aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--admin.php29
-rw-r--r--admin/group_list.php261
-rw-r--r--admin/group_perm.php173
-rw-r--r--admin/user_perm.php121
4 files changed, 285 insertions, 299 deletions
diff --git a/admin.php b/admin.php
index 23bb3f76f..fa031da6e 100644
--- a/admin.php
+++ b/admin.php
@@ -76,21 +76,26 @@ switch ( $_GET['page'] )
case 'group_list' :
$title = $lang['title_groups']; $page_valide = true; break;
case 'group_perm' :
- /*if ( !is_numeric( $_GET['group_id'] ) ) $_GET['group_id'] = -1;
- $query = 'SELECT name FROM '.GROUPS_TABLE;
- $query.= ' WHERE id = '.$_GET['group_id'];
- $query.= ';';
- $result = pwg_query( $query );
- if ( mysql_num_rows( $result ) > 0 )
+ if (!is_numeric($_GET['group_id']))
{
- $row = mysql_fetch_array( $result );*/
- $title = $lang['title_group_perm'];//.' "'.$row['name'].'"';
+ $_GET['group_id'] = -1;
+ }
+ $query = '
+SELECT name
+ FROM '.GROUPS_TABLE.'
+ WHERE id = '.$_GET['group_id'].'
+;';
+ $result = pwg_query($query);
+ if (mysql_num_rows($result) > 0 )
+ {
+ $row = mysql_fetch_array($result);
+ $title = $lang['title_group_perm'].' "'.$row['name'].'"';
$page_valide = true;
- /*}
+ }
else
{
$page_valide = false;
- }*/
+ }
break;
case 'stats':
$title = $lang['title_history']; $page_valide = true; break;
@@ -252,7 +257,6 @@ $template->assign_vars(array(
'L_IDENTIFY'=>$lang['identification'],
'L_USERS'=>$lang['users'],
'L_GROUPS'=>$lang['groups'],
- 'L_AUTH'=>$lang['permissions'],
'L_UPDATE'=>$lang['update'],
'L_CAT_UPLOAD'=>$lang['upload'],
'L_CAT_COMMENTS'=>$lang['comments'],
@@ -282,9 +286,6 @@ $template->assign_vars(array(
'U_THUMBNAILS'=>add_session_id($link_start.'thumbnail' ),
'U_USERS'=>add_session_id($link_start.'user_list' ),
'U_GROUPS'=>add_session_id($link_start.'group_list' ),
- 'U_USERS_AUTH'=>add_session_id($link_start.'user_perm' ),
- 'U_GROUPS_AUTH'=>add_session_id($link_start.'group_perm'),
- 'U_CAT_AUTH'=>add_session_id($link_start.'cat_perm' ),
'U_RETURN'=>add_session_id(PHPWG_ROOT_PATH.'category.php')
));
diff --git a/admin/group_list.php b/admin/group_list.php
index f789a6b27..7bc08b3f4 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -24,171 +24,154 @@
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
+
if( !defined("PHPWG_ROOT_PATH") )
{
- die ("Hacking attempt!");
+ die ("Hacking attempt!");
}
include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
-//-------------------------------------------------------------- delete a group
-if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) )
+// +-----------------------------------------------------------------------+
+// | delete a group |
+// +-----------------------------------------------------------------------+
+
+if (isset($_GET['delete']) and is_numeric($_GET['delete']))
{
// destruction of the access linked to the group
- $query = 'DELETE FROM '.GROUP_ACCESS_TABLE;
- $query.= ' WHERE group_id = '.$_POST['group_id'];
- $query.= ';';
- pwg_query( $query );
-
- // destruction of the users links for this group
- $query = 'DELETE FROM ' . USER_GROUP_TABLE;
- $query.= ' WHERE group_id = '.$_POST['group_id'];
- pwg_query( $query );
-
- // destruction of the group
- $query = 'DELETE FROM ' . GROUPS_TABLE;
- $query.= ' WHERE id = '.$_POST['group_id'];
- $query.= ';';
- pwg_query( $query );
+ $query = '
+DELETE
+ FROM '.GROUP_ACCESS_TABLE.'
+ WHERE group_id = '.$_GET['delete'].'
+;';
+ pwg_query($query);
+
+ // destruction of the users links for this group
+ $query = '
+DELETE
+ FROM '.USER_GROUP_TABLE.'
