diff options
Diffstat (limited to 'admin')
-rw-r--r-- | admin/group_list.php | 261 | ||||
-rw-r--r-- | admin/group_perm.php | 173 | ||||
-rw-r--r-- | admin/user_perm.php | 121 |
3 files changed, 270 insertions, 285 deletions
diff --git a/admin/group_list.php b/admin/group_list.php index f789a6b27..7bc08b3f4 100644 --- a/admin/group_list.php +++ b/admin/group_list.php @@ -24,171 +24,154 @@ // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ + if( !defined("PHPWG_ROOT_PATH") ) { - die ("Hacking attempt!"); + die ("Hacking attempt!"); } include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); -//-------------------------------------------------------------- delete a group -if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) ) +// +-----------------------------------------------------------------------+ +// | delete a group | +// +-----------------------------------------------------------------------+ + +if (isset($_GET['delete']) and is_numeric($_GET['delete'])) { // destruction of the access linked to the group - $query = 'DELETE FROM '.GROUP_ACCESS_TABLE; - $query.= ' WHERE group_id = '.$_POST['group_id']; - $query.= ';'; - pwg_query( $query ); - - // destruction of the users links for this group - $query = 'DELETE FROM ' . USER_GROUP_TABLE; - $query.= ' WHERE group_id = '.$_POST['group_id']; - pwg_query( $query ); - - // destruction of the group - $query = 'DELETE FROM ' . GROUPS_TABLE; - $query.= ' WHERE id = '.$_POST['group_id']; - $query.= ';'; - pwg_query( $query ); + $query = ' +DELETE + FROM '.GROUP_ACCESS_TABLE.' + WHERE group_id = '.$_GET['delete'].' +;'; + pwg_query($query); + + // destruction of the users links for this group + $query = ' +DELETE + FROM '.USER_GROUP_TABLE.' + WHERE group_id = '.$_GET['delete'].' +;'; + pwg_query($query); + + $query = ' +SELECT name + FROM '.GROUPS_TABLE.' + WHERE id = '.$_GET['delete'].' +;'; + list($groupname) = mysql_fetch_row(pwg_query($query)); + + // destruction of the group + $query = ' +DELETE + FROM '.GROUPS_TABLE.' + WHERE id = '.$_GET['delete'].' +;'; + pwg_query($query); + + array_push( + $page['infos'], + sprintf(l10n('group "%s" deleted'), $groupname) + ); } -//----------------------------------------------------------------- add a group -elseif ( isset( $_POST['new'] ) ) + +// +-----------------------------------------------------------------------+ +// | add a group | +// +-----------------------------------------------------------------------+ + +if (isset($_POST['submit_add'])) { - if ( empty($_POST['newgroup']) || preg_match( "/'/", $_POST['newgroup'] ) - or preg_match( '/"/', $_POST['newgroup'] ) ) + if (empty($_POST['groupname'])) { - array_push( $page['errors'], $lang['group_add_error1'] ); + array_push($page['errors'], $lang['group_add_error1']); } - if ( count( $page['errors'] ) == 0 ) + if (count($page['errors']) == 0) { // is the group not already existing ? - $query = 'SELECT id FROM '.GROUPS_TABLE; - $query.= " WHERE name = '".$_POST['newgroup']."'"; - $query.= ';'; - $result = pwg_query( $query ); - if ( mysql_num_rows( $result ) > 0 ) + $query = ' +SELECT COUNT(*) + FROM '.GROUPS_TABLE.' + WHERE name = \''.$_POST['groupname'].'\' +;'; + list($count) = mysql_fetch_row(pwg_query($query)); + if ($count != 0) { - array_push( $page['errors'], $lang['group_add_error2'] ); + array_push($page['errors'], $lang['group_add_error2']); } } - if ( count( $page['errors'] ) == 0 ) + if (count($page['errors']) == 0) { // creating the group - $query = ' INSERT INTO '.GROUPS_TABLE; - $query.= " (name) VALUES ('".$_POST['newgroup']."')"; - $query.= ';'; - pwg_query( $query ); - } -} -//------------------------------------------------------------- user management -elseif ( isset( $_POST['add'] ) ) -{ - $userdata = getuserdata($_POST['username']); - if (!$userdata) - { - array_push($page['errors'], $lang['user_err_unknown']); - } - else - { - // create a new association between the user and a group $query = ' -INSERT INTO '.USER_GROUP_TABLE.' - (user_id,group_id) +INSERT INTO '.GROUPS_TABLE.' + (name) VALUES - ('.$userdata['id'].','.$_POST['edit_group_id'].') + (\''.mysql_escape_string($_POST['groupname']).'