diff options
Diffstat (limited to 'admin/user_perm.php')
-rw-r--r-- | admin/user_perm.php | 159 |
1 files changed, 98 insertions, 61 deletions
diff --git a/admin/user_perm.php b/admin/user_perm.php index f8c83d659..66c01e97a 100644 --- a/admin/user_perm.php +++ b/admin/user_perm.php @@ -25,50 +25,87 @@ // | USA. | // +-----------------------------------------------------------------------+ -if( !defined("IN_ADMIN") ) +if (!defined('IN_ADMIN')) { - die ("Hacking attempt!"); + die('Hacking attempt!'); } -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); +include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); $userdata = array(); -if ( isset( $_POST['submituser'] ) ) +if (isset($_POST['submituser'])) { $userdata = getuserdata($_POST['username']); } -elseif (isset($_POST['falsify']) || isset($_POST['trueify'])) +else if (isset($_POST['falsify']) + and isset($_POST['cat_true']) + and count($_POST['cat_true']) > 0) { $userdata = getuserdata(intval($_POST['userid'])); - // cleaning the user_access table for this user - if (isset($_POST['cat_true']) && count($_POST['cat_true']) > 0) + // if you forbid access to a category, all sub-categories become + // automatically forbidden + $subcats = get_subcat_ids($_POST['cat_true']); + $query = ' +DELETE FROM '.USER_ACCESS_TABLE.' + WHERE user_id = '.$userdata['id'].' + AND cat_id IN ('.implode(',', $subcats).') +;'; + pwg_query($query); +} +else if (isset($_POST['trueify']) + and isset($_POST['cat_false']) + and count($_POST['cat_false']) > 0) +{ + $userdata = getuserdata(intval($_POST['userid'])); + + $uppercats = get_uppercat_ids($_POST['cat_false']); + $private_uppercats = array(); + + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE id IN ('.implode(',', $uppercats).') + AND status = \'private\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) { - foreach ($_POST['cat_true'] as $auth_cat) - { - $query = 'DELETE FROM '.USER_ACCESS_TABLE; - $query.= ' WHERE user_id = '.$userdata['id']; - $query.= ' AND cat_id='.$auth_cat.';'; - pwg_query ( $query ); - } + array_push($private_uppercats, $row['id']); } + + // retrying to authorize a category which is already authorized may cause + // an error (in SQL statement), so we need to know which categories are + // accesible + $authorized_ids = array(); + + $query = ' +SELECT cat_id + FROM '.USER_ACCESS_TABLE.' + WHERE user_id = '.$userdata['id'].' +;'; + $result = pwg_query($query); - if (isset($_POST['cat_false']) && count($_POST['cat_false']) > 0) + while ($row = mysql_fetch_array($result)) { - foreach ($_POST['cat_false'] as $auth_cat) - { - $query = 'INSERT INTO '.USER_ACCESS_TABLE; - $query.= ' (user_id,cat_id) VALUES'; - $query.= ' ('.$userdata['id'].','.$auth_cat.')'; - $query.= ';'; - pwg_query ( $query ); - } + array_push($authorized_ids, $row['cat_id']); + } + + $inserts = array(); + $to_autorize_ids = array_diff($private_uppercats, $authorized_ids); + foreach ($to_autorize_ids as $to_autorize_id) + { + array_push($inserts, array('user_id' => $userdata['id'], + 'cat_id' => $to_autorize_id)); } -} + mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts); +} //----------------------------------------------------- template initialization - -if ( empty($userdata)) +if (empty($userdata)) { - $template->set_filenames( array('user'=>'admin/user_perm.tpl') ); + $template->set_filenames(array('user' => 'admin/user_perm.tpl')); + + $base_url = PHPWG_ROOT_PATH.'admin.php?page='; + $template->assign_vars(array( 'L_SELECT_USERNAME'=>$lang['Select_username'], 'L_LOOKUP_USER'=>$lang['Look_up_user'], @@ -76,54 +113,54 @@ if ( empty($userdata)) 'L_AUTH_USER'=>$lang['permuser_only_private'], 'L_SUBMIT'=>$lang['submit'], - 'F_SEARCH_USER_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'), + 'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'), 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') )); } else { - $cat_url = '<a href="'.add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_options§ion=status'); - $cat_url .= '">'.$lang['permuser_info_link'].'</a>'; - $template->set_filenames( array('user'=>'admin/cat_options.tpl') ); - $template->assign_vars(array( - 'L_RESET'=>$lang['reset'], - 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], - 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], - 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'].' '.$cat_url, - - 'HIDDEN_NAME'=> 'userid', - 'HIDDEN_VALUE'=>$userdata['id'], - 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'), - )); - + $template->set_filenames(array('user'=>'admin/cat_options.tpl')); + $template->assign_vars( + array( + 'L_RESET'=>$lang['reset'], + 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], + 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], + 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'], + + 'HIDDEN_NAME'=> 'userid', + 'HIDDEN_VALUE'=>$userdata['id'], + 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'), + )); // only private categories are listed - $query_true = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE; - $query_true.= ' LEFT JOIN '.USER_ACCESS_TABLE.' as u'; - $query_true.= ' ON u.cat_id=id'; - $query_true.= ' WHERE status = \'private\' AND u.user_id='.$userdata['id'].';'; + $query_true = ' +SELECT id,name,uppercats,global_rank + FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id + WHERE status = \'private\' + AND user_id = '.$userdata['id'].' +;'; + display_select_cat_wrapper($query_true,array(),'category_option_true'); + $result = pwg_query($query_true); - $categorie_true = array(); - while (!empty($result) && $row = mysql_fetch_array($result)) + $authorized_ids = array(); + while ($row = mysql_fetch_array($result)) { - array_push($categorie_true, $row); + array_push($authorized_ids, $row['id']); } - $query = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE; - $query.= ' WHERE status = \'private\''; - $result = pwg_query($query); - $categorie_false = array(); - while ($row = mysql_fetch_array($result)) + $query_false = ' +SELECT id,name,uppercats,global_rank + FROM '.CATEGORIES_TABLE.' + WHERE status = \'private\''; + if (count($authorized_ids) > 0) { - if (!in_array($row,$categorie_true)) - array_push($categorie_false, $row); + $query_false.= ' + AND id NOT IN ('.implode(',', $authorized_ids).')'; } - usort($categorie_true, 'global_rank_compare'); - usort($categorie_false, 'global_rank_compare'); - display_select_categories($categorie_true, array(), 'category_option_true', true); - display_select_categories($categorie_false, array(), 'category_option_false', true); + $query_false.= ' +;'; + display_select_cat_wrapper($query_false,array(),'category_option_false'); } - //----------------------------------------------------------- sending html code $template->assign_var_from_handle('ADMIN_CONTENT', 'user'); ?> |