+ WHERE group_id = '.$_GET['delete'].'
+;';
+ pwg_query($query);
+
+ $query = '
+SELECT name
+ FROM '.GROUPS_TABLE.'
+ WHERE id = '.$_GET['delete'].'
+;';
+ list($groupname) = mysql_fetch_row(pwg_query($query));
+
+ // destruction of the group
+ $query = '
+DELETE
+ FROM '.GROUPS_TABLE.'
+ WHERE id = '.$_GET['delete'].'
+;';
+ pwg_query($query);
+
+ array_push(
+ $page['infos'],
+ sprintf(l10n('group "%s" deleted'), $groupname)
+ );
}
-//----------------------------------------------------------------- add a group
-elseif ( isset( $_POST['new'] ) )
+
+// +-----------------------------------------------------------------------+
+// | add a group |
+// +-----------------------------------------------------------------------+
+
+if (isset($_POST['submit_add']))
{
- if ( empty($_POST['newgroup']) || preg_match( "/'/", $_POST['newgroup'] )
- or preg_match( '/"/', $_POST['newgroup'] ) )
+ if (empty($_POST['groupname']))
{
- array_push( $page['errors'], $lang['group_add_error1'] );
+ array_push($page['errors'], $lang['group_add_error1']);
}
- if ( count( $page['errors'] ) == 0 )
+ if (count($page['errors']) == 0)
{
// is the group not already existing ?
- $query = 'SELECT id FROM '.GROUPS_TABLE;
- $query.= " WHERE name = '".$_POST['newgroup']."'";
- $query.= ';';
- $result = pwg_query( $query );
- if ( mysql_num_rows( $result ) > 0 )
+ $query = '
+SELECT COUNT(*)
+ FROM '.GROUPS_TABLE.'
+ WHERE name = \''.$_POST['groupname'].'\'
+;';
+ list($count) = mysql_fetch_row(pwg_query($query));
+ if ($count != 0)
{
- array_push( $page['errors'], $lang['group_add_error2'] );
+ array_push($page['errors'], $lang['group_add_error2']);
}
}
- if ( count( $page['errors'] ) == 0 )
+ if (count($page['errors']) == 0)
{
// creating the group
- $query = ' INSERT INTO '.GROUPS_TABLE;
- $query.= " (name) VALUES ('".$_POST['newgroup']."')";
- $query.= ';';
- pwg_query( $query );
- }
-}
-//------------------------------------------------------------- user management
-elseif ( isset( $_POST['add'] ) )
-{
- $userdata = getuserdata($_POST['username']);
- if (!$userdata)
- {
- array_push($page['errors'], $lang['user_err_unknown']);
- }
- else
- {
- // create a new association between the user and a group
$query = '
-INSERT INTO '.USER_GROUP_TABLE.'
- (user_id,group_id)
+INSERT INTO '.GROUPS_TABLE.'
+ (name)
VALUES
- ('.$userdata['id'].','.$_POST['edit_group_id'].')
+ (\''.mysql_escape_string($_POST['groupname']).'\')
;';
pwg_query($query);
+
+ array_push(
+ $page['infos'],
+ sprintf(l10n('group "%s" added'), $_POST['groupname'])
+ );
}
}
-elseif (isset( $_POST['deny_user'] ))
-{
- $sql_in = '';
- $members = $_POST['members'];
- for($i = 0; $i < count($members); $i++)
- {
- $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
- }
- $query = 'DELETE FROM ' . USER_GROUP_TABLE;
- $query.= ' WHERE user_id IN ('.$sql_in;
- $query.= ') AND group_id = '.$_POST['edit_group_id'];
- pwg_query( $query );
-}
-//----------------------------------------------------------------- groups list
-
-$query = 'SELECT id,name FROM '.GROUPS_TABLE;
-$query.= ' ORDER BY id ASC;';
-$result = pwg_query( $query );
-$groups_display = '<select name="group_id">';
-$groups_nb=0;
-while ( $row = mysql_fetch_array( $result ) )
-{