\') ;'; pwg_query($query); + + array_push( + $page['infos'], + sprintf(l10n('group "%s" added'), $_POST['groupname']) + ); } } -elseif (isset( $_POST['deny_user'] )) -{ - $sql_in = ''; - $members = $_POST['members']; - for($i = 0; $i < count($members); $i++) - { - $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]); - } - $query = 'DELETE FROM ' . USER_GROUP_TABLE; - $query.= ' WHERE user_id IN ('.$sql_in; - $query.= ') AND group_id = '.$_POST['edit_group_id']; - pwg_query( $query ); -} -//----------------------------------------------------------------- groups list - -$query = 'SELECT id,name FROM '.GROUPS_TABLE; -$query.= ' ORDER BY id ASC;'; -$result = pwg_query( $query ); -$groups_display = '<select name="group_id">'; -$groups_nb=0; -while ( $row = mysql_fetch_array( $result ) ) -{ - $groups_nb++; - $selected = ''; - if (isset($_POST['group_id']) && $_POST['group_id']==$row['id']) - $selected = 'selected'; - $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>'; -} -$groups_display .= '</select>'; - -$action = PHPWG_ROOT_PATH.'admin.php?page=group_list'; -//----------------------------------------------------- template initialization -$template->set_filenames( array('groups'=>'admin/group_list.tpl') ); -$template->assign_vars(array( - 'S_GROUP_SELECT'=>$groups_display, - - 'L_GROUP_SELECT'=>$lang['group_list_title'], - 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'], - 'L_LOOK_UP'=>$lang['edit'], - 'L_GROUP_DELETE'=>$lang['delete'], - 'L_CREATE_NEW_GROUP'=>$lang['group_add'], - 'L_GROUP_EDIT'=>$lang['group_edit'], - 'L_USER_NAME'=>$lang['login'], - 'L_USER_EMAIL'=>$lang['mail_address'], - 'L_USER_SELECT'=>$lang['Select'], - 'L_DENY_SELECTED'=>$lang['group_deny_user'], - 'L_ADD_MEMBER'=>$lang['group_add_user'], - 'L_FIND_USERNAME'=>$lang['Find_username'], - - 'S_GROUP_ACTION'=>add_session_id($action), - 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') - )); - -if ($groups_nb) -{ - $template->assign_block_vars('select_box',array()); -} -//----------------------------------------------------------------- add a group -if ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] )) +// +-----------------------------------------------------------------------+ +// | template init | +// +-----------------------------------------------------------------------+ + +$template->set_filenames(array('group_list' => 'admin/group_list.tpl')); + +$template->assign_vars( + array( + 'F_ADD_ACTION' => + add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_list') + ) + ); + +// +-----------------------------------------------------------------------+ +// | group list | +// +-----------------------------------------------------------------------+ + +$query = ' +SELECT id, name + FROM '.GROUPS_TABLE.' + ORDER BY id ASC +;'; +$result = pwg_query($query); + +$admin_url = PHPWG_ROOT_PATH.'admin.php?page='; +$perm_url = $admin_url.'group_perm&group_id='; +$del_url = $admin_url.'group_list&delete='; +$members_url = $admin_url.'user_list&group='; + +$num = 0; +while ($row = mysql_fetch_array($result)) { - // Retrieving the group name - $query = 'SELECT id, name FROM '.GROUPS_TABLE; - $query.= " WHERE id = '".$_POST['group_id']."'"; - $query.= ';'; - $result = mysql_fetch_array(pwg_query( $query )); - $template->assign_block_vars('edit_group',array( - 'GROUP_NAME'=>$result['name'], - 'GROUP_ID'=>$result['id'] - )); - - // Retrieving all the users - $query = 'SELECT id, username, mail_address'; - $query.= ' FROM ('.USERS_TABLE.' as u'; - $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)'; - $query.= " WHERE ug.group_id = '".$_POST['group_id']."';"; - $result = pwg_query( $query ); - $i=0; - while ( $row = mysql_fetch_array( $result ) ) - { - $class = ($i % 2)? 'row1':'row2'; $i++; - $template->assign_block_vars('edit_group.user',array( - 'ID'=>$row['id'], - 'NAME'=>$row['username'], - 'EMAIL'=>$row['mail_address'], - 'T_CLASS'=>$class - )); - } + $query = ' +SELECT COUNT(*) + FROM '.USER_GROUP_TABLE.' + WHERE group_id = '.$row['id'].' +;'; + list($counter) = mysql_fetch_row(pwg_query($query)); + + $template->assign_block_vars( + 'group', + array( + 'CLASS' => ($num++ % 2 == 1) ? 'row2' : 'row1', + 'NAME' => $row['name'], + 'MEMBERS' => sprintf(l10n('%d members'), $counter), + 'U_MEMBERS' => $members_url.