aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
Diffstat (limited to 'admin')
-rw-r--r--admin/admin.php110
-rw-r--r--admin/cat_list.php (renamed from admin/cat.php)122
-rw-r--r--admin/cat_modify.php (renamed from admin/edit_cat.php)71
-rw-r--r--admin/cat_perm.php210
-rw-r--r--admin/configuration.php77
-rw-r--r--admin/group_list.php135
-rw-r--r--admin/group_perm.php104
-rw-r--r--admin/include/functions.php63
-rw-r--r--admin/include/isadmin.inc.php4
-rw-r--r--admin/perm.php270
-rw-r--r--admin/user_list.php69
-rw-r--r--admin/user_modify.php97
-rw-r--r--admin/user_perm.php174
13 files changed, 1035 insertions, 471 deletions
diff --git a/admin/admin.php b/admin/admin.php
index 5730356fe..3825ca71a 100644
--- a/admin/admin.php
+++ b/admin/admin.php
@@ -25,55 +25,110 @@ $vtp->setGlobalVar( $handle, 'page_title', $lang['title_default'] );
$vtp->setGlobalVar( $handle, 'menu_title', $lang['menu_title'] );
//--------------------------------------- validating page and creation of title
$page_valide = false;
+$title = '';
switch ( $_GET['page'] )
{
case 'user_add':
- $titre = $lang['title_add']; $page_valide = true; break;
+ $title = $lang['title_add']; $page_valide = true; break;
case 'user_list':
- $titre = $lang['title_liste_users']; $page_valide = true; break;
+ $title = $lang['title_liste_users']; $page_valide = true; break;
case 'user_modify':
- $titre = $lang['title_modify']; $page_valide = true; break;
+ $title = $lang['title_modify']; $page_valide = true; break;
+ case 'user_perm':
+ if ( !is_numeric( $_GET['user_id'] ) ) $_GET['user_id'] = -1;
+ $query = 'SELECT status,username';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ' WHERE id = '.$_GET['user_id'];
+ $query.= ';';
+ $result = mysql_query( $query );
+ if ( mysql_num_rows( $result ) > 0 )
+ {
+ $row = mysql_fetch_array( $result );
+ $page['user_status'] = $row['status'];
+ if ( $row['username'] == 'guest' ) $row['username'] = $lang['guest'];
+ $page['user_username'] = $row['username'];
+ $page_valide = true;
+ $title = $lang['title_user_perm'].' "'.$page['user_username'].'"';
+ }
+ else
+ {
+ $page_valide = false;
+ }
+ break;
+ case 'group_list' :
+ $title = $lang['title_groups']; $page_valide = true; break;
+ case 'group_perm' :
+ if ( !is_numeric( $_GET['group_id'] ) ) $_GET['group_id'] = -1;
+ $query = 'SELECT name';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE id = '.$_GET['group_id'];
+ $query.= ';';
+ $result = mysql_query( $query );
+ if ( mysql_num_rows( $result ) > 0 )
+ {
+ $row = mysql_fetch_array( $result );
+ $title = $lang['title_group_perm'].' "'.$row['name'].'"';
+ $page_valide = true;
+ }
+ else
+ {
+ $page_valide = false;
+ }
+ break;
case 'historique':
- $titre = $lang['title_history']; $page_valide = true; break;
+ $title = $lang['title_history']; $page_valide = true; break;
case 'update':
- $titre = $lang['title_update']; $page_valide = true; break;
+ $title = $lang['title_update']; $page_valide = true; break;
case 'configuration':
- $titre = $lang['title_configuration']; $page_valide = true; break;
+ $title = $lang['title_configuration']; $page_valide = true; break;
case 'manuel':
- $titre = $lang['title_instructions']; $page_valide = true; break;
- case 'perm':
- $titre = $lang['title_permissions']; $page_valide = true; break;
- case 'cat':
- $titre = $lang['title_categories']; $page_valide = true; break;
- case 'edit_cat':
- $titre = $lang['title_edit_cat']; $page_valide = true; break;
+ $title = $lang['title_instructions']; $page_valide = true; break;
+ case 'cat_perm':
+ $title = $lang['title_cat_perm'];
+ if ( isset( $_GET['cat_id'] ) )
+ {
+ check_cat_id( $_GET['cat_id'] );
+ if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
+ {
+ $result = get_cat_info( $page['cat'] );
+ $name = get_cat_display_name( $result['name'],' > ', '' );
+ $title.= ' "'.$name.'"';
+ }
+ }
+ $page_valide = true;
+ break;
+ case 'cat_list':
+ $title = $lang['title_categories']; $page_valide = true; break;
+ case 'cat_modify':
+ $title = $lang['title_edit_cat']; $page_valide = true; break;
case 'infos_images':
- $titre = $lang['title_info_images']; $page_valide = true; break;
+ $title = $lang['title_info_images']; $page_valide = true; break;
case 'waiting':
- $titre = $lang['title_waiting']; $page_valide = true; break;
+ $title = $lang['title_waiting']; $page_valide = true; break;
case 'thumbnail':
- $titre = $lang['title_thumbnails'];
+ $title = $lang['title_thumbnails'];
if ( isset( $_GET['dir'] ) )
{
- $titre.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">';
+ $title.= ' '.$lang['title_thumbnails_2'].' <span style="color:#006699;">';
// $_GET['dir'] contient :
// ../galleries/vieux_lyon ou
// ../galleries/vieux_lyon/visite ou
// ../galleries/vieux_lyon/visite/truc ...
