diff options
Diffstat (limited to 'admin')
-rw-r--r-- | admin/admin_upload.php | 93 | ||||
-rw-r--r-- | admin/cat_modify.php | 34 | ||||
-rw-r--r-- | admin/group_list.php | 202 |
3 files changed, 124 insertions, 205 deletions
diff --git a/admin/admin_upload.php b/admin/admin_upload.php deleted file mode 100644 index 596e5c97c..000000000 --- a/admin/admin_upload.php +++ /dev/null @@ -1,93 +0,0 @@ -<?php -// +-----------------------------------------------------------------------+ -// | PhpWebGallery - a PHP based picture gallery | -// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | -// | Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net | -// +-----------------------------------------------------------------------+ -// | branch : BSF (Best So Far) -// | file : $RCSfile$ -// | last update : $Date$ -// | last modifier : $Author$ -// | revision : $Revision$ -// +-----------------------------------------------------------------------+ -// | This program is free software; you can redistribute it and/or modify | -// | it under the terms of the GNU General Public License as published by | -// | the Free Software Foundation | -// | | -// | This program is distributed in the hope that it will be useful, but | -// | WITHOUT ANY WARRANTY; without even the implied warranty of | -// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | -// | General Public License for more details. | -// | | -// | You should have received a copy of the GNU General Public License | -// | along with this program; if not, write to the Free Software | -// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | -// | USA. | -// +-----------------------------------------------------------------------+ - -if( !defined("PHPWG_ROOT_PATH") ) -{ - die ("Hacking attempt!"); -} - -include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); -$uploadable = ''; -$categories = ''; - -if (isset($_POST['submit']) || isset($_POST['delete'])) -{ - $query = 'UPDATE '.CATEGORIES_TABLE; - $query.= ' SET uploadable = '; - if (isset($_POST['submit'])) - $query.="'true'"; - else - $query.="'false'"; - $query.= ' WHERE id IN ('; - $nb=count($cat_data); - foreach($cat_data as $i=>$id) - { - $query.= $id; - if ($i+1<$nb) $query.=','; - } - $query.=');'; - pwg_query ($query); -} - -// Cache management -$query = 'SELECT id, name, uploadable FROM '.CATEGORIES_TABLE; -$query.= ' WHERE dir IS NOT NULL'; -$query.= ' ORDER BY name ASC'; -$query.= ';'; -$result = pwg_query( $query ); -while ( $row = mysql_fetch_assoc( $result ) ) -{ - if ($row['uploadable'] == 'false') - { - $categories.='<option value="'.$row['id'].'">'.$row['name'].'</option>'; - } - else - { - $uploadable.='<option value="'.$row['id'].'">'.$row['name'].'</option>'; - } -} - -//----------------------------------------------------- template initialization -$template->set_filenames( array('upload'=>'admin/admin_upload.tpl') ); - -$template->assign_vars(array( - 'PRIVATE_CATEGORIES'=>$categories, - 'UPLOADABLE_CATEGORIES'=>$uploadable, - - 'L_UPLOAD_TITLE'=>$lang['cat_upload'], - 'L_SUBMIT'=>$lang['submit'], - 'L_DELETE'=>$lang['delete'], - 'L_RESET'=>$lang['reset'], - 'L_UPLOAD_INFO'=>$lang['cat_upload_info'], - 'L_AUTHORIZED'=>$lang['authorized'], - 'L_FORBIDDEN'=>$lang['forbidden'] - )); - -//----------------------------------------------------------- sending html code -$template->assign_var_from_handle('ADMIN_CONTENT', 'upload'); - -?>