$row['id'], + 'U_DELETE' => $del_url.$row['id'], + 'U_PERM' => $perm_url.$row['id'] + ) + ); } -//----------------------------------------------------------- sending html code -$template->assign_var_from_handle('ADMIN_CONTENT', 'groups'); +// +-----------------------------------------------------------------------+ +// | sending html code | +// +-----------------------------------------------------------------------+ + +$template->assign_var_from_handle('ADMIN_CONTENT', 'group_list'); + ?> diff --git a/admin/group_perm.php b/admin/group_perm.php index ba326340f..7234a5e2f 100644 --- a/admin/group_perm.php +++ b/admin/group_perm.php @@ -24,23 +24,44 @@ // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | // | USA. | // +-----------------------------------------------------------------------+ + if( !defined("PHPWG_ROOT_PATH") ) { - die ("Hacking attempt!"); + die ("Hacking attempt!"); } - include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); -//--------------------------------------------------------------------- updates + +// +-----------------------------------------------------------------------+ +// | variables init | +// +-----------------------------------------------------------------------+ + +if (isset($_GET['group_id']) and is_numeric($_GET['group_id'])) +{ + $page['group'] = $_GET['group_id']; +} +else +{ + echo l10n('group_id URL parameter is missing'); + exit(); +} + +// +-----------------------------------------------------------------------+ +// | updates | +// +-----------------------------------------------------------------------+ + if (isset($_POST['falsify']) - and isset($_POST['cat_true']) - and count($_POST['cat_true']) > 0) + and isset($_POST['cat_true']) + and count($_POST['cat_true']) > 0) { // if you forbid access to a category, all sub-categories become // automatically forbidden $subcats = get_subcat_ids($_POST['cat_true']); - $query = 'DELETE FROM '.GROUP_ACCESS_TABLE.' - WHERE group_id = '.$_POST['group_id'].' - AND cat_id IN ('.implode(',', $subcats).');'; + $query = ' +DELETE + FROM '.GROUP_ACCESS_TABLE.' + WHERE group_id = '.$page['group'].' + AND cat_id IN ('.implode(',', $subcats).') +;'; pwg_query($query); } else if (isset($_POST['trueify']) @@ -50,10 +71,12 @@ else if (isset($_POST['trueify']) $uppercats = get_uppercat_ids($_POST['cat_false']); $private_uppercats = array(); - $query = 'SELECT id - FROM '.CATEGORIES_TABLE.' - WHERE id IN ('.implode(',', $uppercats).') - AND status = \'private\';'; + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE id IN ('.implode(',', $uppercats).') + AND status = \'private\' +;'; $result = pwg_query($query); while ($row = mysql_fetch_array($result)) { @@ -65,9 +88,11 @@ else if (isset($_POST['trueify']) // accesible $authorized_ids = array(); - $query = 'SELECT cat_id + $query = ' +SELECT cat_id FROM '.GROUP_ACCESS_TABLE.' - WHERE group_id = '.$_POST['group_id'].';'; + WHERE group_id = '.$page['group'].' +;'; $result = pwg_query($query); while ($row = mysql_fetch_array($result)) @@ -79,89 +104,73 @@ else if (isset($_POST['trueify']) $to_autorize_ids = array_diff($private_uppercats, $authorized_ids); foreach ($to_autorize_ids as $to_autorize_id) { - array_push($inserts, array('group_id' => $_POST['group_id'], - 'cat_id' => $to_autorize_id)); + array_push( + $inserts, + array( + 'group_id' => $page['group'], + 'cat_id' => $to_autorize_id + ) + ); } mass_inserts(GROUP_ACCESS_TABLE, array('group_id','cat_id'), $inserts); } -//----------------------------------------------------- template initialization -$query = 'SELECT id,name FROM '.GROUPS_TABLE; -$query.= ' ORDER BY id ASC;'; -$result = pwg_query( $query ); -$groups_display = '<select name="group_id">'; -$groups_nb=0; -while ( $row = mysql_fetch_array( $result ) ) -{ - $groups_nb++; - $selected = ''; - if (isset($_POST['group_id']) && $_POST['group_id']==$row['id']) - $selected = 'selected'; - $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>'; -} -$groups_display .