$dir = explode( "/", $_GET['dir'] );
- $titre.= $dir[2];
+ $title.= $dir[2];
for ( $i = 3; $i < sizeof( $dir ) - 1; $i++ )
{
- $titre.= ' &gt; '.$dir[$i];
+ $title.= ' &gt; '.$dir[$i];
}
- $titre.= "</span>";
+ $title.= "</span>";
}
$page_valide = true;
break;
default:
- $titre = $lang['title_default']; break;
+ $title = $lang['title_default']; break;
}
-$vtp->setGlobalVar( $handle, 'title', $titre );
+if ( $title == '' ) $title = $lang['title_default'];
+$vtp->setGlobalVar( $handle, 'title', $title );
//--------------------------------------------------------------------- summary
$link_start = './admin.php?page=';
// configuration
@@ -87,7 +142,7 @@ $vtp->closeSession( $handle, 'summary' );
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '' );
$vtp->setVar( $handle, 'summary.link',
- add_session_id( $link_start.'liste_users' ) );
+ add_session_id( $link_start.'user_list' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_users'] );
$vtp->closeSession( $handle, 'summary' );
// user list
@@ -104,10 +159,17 @@ $vtp->setVar(
$handle, 'summary.link', add_session_id( $link_start.'user_add' ) );
$vtp->setVar( $handle, 'summary.name', $lang['menu_add_user'] );
$vtp->closeSession( $handle, 'summary' );
+// groups
+$vtp->addSession( $handle, 'summary' );
+$vtp->setVar( $handle, 'summary.indent', '' );
+$vtp->setVar( $handle, 'summary.link',
+ add_session_id( $link_start.'group_list' ) );
+$vtp->setVar( $handle, 'summary.name', $lang['menu_groups'] );
+$vtp->closeSession( $handle, 'summary' );
// categories
$vtp->addSession( $handle, 'summary' );
$vtp->setVar( $handle, 'summary.indent', '' );
-$vtp->setVar( $handle, 'summary.link', add_session_id( $link_start.'cat' ) );
+$vtp->setVar( $handle, 'summary.link',add_session_id( $link_start.'cat_list'));
$vtp->setVar( $handle, 'summary.name', $lang['menu_categories'] );
$vtp->closeSession( $handle, 'summary' );
// waiting
diff --git a/admin/cat.php b/admin/cat_list.php
index 890fa866a..a0c7696b7 100644
--- a/admin/cat.php
+++ b/admin/cat_list.php
@@ -17,7 +17,7 @@
***************************************************************************/
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
-$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat.vtp' );
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_list.vtp' );
// language
$vtp->setGlobalVar( $sub, 'cat_edit', $lang['cat_edit'] );
$vtp->setGlobalVar( $sub, 'cat_up', $lang['cat_up'] );
@@ -30,41 +30,41 @@ if ( isset( $_GET['up'] ) && is_numeric( $_GET['up'] ) )
{
// 1. searching level (id_uppercat)
// and rank of the category to move
- $query = 'select id_uppercat,rank';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where id = '.$_GET['up'];
+ $query = 'SELECT id_uppercat,rank';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id = '.$_GET['up'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$level = $row['id_uppercat'];
$rank = $row['rank'];
// 2. searching the id and the rank of the category
// just above at the same level
- $query = 'select id,rank';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where rank < '.$rank;
+ $query = 'SELECT id,rank';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE rank < '.$rank;
if ( $level == '' )
{
- $query.= ' and id_uppercat is null';
+ $query.= ' AND id_uppercat IS NULL';
}
else
{
- $query.= ' and id_uppercat = '.$level;
+ $query.= ' AND id_uppercat = '.$level;
}
- $query.= ' order by rank desc';
- $query.= ' limit 0,1';
+ $query.= ' ORDER BY rank DESC';
+ $query.= ' LIMIT 0,1';
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$new_rank = $row['rank'];
$replaced_cat = $row['id'];
// 3. exchanging ranks between the two categories
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$new_rank;
- $query.= ' where id = '.$_GET['up'];
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$new_rank;
+ $query.= ' WHERE id = '.$_GET['up'];
$query.= ';';
mysql_query( $query );
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$rank;
- $query.= ' where id = '.$replaced_cat;
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$rank;
+ $query.= ' WHERE id = '.$replaced_cat;
$query.= ';';
mysql_query( $query );
}
@@ -72,41 +72,41 @@ if ( isset( $_GET['down'] ) && is_numeric( $_GET['down'] ) )
{
// 1. searching level (id_uppercat)
// and rank of the category to move
- $query = 'select id_uppercat,rank';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where id = '.$_GET['down'];
