aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--admin/admin_upload.php93
-rw-r--r--admin/cat_modify.php34
-rw-r--r--admin/group_list.php202
3 files changed, 124 insertions, 205 deletions
diff --git a/admin/admin_upload.php b/admin/admin_upload.php
deleted file mode 100644
index 596e5c97c..000000000
--- a/admin/admin_upload.php
+++ /dev/null
@@ -1,93 +0,0 @@
-<?php
-// +-----------------------------------------------------------------------+
-// | PhpWebGallery - a PHP based picture gallery |
-// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
-// | Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net |
-// +-----------------------------------------------------------------------+
-// | branch : BSF (Best So Far)
-// | file : $RCSfile$
-// | last update : $Date$
-// | last modifier : $Author$
-// | revision : $Revision$
-// +-----------------------------------------------------------------------+
-// | This program is free software; you can redistribute it and/or modify |
-// | it under the terms of the GNU General Public License as published by |
-// | the Free Software Foundation |
-// | |
-// | This program is distributed in the hope that it will be useful, but |
-// | WITHOUT ANY WARRANTY; without even the implied warranty of |
-// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
-// | General Public License for more details. |
-// | |
-// | You should have received a copy of the GNU General Public License |
-// | along with this program; if not, write to the Free Software |
-// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
-// | USA. |
-// +-----------------------------------------------------------------------+
-
-if( !defined("PHPWG_ROOT_PATH") )
-{
- die ("Hacking attempt!");
-}
-
-include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
-$uploadable = '';
-$categories = '';
-
-if (isset($_POST['submit']) || isset($_POST['delete']))
-{
- $query = 'UPDATE '.CATEGORIES_TABLE;
- $query.= ' SET uploadable = ';
- if (isset($_POST['submit']))
- $query.="'true'";
- else
- $query.="'false'";
- $query.= ' WHERE id IN (';
- $nb=count($cat_data);
- foreach($cat_data as $i=>$id)
- {
- $query.= $id;
- if ($i+1<$nb) $query.=',';
- }
- $query.=');';
- pwg_query ($query);
-}
-
-// Cache management
-$query = 'SELECT id, name, uploadable FROM '.CATEGORIES_TABLE;
-$query.= ' WHERE dir IS NOT NULL';
-$query.= ' ORDER BY name ASC';
-$query.= ';';
-$result = pwg_query( $query );
-while ( $row = mysql_fetch_assoc( $result ) )
-{
- if ($row['uploadable'] == 'false')
- {
- $categories.='<option value="'.$row['id'].'">'.$row['name'].'</option>';
- }
- else
- {
- $uploadable.='<option value="'.$row['id'].'">'.$row['name'].'</option>';
- }
-}
-
-//----------------------------------------------------- template initialization
-$template->set_filenames( array('upload'=>'admin/admin_upload.tpl') );
-
-$template->assign_vars(array(
- 'PRIVATE_CATEGORIES'=>$categories,
- 'UPLOADABLE_CATEGORIES'=>$uploadable,
-
- 'L_UPLOAD_TITLE'=>$lang['cat_upload'],
- 'L_SUBMIT'=>$lang['submit'],
- 'L_DELETE'=>$lang['delete'],
- 'L_RESET'=>$lang['reset'],
- 'L_UPLOAD_INFO'=>$lang['cat_upload_info'],
- 'L_AUTHORIZED'=>$lang['authorized'],
- 'L_FORBIDDEN'=>$lang['forbidden']
- ));
-
-//----------------------------------------------------------- sending html code
-$template->assign_var_from_handle('ADMIN_CONTENT', 'upload');
-
-?> \ No newline at end of file
diff --git a/admin/cat_modify.php b/admin/cat_modify.php
index ca133d79c..98ea0b287 100644
--- a/admin/cat_modify.php
+++ b/admin/cat_modify.php
@@ -170,40 +170,6 @@ if ( $category['site_id'] != 1 )
$template->assign_block_vars('storage' ,array());
}
-/*
-// can the parent category be changed ? (is the category virtual ?)