= '</select>'; - -$action = PHPWG_ROOT_PATH.'admin.php?page=group_perm'; -$template->set_filenames( array('groups'=>'admin/group_perm.tpl') ); -$template->assign_vars(array( - 'S_GROUP_SELECT'=>$groups_display, - 'L_GROUP_SELECT'=>$lang['group_list_title'], - 'L_LOOK_UP'=>$lang['edit'], - 'S_GROUP_ACTION'=>add_session_id($action) - )); - -if ($groups_nb) -{ - $template->assign_block_vars('select_box',array()); -} +// +-----------------------------------------------------------------------+ +// | template init | +// +-----------------------------------------------------------------------+ -if ( isset( $_POST['edit']) || isset($_POST['falsify']) || isset($_POST['trueify'])) -{ - $template->set_filenames(array('groups_auth'=>'admin/cat_options.tpl')); - $template->assign_vars(array( - 'L_RESET'=>$lang['reset'], - 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], - 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], - 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'], - - 'HIDDEN_NAME'=> 'group_id', - 'HIDDEN_VALUE'=>$_POST['group_id'], - 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=group_perm'), - )); +$template->set_filenames(array('group_perm'=>'admin/cat_options.tpl')); + +$template->assign_vars( + array( + 'L_RESET'=>$lang['reset'], + 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], + 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], + 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'], + + 'F_ACTION' => + add_session_id( + PHPWG_ROOT_PATH. + 'admin.php?page=group_perm&group_id='. + $page['group'] + ) + ) + ); - // only private categories are listed - $query_true = ' +// only private categories are listed +$query_true = ' SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE.' INNER JOIN '.GROUP_ACCESS_TABLE.' ON cat_id = id WHERE status = \'private\' - AND group_id = '.$_POST['group_id'].' + AND group_id = '.$page['group'].' ;'; - display_select_cat_wrapper($query_true,array(),'category_option_true'); - - $result = pwg_query($query_true); - $authorized_ids = array(); - while ($row = mysql_fetch_array($result)) - { - array_push($authorized_ids, $row['id']); - } - - $query_false = ' +display_select_cat_wrapper($query_true,array(),'category_option_true'); + +$result = pwg_query($query_true); +$authorized_ids = array(); +while ($row = mysql_fetch_array($result)) +{ + array_push($authorized_ids, $row['id']); +} + +$query_false = ' SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE.' WHERE status = \'private\''; - if (count($authorized_ids) > 0) - { - $query_false.= ' - AND id NOT IN ('.implode(',', $authorized_ids).')'; - } +if (count($authorized_ids) > 0) +{ $query_false.= ' -;'; - display_select_cat_wrapper($query_false,array(),'category_option_false'); - - $template->assign_var_from_handle('ADMIN_CONTENT_2', 'groups_auth'); + AND id NOT IN ('.implode(',', $authorized_ids).')'; } -//----------------------------------------------------------- sending html code -$template->assign_var_from_handle('ADMIN_CONTENT', 'groups'); +$query_false.= ' +;'; +display_select_cat_wrapper($query_false,array(),'category_option_false'); + +// +-----------------------------------------------------------------------+ +// | html code display | +// +-----------------------------------------------------------------------+ + +$template->assign_var_from_handle('ADMIN_CONTENT', 'group_perm'); ?> diff --git a/admin/user_perm.php b/admin/user_perm.php index 2583306a1..f23071696 100644 --- a/admin/user_perm.php +++ b/admin/user_perm.php @@ -31,26 +31,34 @@ if (!defined('IN_ADMIN')) } include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); -$userdata = array(); -if (isset($_POST['submituser'])) +// +-----------------------------------------------------------------------+ +// | variables init | +// +-----------------------------------------------------------------------+ + +if (isset($_GET['user_id']) and is_numeric($_GET['user_id'])) { - $userdata = getuserdata($_POST['username']); + $page['user'] = $_GET['user_id']; } -else if (isset($_GET['user_id'])) +else { - $userdata = getuserdata(intval($_GET['user_id'])); + echo l10n('user_id URL parameter is missing'); + exit(); } -else if (isset($_POST['falsify']) - and isset($_POST['cat_true']) - and count($_POST['cat_true']) > 0) + +// +-----------------------------------------------------------------------+ +// | updates | +// +-----------------------------------------------------------------------+ + +if (isset($_POST['falsify']) + and isset($_POST['cat_true']) + and count($_POST['cat_true']) > 0) { - $userdata = getuserdata(intval($_POST['userid'])); // if you forbid access to a category, all sub-categories become // automatically forbidden $subcats = get_subcat_ids($_POST['cat_true']); $query = ' DELETE FROM '.USER_ACCESS_TABLE.' - WHERE user_id = '.