userdata))
-{
- $template->set_filenames(array('user' => 'admin/user_perm.tpl'));
-
- $base_url = PHPWG_ROOT_PATH.'admin.php?page=';
-
- $template->assign_vars(array(
- 'L_SELECT_USERNAME'=>$lang['Select_username'],
- 'L_LOOKUP_USER'=>$lang['Look_up_user'],
- 'L_FIND_USERNAME'=>$lang['Find_username'],
- 'L_AUTH_USER'=>$lang['permuser_only_private'],
- 'L_SUBMIT'=>$lang['submit'],
+$template->set_filenames(array('user_perm'=>'admin/cat_options.tpl'));
- 'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'),
- 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
- ));
-}
-else
-{
- $template->set_filenames(array('user'=>'admin/cat_options.tpl'));
- $template->assign_vars(
- array(
- 'L_RESET'=>$lang['reset'],
- 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
- 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
- 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
-
- 'HIDDEN_NAME'=> 'userid',
- 'HIDDEN_VALUE'=>$userdata['id'],
- 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
- ));
+$template->assign_vars(
+ array(
+ 'L_RESET'=>$lang['reset'],
+ 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
+ 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
+ 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
+
+ 'F_ACTION' =>
+ add_session_id(
+ PHPWG_ROOT_PATH.
+ 'admin.php?page=user_perm'.
+ '&user_id='.$page['user']
+ )
+ )
+ );
- // only private categories are listed
- $query_true = '
+// only private categories are listed
+$query_true = '
SELECT id,name,uppercats,global_rank
FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
WHERE status = \'private\'
- AND user_id = '.$userdata['id'].'
+ AND user_id = '.$page['user'].'
;';
- display_select_cat_wrapper($query_true,array(),'category_option_true');
+display_select_cat_wrapper($query_true,array(),'category_option_true');
- $result = pwg_query($query_true);
- $authorized_ids = array();
- while ($row = mysql_fetch_array($result))
- {
- array_push($authorized_ids, $row['id']);
- }
-
- $query_false = '
+$result = pwg_query($query_true);
+$authorized_ids = array();
+while ($row = mysql_fetch_array($result))
+{
+ array_push($authorized_ids, $row['id']);
+}
+
+$query_false = '
SELECT id,name,uppercats,global_rank
FROM '.CATEGORIES_TABLE.'
WHERE status = \'private\'';
- if (count($authorized_ids) > 0)
- {
- $query_false.= '
- AND id NOT IN ('.implode(',', $authorized_ids).')';
- }
+if (count($authorized_ids) > 0)
+{
$query_false.= '
-;';
- display_select_cat_wrapper($query_false,array(),'category_option_false');
+ AND id NOT IN ('.implode(',', $authorized_ids).')';
}
+$query_false.= '
+;';
+display_select_cat_wrapper($query_false,array(),'category_option_false');
+
//----------------------------------------------------------- sending html code
-$template->assign_var_from_handle('ADMIN_CONTENT', 'user');
+
+$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm');
?>