+ $query = 'SELECT id_uppercat,rank';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id = '.$_GET['down'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$level = $row['id_uppercat'];
$rank = $row['rank'];
// 2. searching the id and the rank of the category
// just below at the same level
- $query = 'select id,rank';
- $query.= ' from '.PREFIX_TABLE.'categories';
- $query.= ' where rank > '.$rank;
+ $query = 'SELECT id,rank';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE rank > '.$rank;
if ( $level == '' )
{
- $query.= ' and id_uppercat is null';
+ $query.= ' AND id_uppercat is null';
}
else
{
- $query.= ' and id_uppercat = '.$level;
+ $query.= ' AND id_uppercat = '.$level;
}
- $query.= ' order by rank asc';
- $query.= ' limit 0,1';
+ $query.= ' ORDER BY rank ASC';
+ $query.= ' LIMIT 0,1';
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$new_rank = $row['rank'];
$replaced_cat = $row['id'];
// 3. exchanging ranks between the two categories
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$new_rank;
- $query.= ' where id = '.$_GET['down'];
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$new_rank;
+ $query.= ' WHERE id = '.$_GET['down'];
$query.= ';';
mysql_query( $query );
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$rank;
- $query.= ' where id = '.$replaced_cat;
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$rank;
+ $query.= ' WHERE id = '.$replaced_cat;
$query.= ';';
mysql_query( $query );
}
@@ -115,24 +115,24 @@ function ordering( $id_uppercat )
{
$rank = 1;
- $query = 'select id';
- $query.= ' from '.PREFIX_TABLE.'categories';
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
- $query.= ' where id_uppercat is NULL';
+ $query.= ' WHERE id_uppercat IS NULL';
}
else
{
- $query.= ' where id_uppercat = '.$id_uppercat;
+ $query.= ' WHERE id_uppercat = '.$id_uppercat;
}
- $query.= ' order by rank asc, dir asc';
+ $query.= ' ORDER BY rank ASC, dir ASC';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
{
- $query = 'update '.PREFIX_TABLE.'categories';
- $query.= ' set rank = '.$rank;
- $query.= ' where id = '.$row['id'];
+ $query = 'UPDATE '.PREFIX_TABLE.'categories';
+ $query.= ' SET rank = '.$rank;
+ $query.= ' WHERE id = '.$row['id'];
$query.= ';';
mysql_query( $query );
$rank++;
@@ -148,15 +148,15 @@ function display_cat_manager( $id_uppercat, $indent,
global $lang,$conf,$sub,$vtp;
// searching the min_rank and the max_rank of the category
- $query = 'select min(rank) as min, max(rank) as max';
- $query.= ' from '.PREFIX_TABLE.'categories';
+ $query = 'SELECT MIN(rank) AS min, MAX(rank) AS max';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
- $query.= ' where id_uppercat is NULL';
+ $query.= ' WHERE id_uppercat IS NULL';
}
else
{
- $query.= ' where id_uppercat = '.$id_uppercat;
+ $query.= ' WHERE id_uppercat = '.$id_uppercat;
}
$query.= ';';
$result = mysql_query( $query );
@@ -176,17 +176,17 @@ function display_cat_manager( $id_uppercat, $indent,
$td = 'th';
}
- $query = 'select id,name,dir,nb_images,status,rank,site_id';
- $query.= ' from '.PREFIX_TABLE.'categories';
+ $query = 'SELECT id,name,dir,nb_images,status,rank,site_id,visible';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
if ( !is_numeric( $id_uppercat ) )
{
- $query.= ' where id_uppercat is NULL';
+ $query.= ' WHERE id_uppercat IS NULL';
}
else
{
- $query.= ' where id_uppercat = '.$id_uppercat;
+ $query.= ' WHERE id_uppercat = '.$id_uppercat;
}
- $query.= ' order by rank asc';
+ $query.= ' ORDER BY rank ASC';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
@@ -207,13 +207,17 @@ function display_cat_manager( $id_uppercat, $indent,
}
$vtp->setVar( $sub, 'cat.name', $name );
$vtp->setVar( $sub, 'cat.dir', $row['dir'] );
- if ( $row['status'] == 'invisible' || !$uppercat_visible )
+ if ( $row['visible'] == 'false' or !$uppercat_visible )
{
$subcat_visible = false;
$vtp->setVar( $sub, 'cat.invisible', $lang['cat_invisible'] );
}
+ if ( $row['status'] == 'private' )
+ {
+ $vtp->setVar( $sub, 'cat.private', $lang['private'] );
+ }
$vtp->setVar( $sub, 'cat.nb_picture', $row['nb_images'] );
- $url = add_session_id( './admin.php?page=edit_cat&amp;cat='.$row['id'] );
+ $url = add_session_id( './admin.php?page=cat_modify&amp;cat='.$row['id'] );
$vtp->setVar( $sub, 'cat.edit_url', $url );
if ( $row['rank'] != $min_rank )
{
@@ -252,8 +256,18 @@ function display_cat_manager( $id_uppercat, $indent,