\ No newline at end of file diff --git a/admin/cat_modify.php b/admin/cat_modify.php index ca133d79c..98ea0b287 100644 --- a/admin/cat_modify.php +++ b/admin/cat_modify.php @@ -170,40 +170,6 @@ if ( $category['site_id'] != 1 ) $template->assign_block_vars('storage' ,array()); } -/* -// can the parent category be changed ? (is the category virtual ?) -if ( $row['dir'] == '' ) -{ - $vtp->addSession( $sub, 'parent' ); - // We only show a List Of Values if the number of categories is less than - // $conf['max_LOV_categories'] - $query = 'SELECT COUNT(id) AS nb_total_categories'; - $query.= ' FROM '.CATEGORIES_TABLE; - $query.= ';'; - $countrow = mysql_fetch_array( pwg_query( $query ) ); - if ( $countrow['nb_total_categories'] < $conf['max_LOV_categories'] ) - { - $vtp->addSession( $sub, 'associate_LOV' ); - $vtp->addSession( $sub, 'associate_cat' ); - $vtp->setVar( $sub, 'associate_cat.value', '-1' ); - $vtp->setVar( $sub, 'associate_cat.content', '' ); - $vtp->closeSession( $sub, 'associate_cat' ); - $page['plain_structure'] = get_plain_structure( true ); - $structure = create_structure( '', array() ); - display_categories( $structure, ' ', $row['id_uppercat'],$row['id'] ); - $vtp->closeSession( $sub, 'associate_LOV' ); - } - // else, we only display a small text field, we suppose the administrator - // knows the id of its category - else - { - $vtp->addSession( $sub, 'associate_text' ); - $vtp->setVar( $sub, 'associate_text.value', $row['id_uppercat'] ); - $vtp->closeSession( $sub, 'associate_text' ); - } - $vtp->closeSession( $sub, 'parent' ); -} -*/ //----------------------------------------------------------- sending html code $template->assign_var_from_handle('ADMIN_CONTENT', 'categories'); ?> diff --git a/admin/group_list.php b/admin/group_list.php index 6af820eab..3fbec59de 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -24,72 +24,38 @@ // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ -include_once( './admin/include/isadmin.inc.php' ); -//----------------------------------------------------- template initialization -$sub = $vtp->Open( './template/'.$user['template'].'/admin/group_list.vtp' ); -$tpl = array( 'group_add','add','listuser_permission','delete', - 'group_confirm','yes','no','group_list_title' ); -templatize_array( $tpl, 'lang', $sub ); -$vtp->setGlobalVar( $sub, 'user_template', $user['template'] ); +if( !defined("PHPWG_ROOT_PATH") ) +{ + die ("Hacking attempt!"); +} +include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); + //-------------------------------------------------------------- delete a group $error = array(); -if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) ) +if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) ) { - $query = 'SELECT name'; - $query.= ' FROM '.PREFIX_TABLE.'groups'; - $query.= ' WHERE id = '.$_GET['delete']; - $query.= ';'; - $row = mysql_fetch_array( pwg_query( $query ) ); - // confirm group deletion ? - if ( !isset( $_GET['confirm'] ) or $_GET['confirm'] != 1 ) - { - $vtp->addSession( $sub, 'deletion' ); - $vtp->setVar( $sub, 'deletion.name', $row['name'] ); - $yes_url = './admin.php?page=group_list&delete='.$_GET['delete']; - $yes_url.= '&confirm=1'; - $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) ); - $no_url = './admin.php?page=group_list'; - $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) ); - $vtp->closeSession( $sub, 'deletion' ); - } - // group deletion confirmed - else - { - $vtp->addSession( $sub, 'confirmation' ); - $query = 'SELECT COUNT(*) AS nb_result'; - $query.