- $groups_nb++;
- $selected = '';
- if (isset($_POST['group_id']) && $_POST['group_id']==$row['id'])
- $selected = 'selected';
- $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>';
-}
-$groups_display .= '</select>';
-
-$action = PHPWG_ROOT_PATH.'admin.php?page=group_list';
-//----------------------------------------------------- template initialization
-$template->set_filenames( array('groups'=>'admin/group_list.tpl') );
-$template->assign_vars(array(
- 'S_GROUP_SELECT'=>$groups_display,
-
- 'L_GROUP_SELECT'=>$lang['group_list_title'],
- 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'],
- 'L_LOOK_UP'=>$lang['edit'],
- 'L_GROUP_DELETE'=>$lang['delete'],
- 'L_CREATE_NEW_GROUP'=>$lang['group_add'],
- 'L_GROUP_EDIT'=>$lang['group_edit'],
- 'L_USER_NAME'=>$lang['login'],
- 'L_USER_EMAIL'=>$lang['mail_address'],
- 'L_USER_SELECT'=>$lang['Select'],
- 'L_DENY_SELECTED'=>$lang['group_deny_user'],
- 'L_ADD_MEMBER'=>$lang['group_add_user'],
- 'L_FIND_USERNAME'=>$lang['Find_username'],
-
- 'S_GROUP_ACTION'=>add_session_id($action),
- 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
- ));
-
-if ($groups_nb)
-{
- $template->assign_block_vars('select_box',array());
-}
-//----------------------------------------------------------------- add a group
-if ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] ))
+// +-----------------------------------------------------------------------+
+// | template init |
+// +-----------------------------------------------------------------------+
+
+$template->set_filenames(array('group_list' => 'admin/group_list.tpl'));
+
+$template->assign_vars(
+ array(
+ 'F_ADD_ACTION' =>
+ add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_list')
+ )
+ );
+
+// +-----------------------------------------------------------------------+
+// | group list |
+// +-----------------------------------------------------------------------+
+
+$query = '
+SELECT id, name
+ FROM '.GROUPS_TABLE.'
+ ORDER BY id ASC
+;';
+$result = pwg_query($query);
+
+$admin_url = PHPWG_ROOT_PATH.'admin.php?page=';
+$perm_url = $admin_url.'group_perm&amp;group_id=';
+$del_url = $admin_url.'group_list&amp;delete=';
+$members_url = $admin_url.'user_list&amp;group=';
+
+$num = 0;
+while ($row = mysql_fetch_array($result))
{
- // Retrieving the group name
- $query = 'SELECT id, name FROM '.GROUPS_TABLE;
- $query.= " WHERE id = '".$_POST['group_id']."'";
- $query.= ';';
- $result = mysql_fetch_array(pwg_query( $query ));
- $template->assign_block_vars('edit_group',array(
- 'GROUP_NAME'=>$result['name'],
- 'GROUP_ID'=>$result['id']
- ));
-
- // Retrieving all the users
- $query = 'SELECT id, username, mail_address';
- $query.= ' FROM ('.USERS_TABLE.' as u';
- $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)';
- $query.= " WHERE ug.group_id = '".$_POST['group_id']."';";
- $result = pwg_query( $query );
- $i=0;
- while ( $row = mysql_fetch_array( $result ) )
- {
- $class = ($i % 2)? 'row1':'row2'; $i++;
- $template->assign_block_vars('edit_group.user',array(
- 'ID'=>$row['id'],
- 'NAME'=>$row['username'],
- 'EMAIL'=>$row['mail_address'],
- 'T_CLASS'=>$class
- ));
- }
+ $query = '
+SELECT COUNT(*)
+ FROM '.USER_GROUP_TABLE.'
+ WHERE group_id = '.$row['id'].'