$vtp->addSession( $sub, 'no_image_info' );
$vtp->closeSession( $sub, 'no_image_info' );
}
- $url = add_session_id( './admin.php?page=perm&amp;cat_id='.$row['id'] );
- $vtp->setVar( $sub, 'cat.permission_url', $url );
+ if ( $row['status'] == 'private' )
+ {
+ $vtp->addSession( $sub, 'permission' );
+ $url=add_session_id('./admin.php?page=cat_perm&amp;cat_id='.$row['id']);
+ $vtp->setVar( $sub, 'permission.url', $url );
+ $vtp->closeSession( $sub, 'permission' );
+ }
+ else
+ {
+ $vtp->addSession( $sub, 'no_permission' );
+ $vtp->closeSession( $sub, 'no_permission' );
+ }
if ( $row['site_id'] == 1 )
{
$vtp->addSession( $sub, 'update' );
diff --git a/admin/edit_cat.php b/admin/cat_modify.php
index bcd78b751..3e171139f 100644
--- a/admin/edit_cat.php
+++ b/admin/cat_modify.php
@@ -1,6 +1,6 @@
<?php
/***************************************************************************
- * edit_cat.php *
+ * cat_modify.php *
* ------------------- *
* application : PhpWebGallery 1.3 *
* author : Pierrick LE GALL <pierrick@z0rglub.com> *
@@ -17,14 +17,41 @@
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
-$sub = $vtp->Open( '../template/'.$user['template'].'/admin/edit_cat.vtp' );
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_modify.vtp' );
$tpl = array( 'remote_site','editcat_confirm','editcat_back','editcat_title1',
- 'editcat_name', 'editcat_comment', 'editcat_status',
- 'editcat_status_info', 'submit' );
+ 'editcat_name','editcat_comment','editcat_status',
+ 'editcat_visible','editcat_status_info', 'submit' );
templatize_array( $tpl, 'lang', $sub );
+//---------------------------------------------------------------- verification
+if ( !is_numeric( $_GET['cat'] ) )
+{
+ $_GET['cat'] = '-1';
+}
//--------------------------------------------------------- form criteria check
if ( isset( $_POST['submit'] ) )
{
+ // if new status is different from previous one, deletion of all related
+ // links for access rights
+ $query = 'SELECT status';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= ' WHERE id = '.$_GET['cat'];
+ $query.= ';';
+ $row = mysql_fetch_array( mysql_query( $query ) );
+
+ if ( $_POST['status'] != $row['status'] )
+ {
+ // deletion of all access for groups concerning this category
+ $query = 'DELETE';
+ $query.= ' FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE cat_id = '.$_GET['cat'];
+ mysql_query( $query );
+ // deletion of all access for users concerning this category
+ $query = 'DELETE';
+ $query.= ' FROM '.PREFIX_TABLE.'user_access';
+ $query.= ' WHERE cat_id = '.$_GET['cat'];
+ mysql_query( $query );
+ }
+
$query = 'UPDATE '.PREFIX_TABLE.'categories';
if ( $_POST['name'] == '' )
{
@@ -43,6 +70,7 @@ if ( isset( $_POST['submit'] ) )
$query.= ", comment = '".htmlentities( $_POST['comment'], ENT_QUOTES )."'";
}
$query.= ", status = '".$_POST['status']."'";
+ $query.= ", visible = '".$_POST['visible']."'";
$query.= " WHERE id = '".$_GET['cat']."'";
$query.= ';';
mysql_query( $query );
@@ -57,26 +85,28 @@ if ( isset( $_POST['submit'] ) )
check_favorites( $row['id'] );
}
$vtp->addSession( $sub, 'confirmation' );
- $url = add_session_id( './admin.php?page=cat' );
+ $url = add_session_id( './admin.php?page=cat_list' );
$vtp->setVar( $sub, 'confirmation.back_url', $url );
$vtp->closeSession( $sub, 'confirmation' );
}
//------------------------------------------------------------------------ form
-$form_action = './admin.php?page=edit_cat&amp;cat='.$_GET['cat'];
+$form_action = './admin.php?page=cat_modify&amp;cat='.$_GET['cat'];
$vtp->setVar( $sub, 'form_action', add_session_id( $form_action ) );
$query = 'SELECT a.id,name,dir,status,comment';
-$query.= ',id_uppercat,site_id,galleries_url';
+$query.= ',id_uppercat,site_id,galleries_url,visible';
$query.= ' FROM '.PREFIX_TABLE.'categories as a, '.PREFIX_TABLE.'sites as b';
$query.= ' WHERE a.id = '.$_GET['cat'];
$query.= ' AND a.site_id = b.id';
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
$result = get_cat_info( $row['id'] );
-
+// cat name
$cat_name = get_cat_display_name( $result['name'], ' - ', '' );
$vtp->setVar( $sub, 'cat:name', $cat_name );
+// cat dir
$vtp->setVar( $sub, 'cat:dir', $row['dir'] );
+// remote site ?
if ( $row['site_id'] != 1 )
{
$vtp->addSession( $sub, 'server' );
@@ -85,16 +115,39 @@ if ( $row['site_id'] != 1 )
}
$vtp->setVar( $sub, 'name', $row['name'] );
$vtp->setVar( $sub, 'comment', $row['comment'] );
+// status : public, private...