-if ( $row['dir'] == '' )
-{
- $vtp->addSession( $sub, 'parent' );
- // We only show a List Of Values if the number of categories is less than
- // $conf['max_LOV_categories']
- $query = 'SELECT COUNT(id) AS nb_total_categories';
- $query.= ' FROM '.CATEGORIES_TABLE;
- $query.= ';';
- $countrow = mysql_fetch_array( pwg_query( $query ) );
- if ( $countrow['nb_total_categories'] < $conf['max_LOV_categories'] )
- {
- $vtp->addSession( $sub, 'associate_LOV' );
- $vtp->addSession( $sub, 'associate_cat' );
- $vtp->setVar( $sub, 'associate_cat.value', '-1' );
- $vtp->setVar( $sub, 'associate_cat.content', '' );
- $vtp->closeSession( $sub, 'associate_cat' );
- $page['plain_structure'] = get_plain_structure( true );
- $structure = create_structure( '', array() );
- display_categories( $structure, '&nbsp;', $row['id_uppercat'],$row['id'] );
- $vtp->closeSession( $sub, 'associate_LOV' );
- }
- // else, we only display a small text field, we suppose the administrator
- // knows the id of its category
- else
- {
- $vtp->addSession( $sub, 'associate_text' );
- $vtp->setVar( $sub, 'associate_text.value', $row['id_uppercat'] );
- $vtp->closeSession( $sub, 'associate_text' );
- }
- $vtp->closeSession( $sub, 'parent' );
-}
-*/
//----------------------------------------------------------- sending html code
$template->assign_var_from_handle('ADMIN_CONTENT', 'categories');
?>
diff --git a/admin/group_list.php b/admin/group_list.php
index 6af820eab..3fbec59de 100644
--- a/admin/group_list.php
+++ b/admin/group_list.php
@@ -24,72 +24,38 @@
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
-include_once( './admin/include/isadmin.inc.php' );
-//----------------------------------------------------- template initialization
-$sub = $vtp->Open( './template/'.$user['template'].'/admin/group_list.vtp' );
-$tpl = array( 'group_add','add','listuser_permission','delete',
- 'group_confirm','yes','no','group_list_title' );
-templatize_array( $tpl, 'lang', $sub );
-$vtp->setGlobalVar( $sub, 'user_template', $user['template'] );
+if( !defined("PHPWG_ROOT_PATH") )
+{
+ die ("Hacking attempt!");
+}
+include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
+
//-------------------------------------------------------------- delete a group
$error = array();
-if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
+if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) )
{
- $query = 'SELECT name';
- $query.= ' FROM '.PREFIX_TABLE.'groups';
- $query.= ' WHERE id = '.$_GET['delete'];
- $query.= ';';
- $row = mysql_fetch_array( pwg_query( $query ) );
- // confirm group deletion ?