+;';
+ list($counter) = mysql_fetch_row(pwg_query($query));
+
+ $template->assign_block_vars(
+ 'group',
+ array(
+ 'CLASS' => ($num++ % 2 == 1) ? 'row2' : 'row1',
+ 'NAME' => $row['name'],
+ 'MEMBERS' => sprintf(l10n('%d members'), $counter),
+ 'U_MEMBERS' => $members_url.$row['id'],
+ 'U_DELETE' => $del_url.$row['id'],
+ 'U_PERM' => $perm_url.$row['id']
+ )
+ );
}
-//----------------------------------------------------------- sending html code
-$template->assign_var_from_handle('ADMIN_CONTENT', 'groups');
+// +-----------------------------------------------------------------------+
+// | sending html code |
+// +-----------------------------------------------------------------------+
+
+$template->assign_var_from_handle('ADMIN_CONTENT', 'group_list');
+
?>
diff --git a/admin/group_perm.php b/admin/group_perm.php
index ba326340f..7234a5e2f 100644
--- a/admin/group_perm.php
+++ b/admin/group_perm.php
@@ -24,23 +24,44 @@
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
+
if( !defined("PHPWG_ROOT_PATH") )
{
- die ("Hacking attempt!");
+ die ("Hacking attempt!");
}
-
include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
-//--------------------------------------------------------------------- updates
+
+// +-----------------------------------------------------------------------+
+// | variables init |
+// +-----------------------------------------------------------------------+
+
+if (isset($_GET['group_id']) and is_numeric($_GET['group_id']))
+{
+ $page['group'] = $_GET['group_id'];
+}
+else
+{
+ echo l10n('group_id URL parameter is missing');
+ exit();
+}
+
+// +-----------------------------------------------------------------------+
+// | updates |
+// +-----------------------------------------------------------------------+
+
if (isset($_POST['falsify'])
- and isset($_POST['cat_true'])
- and count($_POST['cat_true']) > 0)
+ and isset($_POST['cat_true'])
+ and count($_POST['cat_true']) > 0)
{
// if you forbid access to a category, all sub-categories become
// automatically forbidden
$subcats = get_subcat_ids($_POST['cat_true']);
- $query = 'DELETE FROM '.GROUP_ACCESS_TABLE.'
- WHERE group_id = '.$_POST['group_id'].'
- AND cat_id IN ('.implode(',', $subcats).');';
+ $query = '
+DELETE
+ FROM '.GROUP_ACCESS_TABLE.'
+ WHERE group_id = '.$page['group'].'
+ AND cat_id IN ('.implode(',', $subcats).')
+;';
pwg_query($query);
}
else if (isset($_POST['trueify'])
@@ -50,10 +71,12 @@ else if (isset($_POST['trueify'])
$uppercats = get_uppercat_ids($_POST['cat_false']);
$private_uppercats = array();
- $query = 'SELECT id
- FROM '.CATEGORIES_TABLE.'
- WHERE id IN ('.implode(',', $uppercats).')
- AND status = \'private\';';
+ $query = '
+SELECT id
+ FROM '.CATEGORIES_TABLE.'
+ WHERE id IN ('.implode(',', $uppercats).')
+ AND status = \'private\'
+;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
{
@@ -65,9 +88,11 @@ else if (isset($_POST['trueify'])
// accesible
$authorized_ids = array();
- $query = 'SELECT cat_id
+ $query = '
+SELECT cat_id
FROM '.GROUP_ACCESS_TABLE.'
- WHERE group_id = '.$_POST['group_id'].';';
+ WHERE group_id = '.$page['group'].'
+;';
$result = pwg_query($query);
while ($row = mysql_fetch_array($result))
@@ -79,89 +104,73 @@ else if (isset($_POST['trueify'])
$to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
foreach ($to_autorize_ids as $to_autorize_id)
{
- array_push($inserts, array('group_id' => $_POST['group_id'],
- 'cat_id' => $to_autorize_id));
+ array_push(
+ $inserts,
+ array(
+ 'group_id' => $page['group'],
+ 'cat_id' => $to_autorize_id
+ )
+ );
}
mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts);
}
-//----------------------------------------------------- template initialization
-$query = 'SELECT id,name FROM '.GROUPS_TABLE;
-$query.= ' ORDER BY id ASC;';
-$result = pwg_query( $query );
-$groups_display = '<select name="group_id">';
-$groups_nb=0;
-while ( $row = mysql_fetch_array( $result ) )
-{
- $groups_nb++;
- $selected = '';
- if (isset($_POST['group_id']) && $_POST['group_id']==$row['id'])
- $selected = 'selected';
- $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>';
-}
-$groups_display .= '</select>';
-
-$action = PHPWG_ROOT_PATH.'admin.php?page=group_perm';
-$template->set_filenames( array('groups'=>'admin/group_perm.tpl') );
-$template->assign_vars(array(
- 'S_GROUP_SELECT'=>$groups_display,
- 'L_GROUP_SELECT'=>$lang['group_list_title'],
- 'L_LOOK_UP'=>$lang['edit'],
- 'S_GROUP_ACTION'=>add_session_id($action)
- ));
-
-if ($groups_nb)
-{
- $template->assign_block_vars('select_box',array());
-}
+// +-----------------------------------------------------------------------+
+// | template init |
+// +-----------------------------------------------------------------------+
-if ( isset( $_POST['edit']) || isset($_POST['falsify']) || isset($_POST['trueify']))
-{
- $template->set_filenames(array('groups_auth'=>'admin/cat_options.tpl'));
- $template->assign_vars(array(
- 'L_RESET'=>$lang['reset'],
- 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
- 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
- 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
-
- 'HIDDEN_NAME'=> 'group_id',
- 'HIDDEN_VALUE'=>$_POST['group_id'],
- 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_perm'),
- ));
+$template->set_filenames(array('group_perm'=>'admin/cat_options.tpl'));
+
+$template->assign_vars(
+ array(
+ 'L_RESET'=>$lang['reset'],
+ 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
+ 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
+ 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
+
+ 'F_ACTION' =>
+ add_session_id(
+ PHPWG_ROOT_PATH.