$options = get_enums( PREFIX_TABLE.'categories', 'status' );
foreach ( $options as $option ) {
$vtp->addSession( $sub, 'status_option' );
- $vtp->setVar( $sub, 'status_option.option', $option );
+ $vtp->setVar( $sub, 'status_option.option', $lang[$option] );
+ $vtp->setVar( $sub, 'status_option.value', $option );
if ( $option == $row['status'] )
{
$vtp->setVar( $sub, 'status_option.checked', ' checked="checked"' );
}
$vtp->closeSession( $sub, 'status_option' );
}
+// visible : true or false
+$vtp->addSession( $sub, 'visible_option' );
+$vtp->setVar( $sub, 'visible_option.value', 'true' );
+$vtp->setVar( $sub, 'visible_option.option', $lang['yes'] );
+$checked = '';
+if ( $row['visible'] == 'true' )
+{
+ $checked = ' checked="checked"';
+}
+$vtp->setVar( $sub, 'visible_option.checked', $checked );
+$vtp->closeSession( $sub, 'visible_option' );
+$vtp->addSession( $sub, 'visible_option' );
+$vtp->setVar( $sub, 'visible_option.value', 'false' );
+$vtp->setVar( $sub, 'visible_option.option', $lang['no'] );
+$checked = '';
+if ( $row['visible'] == 'false' )
+{
+ $checked = ' checked="checked"';
+}
+$vtp->setVar( $sub, 'visible_option.checked', $checked );
+$vtp->closeSession( $sub, 'visible_option' );
//----------------------------------------------------------- sending html code
$vtp->Parse( $handle , 'sub', $sub );
?> \ No newline at end of file
diff --git a/admin/cat_perm.php b/admin/cat_perm.php
new file mode 100644
index 000000000..d8e0f28dc
--- /dev/null
+++ b/admin/cat_perm.php
@@ -0,0 +1,210 @@
+<?php
+/***************************************************************************
+ * cat_perm.php *
+ * ------------------ *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************/
+
+/***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+include_once( './include/isadmin.inc.php' );
+//----------------------------------------------------- template initialization
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/cat_perm.vtp' );
+$error = array();
+$tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups',
+ 'submit','menu_users','permuser_parent_forbidden' );
+templatize_array( $tpl, 'lang', $sub );
+//-------------------------------------------------------------- category infos
+if ( isset( $_GET['cat_id'] ) )
+{
+ check_cat_id( $_GET['cat_id'] );
+ if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
+ {
+ $result = get_cat_info( $page['cat'] );
+ $page['cat_name'] = $result['name'];
+ $page['id_uppercat'] = $result['id_uppercat'];
+ }
+}
+//---------------------------------------------------------- permission updates
+if ( isset( $_POST['submit'] ) )
+{
+ // groups access update
+ $query = 'DELETE';
+ $query.= ' FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE cat_id = '.$page['cat'];
+ $query.= ';';
+ mysql_query( $query );
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $radioname = 'groupaccess-'.$row['id'];
+ if ( $_POST[$radioname] == 0 )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
+ $query.= ' (cat_id,group_id) VALUES';
+ $query.= ' ('.$page['cat'].','.$row['id'].')';
+ $query.= ';';
+ mysql_query( $query );
+ }
+ }
+ // users access update
+ $query = 'DELETE';
+ $query.= ' FROM '.PREFIX_TABLE.'user_access';
+ $query.= ' WHERE cat_id = '.$page['cat'];
+ $query.= ';';
+ mysql_query( $query );
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $radioname = 'useraccess-'.$row['id'];
+ if ( $_POST[$radioname] == 0 )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
+ $query.= ' (cat_id,user_id) VALUES';
+ $query.= ' ('.$page['cat'].','.$row['id'].')';
+ $query.= ';';
+ mysql_query( $query );
+ }
+ check_favorites( $row['id'] );
+ }
+ // echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>";
+}
+//---------------------------------------------------------------------- groups
+$query = 'SELECT id,name';
+$query.= ' FROM '.PREFIX_TABLE.'groups';
+$query. ';';
+$result = mysql_query( $query );
+if ( mysql_num_rows( $result ) > 0 )
+{
+ $vtp->addSession( $sub, 'groups' );
+ // creating an array with all authorized groups for this category
+ $query = 'SELECT group_id';
+ $query.= ' FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE cat_id = '.$_GET['cat_id'];
+ $query.= ';';
+ $subresult = mysql_query( $query );
+ $authorized_groups = array();
+ while ( $subrow = mysql_fetch_array( $subresult ) )
+ {
+ array_push( $authorized_groups, $subrow['group_id'] );
+ }
+ // displaying each group
+ while( $row = mysql_fetch_array( $result ) )
+ {
+ $vtp->addSession( $sub, 'group' );
+ if ( in_array( $row['id'], $authorized_groups ) )
+ {
+ $vtp->setVar( $sub, 'group.color', 'green' );
+ $vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'group.color', 'red' );
+ $vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' );
+ }
+ $vtp->setVar( $sub, 'group.groupname', $row['name'] );
+ $vtp->setVar( $sub, 'group.id', $row['id'] );
+ $vtp->closeSession( $sub, 'group' );
+ }
+ $vtp->closeSession( $sub, 'groups' );
+}
+//----------------------------------------------------------------------- users
+$query = 'SELECT id,username,status';
+$query.= ' FROM '.PREFIX_TABLE.'users';