- if ( !isset( $_GET['confirm'] ) or $_GET['confirm'] != 1 )
- {
- $vtp->addSession( $sub, 'deletion' );
- $vtp->setVar( $sub, 'deletion.name', $row['name'] );
- $yes_url = './admin.php?page=group_list&amp;delete='.$_GET['delete'];
- $yes_url.= '&amp;confirm=1';
- $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) );
- $no_url = './admin.php?page=group_list';
- $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) );
- $vtp->closeSession( $sub, 'deletion' );
- }
- // group deletion confirmed
- else
- {
- $vtp->addSession( $sub, 'confirmation' );
- $query = 'SELECT COUNT(*) AS nb_result';
- $query.= ' FROM '.PREFIX_TABLE.'groups';
- $query.= ' WHERE id = '.$_GET['delete'];
- $query.= ';';
- $row2 = mysql_fetch_array( pwg_query( $query ) );
- if ( $row2['nb_result'] > 0 )
- {
- delete_group( $_GET['delete'] );
- $vtp->setVar( $sub, 'confirmation.class', 'info' );
- $info = '"'.$row['name'].'" '.$lang['listuser_info_deletion'];
- $vtp->setVar( $sub, 'confirmation.info', $info );
- }
- else
- {
- $vtp->setVar( $sub, 'confirmation.class', 'erreur' );
- $vtp->setVar( $sub, 'confirmation.info', $lang['group_err_unknown'] );
- }
- $vtp->closeSession( $sub, 'confirmation' );
- }
+ $query = 'DELETE FROM ' . USER_GROUP_TABLE;
+ $query.= ' WHERE group_id = '.$_POST['group_id'];
+ pwg_query( $query );
+
+ $query = 'DELETE FROM ' . GROUPS_TABLE;
+ $query.= ' WHERE id = '.$_POST['group_id'];
+ $query.= ';';
+ pwg_query( $query );
}
//----------------------------------------------------------------- add a group
-if ( isset( $_POST['submit'] ) )
+elseif ( isset( $_POST['new'] ) )
{
- if ( preg_match( "/'/", $_POST['name'] )
- or preg_match( '/"/', $_POST['name'] ) )
+ if ( empty($_POST['newgroup']) || preg_match( "/'/", $_POST['newgroup'] )
+ or preg_match( '/"/', $_POST['newgroup'] ) )
{
array_push( $error, $lang['group_add_error1'] );
}
if ( count( $error ) == 0 )
{
// is the group not already existing ?
- $query = 'SELECT id';
- $query.= ' FROM '.PREFIX_TABLE.'groups';
- $query.= " WHERE name = '".$_POST['name']."'";
+ $query = 'SELECT id FROM '.GROUPS_TABLE;
+ $query.= " WHERE name = '".$_POST['newgroup']."'";
$query.= ';';
$result = pwg_query( $query );
if ( mysql_num_rows( $result ) > 0 )
@@ -100,47 +66,127 @@ if ( isset( $_POST['submit'] ) )
if ( count( $error ) == 0 )
{
// creating the group
- $query = ' INSERT INTO '.PREFIX_TABLE.'groups';
- $query.= " (name) VALUES ('".$_POST['name']."')";
+ $query = ' INSERT INTO '.GROUPS_TABLE;
+ $query.= " (name) VALUES ('".$_POST['newgroup']."')";
$query.= ';';
pwg_query( $query );
}
}
+//--------------------------------------------------------------- user management
+elseif ( isset( $_POST['add'] ) )
+{
+ $userdata = getuserdata($_POST['username']);
+ if (!$userdata) echo "Utilisateur inexistant";
+
+ // create a new association between the user and a group
+ $query = 'INSERT INTO '.USER_GROUP_TABLE;
+ $query.= ' (user_id,group_id) VALUES';
+ $query.= ' ('.$userdata['id'].','.$_POST['edit_group_id'].')';
+ $query.= ';';
+ pwg_query( $query );
+}
+elseif (isset( $_POST['deny_user'] ))
+{
+ $sql_in = '';
+ $members = $_POST['members'];
+ for($i = 0; $i < count($members); $i++)
+ {
+ $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
+ }
+ $query = 'DELETE FROM ' . USER_GROUP_TABLE;
+ $query.= ' WHERE user_id IN ('.$sql_in;
+ $query.= ') AND group_id = '.$_POST['edit_group_id'];
+ pwg_query( $query );
+}
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
- $vtp->addSession( $sub, 'errors' );
+ $template->assign_block_vars('errors',array());
for ( $i = 0; $i < sizeof( $error ); $i++ )
{
- $vtp->addSession( $sub, 'li' );
- $vtp->setVar( $sub, 'li.li', $error[$i] );
- $vtp->closeSession( $sub, 'li' );