$userdata['id'].' + WHERE user_id = '.$page['user'].' AND cat_id IN ('.implode(',', $subcats).') ;'; pwg_query($query); @@ -59,8 +67,6 @@ else if (isset($_POST['trueify']) and isset($_POST['cat_false']) and count($_POST['cat_false']) > 0) { - $userdata = getuserdata(intval($_POST['userid'])); - $uppercats = get_uppercat_ids($_POST['cat_false']); $private_uppercats = array(); @@ -84,7 +90,7 @@ SELECT id $query = ' SELECT cat_id FROM '.USER_ACCESS_TABLE.' - WHERE user_id = '.$userdata['id'].' + WHERE user_id = '.$page['user'].' ;'; $result = pwg_query($query); @@ -97,74 +103,61 @@ SELECT cat_id $to_autorize_ids = array_diff($private_uppercats, $authorized_ids); foreach ($to_autorize_ids as $to_autorize_id) { - array_push($inserts, array('user_id' => $userdata['id'], + array_push($inserts, array('user_id' => $page['user'], 'cat_id' => $to_autorize_id)); } mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts); } //----------------------------------------------------- template initialization -if (empty($userdata)) -{ - $template->set_filenames(array('user' => 'admin/user_perm.tpl')); - - $base_url = PHPWG_ROOT_PATH.'admin.php?page='; - - $template->assign_vars(array( - 'L_SELECT_USERNAME'=>$lang['Select_username'], - 'L_LOOKUP_USER'=>$lang['Look_up_user'], - 'L_FIND_USERNAME'=>$lang['Find_username'], - 'L_AUTH_USER'=>$lang['permuser_only_private'], - 'L_SUBMIT'=>$lang['submit'], +$template->set_filenames(array('user_perm'=>'admin/cat_options.tpl')); - 'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'), - 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') - )); -} -else -{ - $template->set_filenames(array('user'=>'admin/cat_options.tpl')); - $template->assign_vars( - array( - 'L_RESET'=>$lang['reset'], - 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], - 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], - 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'], - - 'HIDDEN_NAME'=> 'userid', - 'HIDDEN_VALUE'=>$userdata['id'], - 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'), - )); +$template->assign_vars( + array( + 'L_RESET'=>$lang['reset'], + 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], + 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], + 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'], + + 'F_ACTION' => + add_session_id( + PHPWG_ROOT_PATH. + 'admin.php?page=user_perm'. + '&user_id='.$page['user'] + ) + ) + ); - // only private categories are listed - $query_true = ' +// only private categories are listed +$query_true = ' SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id WHERE status = \'private\' - AND user_id = '.$userdata['id'].' + AND user_id = '.$page['user'].' ;'; - display_select_cat_wrapper($query_true,array(),'category_option_true'); +display_select_cat_wrapper($query_true,array(),'category_option_true'); - $result = pwg_query($query_true); - $authorized_ids = array(); - while ($row = mysql_fetch_array($result)) - { - array_push($authorized_ids, $row['id']); - } - - $query_false = ' +$result = pwg_query($query_true); +$authorized_ids = array(); +while ($row = mysql_fetch_array($result)) +{ + array_push($authorized_ids, $row['id']); +} + +$query_false = ' SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE.' WHERE status = \'private\''; - if (count($authorized_ids) > 0) - { - $query_false.= ' - AND id NOT IN ('.implode(',', $authorized_ids).')'; - } +if (count($authorized_ids) > 0) +{ $query_false.= ' -;'; - display_select_cat_wrapper($query_false,array(),'category_option_false'); + AND id NOT IN ('.implode(',', $authorized_ids).')'; } +$query_false.= ' +;'; +display_select_cat_wrapper($query_false,array(),'category_option_false'); + //----------------------------------------------------------- sending html code -$template->assign_var_from_handle('ADMIN_CONTENT', 'user'); + +$template->assign_var_from_handle('ADMIN_CONTENT', 'user_perm'); ?> |