+$query.= " WHERE username != '".$conf['webmaster']."'";
+$query.= ';';
+$result = mysql_query( $query );
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $vtp->addSession( $sub, 'user' );
+ $vtp->setVar( $sub, 'user.id', $row['id'] );
+ $url = add_session_id( './admin.php?page=user_perm&amp;user_id='.$row['id']);
+ $vtp->setVar( $sub, 'user.user_perm_link', $url);
+ if ( $row['username'] == 'guest' )
+ {
+ $row['username'] = $lang['guest'];
+ }
+ $vtp->setVar( $sub, 'user.username', $row['username'] );
+
+ // for color of user : (red means access forbidden, green authorized) we
+ // ask all forbidden categories, including the groups rights
+ $restrictions = get_restrictions( $row['id'], $row['status'], false );
+ $is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
+ if ( $is_user_allowed == 0 )
+ {
+ $vtp->setVar( $sub, 'user.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'user.color', 'red' );
+ }
+ // for permission update button, we only ask forbidden categories for the
+ // user, not taking into account the groups the user belongs to
+ $restrictions = get_restrictions( $row['id'], $row['status'], false, false );
+ $is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
+ if ( $is_user_allowed == 2 )
+ {
+ $vtp->addSession( $sub, 'parent_forbidden' );
+ $url = './admin.php?page=cat_perm&amp;cat_id='.$page['id_uppercat'];
+ $vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) );
+ $vtp->closeSession( $sub, 'parent_forbidden' );
+ }
+ if ( $is_user_allowed == 0 )
+ {
+ $vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' );
+ }
+ // user's group(s)
+ $query = 'SELECT g.name as groupname, g.id as groupid';
+ $query.= ' FROM '.PREFIX_TABLE.'groups as g';
+ $query.= ', '.PREFIX_TABLE.'user_group as ug';
+ $query.= ' WHERE ug.group_id = g.id';
+ $query.= ' AND ug.user_id = '.$row['id'];
+ $query.= ';';
+ $subresult = mysql_query( $query );
+ if ( mysql_num_rows( $subresult ) > 0 )
+ {
+ $vtp->addSession( $sub, 'usergroups' );
+ $i = 0;
+ while( $subrow = mysql_fetch_array( $subresult ) )
+ {
+ $vtp->addSession( $sub, 'usergroup' );
+ if ( in_array( $subrow['groupid'], $authorized_groups ) )
+ {
+ $vtp->setVar( $sub, 'usergroup.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'usergroup.color', 'red' );
+ }
+ $vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] );
+ if ( $i < mysql_num_rows( $subresult ) - 1 )
+ {
+ $vtp->setVar( $sub, 'usergroup.separation', ',' );
+ }
+ $vtp->closeSession( $sub, 'usergroup' );
+ $i++;
+ }
+ $vtp->closeSession( $sub, 'usergroups' );
+ }
+ $vtp->closeSession( $sub, 'user' );
+}
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
+?> \ No newline at end of file
diff --git a/admin/configuration.php b/admin/configuration.php
index bb8978c65..34e148c4d 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -15,7 +15,7 @@
* the Free Software Foundation; *
* *
***************************************************************************/
-
+
include_once( './include/isadmin.inc.php' );
$Caracs = array("¥" => "Y", "µ" => "u", "À" => "A", "Á" => "A",
@@ -48,7 +48,8 @@ array( 'nb_image_line','nb_line_page','theme','language','maxwidth',
$error = array();
if ( isset( $_POST['submit'] ) )
{
- //purge de la table des session si demandé
+ $int_pattern = '/^\d+$/';
+ // empty session table if asked
if ( $_POST['empty_session_table'] == 1 )
{
$query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
@@ -79,8 +80,8 @@ if ( isset( $_POST['submit'] ) )
array_push( $error, $lang['conf_err_mail'] );
}
// periods must be integer values, they represents number of days
- if ( !is_int( $_POST['short_period'] )
- or !is_int( $_POST['long_period'] ) )
+ if ( !preg_match( $int_pattern, $_POST['short_period'] )
+ or !preg_match( $int_pattern, $_POST['long_period'] ) )
{
array_push( $error, $lang['err_periods'] );
}
@@ -94,21 +95,21 @@ if ( isset( $_POST['submit'] ) )
}
}
// session_id size must be an integer between 4 and 50
- if ( !is_int( $_POST['session_id_size'] )
+ if ( !preg_match( $int_pattern, $_POST['session_id_size'] )
or $_POST['session_id_size'] < 4
or $_POST['session_id_size'] > 50 )
{
array_push( $error, $lang['conf_err_sid_size'] );
}
// session_time must be an integer between 5 and 60, in minutes
- if ( !is_int( $_POST['session_time'] )
+ if ( !preg_match( $int_pattern, $_POST['session_time'] )
or $_POST['session_time'] < 5
or $_POST['session_time'] > 60 )
{
array_push( $error, $lang['conf_err_sid_time'] );
}
// max_user_listbox must be an integer between 0 and 255 included
- if ( !is_int( $_POST['max_user_listbox'] )
+ if ( !preg_match( $int_pattern, $_POST['max_user_listbox'] )
or $_POST['max_user_listbox'] < 0
or $_POST['max_user_listbox'] > 255 )
{
@@ -116,14 +117,14 @@ if ( isset( $_POST['submit'] ) )
}
// the number of comments per page must be an integer between 5 and 50
// included
- if ( !is_int( $_POST['nb_comment_page'] )
+ if ( !preg_match( $int_pattern, $_POST['nb_comment_page'] )
or $_POST['nb_comment_page'] < 5
or $_POST['nb_comment_page'] > 50 )
{
array_push( $error, $lang['conf_err_comment_number'] );
}
// the maximum upload filesize must be an integer between 10 and 1000