+ $template->assign_block_vars('errors.error',array('ERROR'=>$error[$i]));
}
- $vtp->closeSession( $sub, 'errors' );
}
//----------------------------------------------------------------- groups list
-$vtp->addSession( $sub, 'groups' );
-$query = 'SELECT id,name';
-$query.= ' FROM '.PREFIX_TABLE.'groups';
-$query.= ' ORDER BY id ASC';
-$query.= ';';
+$query = 'SELECT id,name FROM '.GROUPS_TABLE;
+$query.= ' ORDER BY id ASC;';
$result = pwg_query( $query );
+$groups_display = '<select name="group_id">';
+$groups_nb=0;
while ( $row = mysql_fetch_array( $result ) )
{
- $vtp->addSession( $sub, 'group' );
- $vtp->setVar( $sub, 'group.name', $row['name'] );
- $url = './admin.php?page=group_perm&amp;group_id='.$row['id'];
- $vtp->setVar( $sub, 'group.permission_url', add_session_id( $url ) );
- $url = './admin.php?page=group_list&amp;delete='.$row['id'];
- $vtp->setVar( $sub, 'group.deletion_url', add_session_id( $url ) );
- $vtp->closeSession( $sub, 'group' );
+ $groups_nb++;
+ $selected = '';
+ if (isset($_POST['group_id']) && $_POST['group_id']==$row['id'])
+ $selected = 'selected';
+ $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>';
+}
+$groups_display .= '</select>';
+
+$action = PHPWG_ROOT_PATH.'admin.php?page=group_list';
+//----------------------------------------------------- template initialization
+$template->set_filenames( array('groups'=>'admin/group_list.tpl') );
+$tpl = array( 'group_add','add','listuser_permission','delete',
+ 'group_confirm','yes','no','group_list_title' );
+
+$template->assign_vars(array(
+ 'S_GROUP_SELECT'=>$groups_display,
+
+ 'L_GROUP_SELECT'=>$lang['group_list_title'],
+ 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'],
+ 'L_LOOK_UP'=>$lang['edit'],
+ 'L_GROUP_DELETE'=>$lang['delete'],
+ 'L_CREATE_NEW_GROUP'=>$lang['group_add'],
+ 'L_GROUP_EDIT'=>$lang['group_edit'],
+ 'L_USER_NAME'=>$lang['login'],
+ 'L_USER_EMAIL'=>$lang['mail_address'],
+ 'L_USER_SELECT'=>$lang['Select'],
+ 'L_DENY_SELECTED'=>$lang['group_deny_user'],
+ 'L_ADD_MEMBER'=>$lang['group_add_user'],
+ 'L_FIND_USERNAME'=>$lang['Find_username'],
+
+ 'S_GROUP_ACTION'=>add_session_id($action),
+ 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
+ ));
+
+if ($groups_nb)
+{
+ $template->assign_block_vars('select_box',array());
+}
+
+//----------------------------------------------------------------- add a group
+if ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] ))
+{
+ // Retrieving the group name
+ $query = 'SELECT id, name FROM '.GROUPS_TABLE;
+ $query.= " WHERE id = '".$_POST['group_id']."'";
+ $query.= ';';
+ $result = mysql_fetch_array(pwg_query( $query ));
+ $template->assign_block_vars('edit_group',array(
+ 'GROUP_NAME'=>$result['name'],
+ 'GROUP_ID'=>$result['id']
+ ));
+
+ // Retrieving all the users
+ $query = 'SELECT id, username, mail_address';
+ $query.= ' FROM ('.USERS_TABLE.' as u';
+ $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)';
+ $query.= " WHERE ug.group_id = '".$_POST['group_id']."';";
+ $result = pwg_query( $query );
+ $i=0;
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $class = ($i % 2)? 'row1':'row2'; $i++;
+ $template->assign_block_vars('edit_group.user',array(
+ 'ID'=>$row['id'],
+ 'NAME'=>$row['username'],
+ 'EMAIL'=>$row['mail_address'],
+ 'T_CLASS'=>$class
+ ));
+ }
}
-$vtp->closeSession( $sub, 'groups' );
-//------------------------------------------------------- create new group form
-$action = './admin.php?'.$_SERVER['QUERY_STRING'];
-$vtp->setVar( $sub, 'form_action', $action );
//----------------------------------------------------------- sending html code
-$vtp->Parse( $handle , 'sub', $sub );
+$template->assign_var_from_handle('ADMIN_CONTENT', 'groups');
?>