+ 'admin.php?page=group_perm&amp;group_id='.
+ $page['group']
+ )
+ )
+ );
- // only private categories are listed
- $query_true = '
+// only private categories are listed
+$query_true = '
SELECT id,name,uppercats,global_rank
FROM '.CATEGORIES_TABLE.' INNER JOIN '.GROUP_ACCESS_TABLE.' ON cat_id = id
WHERE status = \'private\'
- AND group_id = '.$_POST['group_id'].'
+ AND group_id = '.$page['group'].'
;';
- display_select_cat_wrapper($query_true,array(),'category_option_true');
-
- $result = pwg_query($query_true);
- $authorized_ids = array();
- while ($row = mysql_fetch_array($result))
- {
- array_push($authorized_ids, $row['id']);
- }
-
- $query_false = '
+display_select_cat_wrapper($query_true,array(),'category_option_true');
+
+$result = pwg_query($query_true);
+$authorized_ids = array();
+while ($row = mysql_fetch_array($result))
+{
+ array_push($authorized_ids, $row['id']);
+}
+
+$query_false = '
SELECT id,name,uppercats,global_rank
FROM '.CATEGORIES_TABLE.'
WHERE status = \'private\'';
- if (count($authorized_ids) > 0)
- {
- $query_false.= '
- AND id NOT IN ('.implode(',', $authorized_ids).')';
- }
+if (count($authorized_ids) > 0)
+{
$query_false.= '
-;';
- display_select_cat_wrapper($query_false,array(),'category_option_false');
-
- $template->assign_var_from_handle('ADMIN_CONTENT_2', 'groups_auth');
+ AND id NOT IN ('.implode(',', $authorized_ids).')';
}
-//----------------------------------------------------------- sending html code
-$template->assign_var_from_handle('ADMIN_CONTENT', 'groups');
+$query_false.= '
+;';
+display_select_cat_wrapper($query_false,array(),'category_option_false');
+
+// +-----------------------------------------------------------------------+
+// | html code display |
+// +-----------------------------------------------------------------------+
+
+$template->assign_var_from_handle('ADMIN_CONTENT', 'group_perm');
?>
diff --git a/admin/user_perm.php b/admin/user_perm.php
index 2583306a1..f23071696 100644
--- a/admin/user_perm.php
+++ b/admin/user_perm.php
@@ -31,26 +31,34 @@ if (!defined('IN_ADMIN'))
}
include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');
-$userdata = array();
-if (isset($_POST['submituser']))
+// +-----------------------------------------------------------------------+
+// | variables init |
+// +-----------------------------------------------------------------------+
+
+if (isset($_GET['user_id']) and is_numeric($_GET['user_id']))
{
- $userdata = getuserdata($_POST['username']);
+ $page['user'] = $_GET['user_id'];
}
-else if (isset($_GET['user_id']))
+else
{
- $userdata = getuserdata(intval($_GET['user_id']));
+ echo l10n('user_id URL parameter is missing');
+ exit();
}
-else if (isset($_POST['falsify'])
- and isset($_POST['cat_true'])
- and count($_POST['cat_true']) > 0)
+
+// +-----------------------------------------------------------------------+
+// | updates |
+// +-----------------------------------------------------------------------+
+
+if (isset($_POST['falsify'])
+ and isset($_POST['cat_true'])
+ and count($_POST['cat_true']) > 0)
{
- $userdata = getuserdata(intval($_POST['userid']));
// if you forbid access to a category, all sub-categories become
// automatically forbidden
$subcats = get_subcat_ids($_POST['cat_true']);
$query = '
DELETE FROM '.USER_ACCESS_TABLE.'