- if ( !is_int( $_POST['upload_maxfilesize'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxfilesize'] )
or $_POST['upload_maxfilesize'] < 10
or $_POST['upload_maxfilesize'] > 1000 )
{
@@ -131,63 +132,57 @@ if ( isset( $_POST['submit'] ) )
}
// the maximum width of uploaded pictures must be an integer superior to
// 10
- if ( !is_int( $_POST['upload_maxwidth'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxwidth'] )
or $_POST['upload_maxwidth'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxwidth'] );
}
// the maximum height of uploaded pictures must be an integer superior to
// 10
- if ( !is_int( $_POST['upload_maxheight'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxheight'] )
or $_POST['upload_maxheight'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxheight'] );
}
// the maximum width of uploaded thumbnails must be an integer superior to
// 10
- if ( !is_int( $_POST['upload_maxwidth_thumbnail'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxwidth_thumbnail'] )
or $_POST['upload_maxwidth_thumbnail'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxwidth_thumbnail'] );
}
// the maximum width of uploaded thumbnails must be an integer superior to
// 10
- if ( !is_int( $_POST['upload_maxheight_thumbnail'] )
+ if ( !preg_match( $int_pattern, $_POST['upload_maxheight_thumbnail'] )
or $_POST['upload_maxheight_thumbnail'] < 10 )
{
array_push( $error, $lang['conf_err_upload_maxheight_thumbnail'] );
}
- $test = '';
- if ( is_int( $test ) ) echo 'salut'; exit();
- if ( $_POST['maxwidth'] != '' )
+
+ if ( $_POST['maxwidth'] != ''
+ and ( !preg_match( $int_pattern, $_POST['maxwidth'] )
+ or $_POST['maxwidth'] < 50 ) )
{
- if ( !ereg( "^[0-9]{2,}$", $_POST['maxwidth'] )
- or $_POST['maxwidth'] < 50 )
- {
- $error[$i++] = $lang['err_maxwidth'];
- }
+ array_push( $error, $lang['err_maxwidth'] );
}
- if ( $_POST['maxheight'] != '' )
+ if ( $_POST['maxheight']
+ and ( !preg_match( $int_pattern, $_POST['maxheight'] )
+ or $_POST['maxheight'] < 50 ) )
{
- if ( !ereg( "^[0-9]{2,}$", $_POST['maxheight'] )
- or $_POST['maxheight'] < 50 )
- {
- $error[$i++] = $lang['err_maxheight'];
- }
+ array_push( $error, $lang['err_maxheight'] );
}
- // on met à jour les paramètres de l'application
- // dans le cas où il n'y aucune erreurs
- if ( sizeof( $error ) == 0 )
+ // updating configuraiton if no error found
+ if ( count( $error ) == 0 )
{
- mysql_query( 'delete from '.PREFIX_TABLE.'config;' );
- $query = 'insert into '.PREFIX_TABLE.'config';
+ mysql_query( 'DELETE FROM '.PREFIX_TABLE.'config;' );
+ $query = 'INSERT INTO '.PREFIX_TABLE.'config';
$query.= ' (';
foreach ( $conf_infos as $i => $conf_info ) {
if ( $i > 0 ) $query.= ',';
$query.= $conf_info;
}
$query.= ')';
- $query.= ' values';
+ $query.= ' VALUES';
$query.= ' (';
foreach ( $conf_infos as $i => $conf_info ) {
if ( $i > 0 ) $query.= ',';
@@ -260,15 +255,12 @@ else
}
}
//----------------------------------------------------- template initialization
-$sub = $vtp->Open( '../template/'.$user['template'].
- '/admin/configuration.vtp' );
-// language
-$vtp->setGlobalVar( $sub, 'conf_confirmation', $lang['conf_confirmation'] );
-$vtp->setGlobalVar( $sub, 'remote_site', $lang['remote_site'] );
-$vtp->setGlobalVar( $sub, 'delete', $lang['delete'] );
-$vtp->setGlobalVar( $sub, 'conf_remote_site_delete_info',
- $lang['conf_remote_site_delete_info'] );
-$vtp->setGlobalVar( $sub, 'submit', $lang['submit'] );
+$sub = $vtp->Open(
+ '../template/'.$user['template'].'/admin/configuration.vtp' );
+
+$tpl = array( 'conf_confirmation','remote_site','delete',
+ 'conf_remote_site_delete_info','submit' );
+templatize_array( $tpl, 'lang', $sub );
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
@@ -345,7 +337,6 @@ $vtp->setVar( $sub, 'radio.name', 'access' );
$vtp->setVar( $sub, 'radio.value', 'free' );
$vtp->setVar( $sub, 'radio.option', $lang['conf_general_access_1'] );
$checked = '';
-echo $access.'<br />';
if ( $access == 'free' )
{
$checked = ' checked="checked"';
diff --git a/admin/group_list.php b/admin/group_list.php
new file mode 100644
index 000000000..f58dff1ff
--- /dev/null
+++ b/admin/group_list.php
@@ -0,0 +1,135 @@
+<?php
+/***************************************************************************
+ * group.php *
+ * ------------------- *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************/
+
+/***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+include_once( './include/isadmin.inc.php' );
+//----------------------------------------------------- template initialization
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_list.vtp' );
+$tpl = array( 'group_add','add','listuser_permission','delete',
+ 'group_confirm','yes','no','group_list_title' );
+templatize_array( $tpl, 'lang', $sub );
+//-------------------------------------------------------------- delete a group
+$error = array();
+if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
+{
+ $query = 'SELECT name';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE id = '.$_GET['delete'];
+ $query.= ';';
+ $row = mysql_fetch_array( mysql_query( $query ) );
+ // confirm group deletion ?