= ' FROM '.PREFIX_TABLE.'groups'; - $query.= ' WHERE id = '.$_GET['delete']; - $query.= ';'; - $row2 = mysql_fetch_array( pwg_query( $query ) ); - if ( $row2['nb_result'] > 0 ) - { - delete_group( $_GET['delete'] ); - $vtp->setVar( $sub, 'confirmation.class', 'info' ); - $info = '"'.$row['name'].'" '.$lang['listuser_info_deletion']; - $vtp->setVar( $sub, 'confirmation.info', $info ); - } - else - { - $vtp->setVar( $sub, 'confirmation.class', 'erreur' ); - $vtp->setVar( $sub, 'confirmation.info', $lang['group_err_unknown'] ); - } - $vtp->closeSession( $sub, 'confirmation' ); - } + $query = 'DELETE FROM ' . USER_GROUP_TABLE; + $query.= ' WHERE group_id = '.$_POST['group_id']; + pwg_query( $query ); + + $query = 'DELETE FROM ' . GROUPS_TABLE; + $query.= ' WHERE id = '.$_POST['group_id']; + $query.= ';'; + pwg_query( $query ); } //----------------------------------------------------------------- add a group -if ( isset( $_POST['submit'] ) ) +elseif ( isset( $_POST['new'] ) ) { - if ( preg_match( "/'/", $_POST['name'] ) - or preg_match( '/"/', $_POST['name'] ) ) + if ( empty($_POST['newgroup']) || preg_match( "/'/", $_POST['newgroup'] ) + or preg_match( '/"/', $_POST['newgroup'] ) ) { array_push( $error, $lang['group_add_error1'] ); } if ( count( $error ) == 0 ) { // is the group not already existing ? - $query = 'SELECT id'; - $query.= ' FROM '.PREFIX_TABLE.'groups'; - $query.= " WHERE name = '".$_POST['name']."'"; + $query = 'SELECT id FROM '.GROUPS_TABLE; + $query.= " WHERE name = '".$_POST['newgroup']."'"; $query.= ';'; $result = pwg_query( $query ); if ( mysql_num_rows( $result ) > 0 ) @@ -100,47 +66,127 @@ if ( isset( $_POST['submit'] ) ) if ( count( $error ) == 0 ) { // creating the group - $query = ' INSERT INTO '.PREFIX_TABLE.'groups'; - $query.= " (name) VALUES ('".$_POST['name']."')"; + $query = ' INSERT INTO '.GROUPS_TABLE; + $query.= " (name) VALUES ('".$_POST['newgroup']."')"; $query.= ';'; pwg_query( $query ); } } +//--------------------------------------------------------------- user management +elseif ( isset( $_POST['add'] ) ) +{ + $userdata = getuserdata($_POST['username']); + if (!$userdata) echo "Utilisateur inexistant"; + + // create a new association between the user and a group + $query = 'INSERT INTO '.USER_GROUP_TABLE; + $query.= ' (user_id,group_id) VALUES'; + $query.= ' ('.$userdata['id'].','.$_POST['edit_group_id'].')'; + $query.= ';'; + pwg_query( $query ); +} +elseif (isset( $_POST['deny_user'] )) +{ + $sql_in = ''; + $members = $_POST['members']; + for($i = 0; $i < count($members); $i++) + { + $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]); + } + $query = 'DELETE FROM ' . USER_GROUP_TABLE; + $query.= ' WHERE user_id IN ('.$sql_in; + $query.= ') AND group_id = '.$_POST['edit_group_id']; + pwg_query( $query ); +} //-------------------------------------------------------------- errors display if ( sizeof( $error ) != 0 ) { - $vtp->addSession( $sub, 'errors' ); + $template->assign_block_vars('errors',array()); for ( $i = 0; $i < sizeof( $error ); $i++ ) { - $vtp->addSession( $sub, 'li' ); - $vtp->setVar( $sub, 'li.li', $error[$i] ); - $vtp->closeSession( $sub, 'li' ); + $template->assign_block_vars('errors.error',array('ERROR'=>$error[$i])); } - $vtp->closeSession( $sub, 'errors' ); } //----------------------------------------------------------------- groups list -$vtp->addSession( $sub, 'groups' ); -$query = 'SELECT id,name'; -$query.