- WHERE user_id = '.$userdata['id'].'
+ WHERE user_id = '.$page['user'].'
AND cat_id IN ('.implode(',', $subcats).')
;';
pwg_query($query);
@@ -59,8 +67,6 @@ else if (isset($_POST['trueify'])
and isset($_POST['cat_false'])
and count($_POST['cat_false']) > 0)
{
- $userdata = getuserdata(intval($_POST['userid']));
-
$uppercats = get_uppercat_ids($_POST['cat_false']);
$private_uppercats = array();
@@ -84,7 +90,7 @@ SELECT id
$query = '
SELECT cat_id
FROM '.USER_ACCESS_TABLE.'
- WHERE user_id = '.$userdata['id'].'
+ WHERE user_id = '.$page['user'].'
;';
$result = pwg_query($query);
@@ -97,74 +103,61 @@ SELECT cat_id
$to_autorize_ids = array_diff($private_uppercats, $authorized_ids);
foreach ($to_autorize_ids as $to_autorize_id)
{
- array_push($inserts, array('user_id' => $userdata['id'],
+ array_push($inserts, array('user_id' => $page['user'],
'cat_id' => $to_autorize_id));
}
mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts);
}
//----------------------------------------------------- template initialization
-if (empty($userdata))
-{
- $template->set_filenames(array('user' => 'admin/user_perm.tpl'));
-
- $base_url = PHPWG_ROOT_PATH.'admin.php?page=';
-
- $template->assign_vars(array(
- 'L_SELECT_USERNAME'=>$lang['Select_username'],
- 'L_LOOKUP_USER'=>$lang['Look_up_user'],
- 'L_FIND_USERNAME'=>$lang['Find_username'],
- 'L_AUTH_USER'=>$lang['permuser_only_private'],
- 'L_SUBMIT'=>$lang['submit'],
+$template->set_filenames(array('user_perm'=>'admin/cat_options.tpl'));
- 'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'),
- 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
- ));
-}
-else
-{
- $template->set_filenames(array('user'=>'admin/cat_options.tpl'));
- $template->assign_vars(
- array(
- 'L_RESET'=>$lang['reset'],
- 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
- 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
- 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
-
- 'HIDDEN_NAME'=> 'userid',
- 'HIDDEN_VALUE'=>$userdata['id'],
- 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'),
- ));
+$template->assign_vars(
+ array(
+ 'L_RESET'=>$lang['reset'],
+ 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'],
+ 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'],
+ 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'],
+
+ 'F_ACTION' =>
+ add_session_id(
+ PHPWG_ROOT_PATH.
+ 'admin.php?page=user_perm'.
+ '&amp;user_id='.$page['user']
+ )
+ )
+ );
- // only private categories are listed
- $query_true = '
+// only private categories are listed
+$query_true = '
SELECT id,name,uppercats,global_rank
FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id
WHERE status = \'private\'
- AND user_id = '.$userdata['id'].'
+ AND user_id = '.$page['user'].'
;';
- display_select_cat_wrapper($query_true,array(),'category_option_true');
+display_select_cat_wrapper($query_true,array(),'category_option_true');
- $result = pwg_query($query_true);
- $authorized_ids = array();
- while ($row = mysql_fetch_array($result))
- {
- array_push($authorized_ids, $row['id']);
- }
-
- $query_false = '
+$result = pwg_query($query_true);
+$authorized_ids = array();
+while ($row = mysql_fetch_array($result))
+{
+ array_push($authorized_ids, $row['id']);
+}
+
+$query_false = '
SELECT id,name,uppercats,global_rank
FROM '.CATEGORIES_TABLE.'
WHERE status = \'private\'';
- if (count($authorized_ids) > 0)
- {
- $query_false.= '
- AND id NOT IN ('.implode(',', $authorized_ids).')';
- }
+if (count($authorized_ids) > 0)
+{
$query_false.= '
-;';
- display_select_cat_wrapper($query_false,array(),'category_option_false');
+ AND id NOT IN ('.implode(',', $authorized_ids).')';
}
+$query_false.= '
+;';
+display_select_cat_wrapper($query_false,array(),'category_option_false');
+
//----------------------------------------------------------- sending html code
-$template->assign_var_from_handle('ADMIN_CONTENT', 'user');
+
+$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm');
?>