= ' FROM '.PREFIX_TABLE.'groups'; -$query.= ' ORDER BY id ASC'; -$query.= ';'; +$query = 'SELECT id,name FROM '.GROUPS_TABLE; +$query.= ' ORDER BY id ASC;'; $result = pwg_query( $query ); +$groups_display = '<select name="group_id">'; +$groups_nb=0; while ( $row = mysql_fetch_array( $result ) ) { - $vtp->addSession( $sub, 'group' ); - $vtp->setVar( $sub, 'group.name', $row['name'] ); - $url = './admin.php?page=group_perm&group_id='.$row['id']; - $vtp->setVar( $sub, 'group.permission_url', add_session_id( $url ) ); - $url = './admin.php?page=group_list&delete='.$row['id']; - $vtp->setVar( $sub, 'group.deletion_url', add_session_id( $url ) ); - $vtp->closeSession( $sub, 'group' ); + $groups_nb++; + $selected = ''; + if (isset($_POST['group_id']) && $_POST['group_id']==$row['id']) + $selected = 'selected'; + $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>'; +} +$groups_display .= '</select>'; + +$action = PHPWG_ROOT_PATH.'admin.php?page=group_list'; +//----------------------------------------------------- template initialization +$template->set_filenames( array('groups'=>'admin/group_list.tpl') ); +$tpl = array( 'group_add','add','listuser_permission','delete', + 'group_confirm','yes','no','group_list_title' ); + +$template->assign_vars(array( + 'S_GROUP_SELECT'=>$groups_display, + + 'L_GROUP_SELECT'=>$lang['group_list_title'], + 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'], + 'L_LOOK_UP'=>$lang['edit'], + 'L_GROUP_DELETE'=>$lang['delete'], + 'L_CREATE_NEW_GROUP'=>$lang['group_add'], + 'L_GROUP_EDIT'=>$lang['group_edit'], + 'L_USER_NAME'=>$lang['login'], + 'L_USER_EMAIL'=>$lang['mail_address'], + 'L_USER_SELECT'=>$lang['Select'], + 'L_DENY_SELECTED'=>$lang['group_deny_user'], + 'L_ADD_MEMBER'=>$lang['group_add_user'], + 'L_FIND_USERNAME'=>$lang['Find_username'], + + 'S_GROUP_ACTION'=>add_session_id($action), + 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') + )); + +if ($groups_nb) +{ + $template->assign_block_vars('select_box',array()); +} + +//----------------------------------------------------------------- add a group +if ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] )) +{ + // Retrieving the group name + $query = 'SELECT id, name FROM '.GROUPS_TABLE; + $query.= " WHERE id = '".$_POST['group_id']."'"; + $query.= ';'; + $result = mysql_fetch_array(pwg_query( $query )); + $template->assign_block_vars('edit_group',array( + 'GROUP_NAME'=>$result['name'], + 'GROUP_ID'=>$result['id'] + )); + + // Retrieving all the users + $query = 'SELECT id, username, mail_address'; + $query.= ' FROM ('.USERS_TABLE.' as u'; + $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)'; + $query.= " WHERE ug.group_id = '".$_POST['group_id']."';"; + $result = pwg_query( $query ); + $i=0; + while ( $row = mysql_fetch_array( $result ) ) + { + $class = ($i % 2)? 'row1':'row2'; $i++; + $template->assign_block_vars('edit_group.user',array( + 'ID'=>$row['id'], + 'NAME'=>$row['username'], + 'EMAIL'=>$row['mail_address'], + 'T_CLASS'=>$class + )); + } } -$vtp->closeSession( $sub, 'groups' ); -//------------------------------------------------------- create new group form -$action = './admin.php?'.$_SERVER['QUERY_STRING']; -$vtp->setVar( $sub, 'form_action', $action ); //----------------------------------------------------------- sending html code -$vtp->Parse( $handle , 'sub', $sub ); +$template->assign_var_from_handle('ADMIN_CONTENT', 'groups'); ?> |