+ if ( $_GET['confirm'] != 1 )
+ {
+ $vtp->addSession( $sub, 'deletion' );
+ $vtp->setVar( $sub, 'deletion.name', $row['name'] );
+ $yes_url = './admin.php?page=group&amp;delete='.$_GET['delete'];
+ $yes_url.= '&amp;confirm=1';
+ $vtp->setVar( $sub, 'deletion.yes_url', add_session_id( $yes_url ) );
+ $no_url = './admin.php?page=group';
+ $vtp->setVar( $sub, 'deletion.no_url', add_session_id( $no_url ) );
+ $vtp->closeSession( $sub, 'deletion' );
+ }
+ // group deletion confirmed
+ else
+ {
+ $vtp->addSession( $sub, 'confirmation' );
+ $query = 'SELECT COUNT(*) AS nb_result';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE id = '.$_GET['delete'];
+ $query.= ';';
+ $row2 = mysql_fetch_array( mysql_query( $query ) );
+ if ( $row2['nb_result'] > 0 )
+ {
+ delete_group( $_GET['delete'] );
+ $vtp->setVar( $sub, 'confirmation.class', 'info' );
+ $info = '"'.$row['name'].'" '.$lang['listuser_info_deletion'];
+ $vtp->setVar( $sub, 'confirmation.info', $info );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'confirmation.class', 'erreur' );
+ $vtp->setVar( $sub, 'confirmation.info', $lang['group_err_unknown'] );
+ }
+ $vtp->closeSession( $sub, 'confirmation' );
+ }
+}
+//----------------------------------------------------------------- add a group
+if ( isset( $_POST['submit'] ) )
+{
+ if ( preg_match( "/'/", $_POST['name'] )
+ or preg_match( '/"/', $_POST['name'] ) )
+ {
+ array_push( $error, $lang['group_add_error1'] );
+ }
+ if ( count( $error ) == 0 )
+ {
+ // is the group not already existing ?
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= " WHERE name = '".$_POST['name']."'";
+ $query.= ';';
+ $result = mysql_query( $query );
+ if ( mysql_num_rows( $result ) > 0 )
+ {
+ array_push( $error, $lang['group_add_error2'] );
+ }
+ }
+ if ( count( $error ) == 0 )
+ {
+ // creating the group
+ $query = ' INSERT INTO '.PREFIX_TABLE.'groups';
+ $query.= " (name) VALUES ('".$_POST['name']."')";
+ $query.= ';';
+ mysql_query( $query );
+ }
+}
+//-------------------------------------------------------------- errors display
+if ( sizeof( $error ) != 0 )
+{
+ $vtp->addSession( $sub, 'errors' );
+ for ( $i = 0; $i < sizeof( $error ); $i++ )
+ {
+ $vtp->addSession( $sub, 'li' );
+ $vtp->setVar( $sub, 'li.li', $error[$i] );
+ $vtp->closeSession( $sub, 'li' );
+ }
+ $vtp->closeSession( $sub, 'errors' );
+}
+//----------------------------------------------------------------- groups list
+$vtp->addSession( $sub, 'groups' );
+
+$query = 'SELECT id,name';
+$query.= ' FROM '.PREFIX_TABLE.'groups';
+$query.= ' ORDER BY id ASC';
+$query.= ';';
+$result = mysql_query( $query );
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $vtp->addSession( $sub, 'group' );
+ $vtp->setVar( $sub, 'group.name', $row['name'] );
+ $url = './admin.php?page=group_perm&amp;group_id='.$row['id'];
+ $vtp->setVar( $sub, 'group.permission_url', add_session_id( $url ) );
+ $url = './admin.php?page=group&amp;delete='.$row['id'];
+ $vtp->setVar( $sub, 'group.deletion_url', add_session_id( $url ) );
+ $vtp->closeSession( $sub, 'group' );
+}
+
+$vtp->closeSession( $sub, 'groups' );
+//------------------------------------------------------- create new group form
+$action = './admin.php?'.$_SERVER['QUERY_STRING'];
+$vtp->setVar( $sub, 'form_action', $action );
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
+?> \ No newline at end of file
diff --git a/admin/group_perm.php b/admin/group_perm.php
new file mode 100644
index 000000000..67e5e2cd3
--- /dev/null
+++ b/admin/group_perm.php
@@ -0,0 +1,104 @@
+<?php
+/***************************************************************************
+ * group_perm.php *
+ * ------------------ *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************/
+
+/***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+include_once( './include/isadmin.inc.php' );
+//----------------------------------------------------- template initialization
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/group_perm.vtp' );
+$error = array();
+$tpl = array( 'permuser_authorized','permuser_forbidden','submit',
+ 'permuser_parent_forbidden','permuser_info_message',
+ 'adduser_info_back' );
+templatize_array( $tpl, 'lang', $sub );
+//--------------------------------------------------------------------- updates
+if ( isset( $_POST['submit'] ) )
+{
+ // cleaning the user_access table for this group
+ $query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE group_id = '.$_GET['group_id'];
+ $query.= ';';
+ mysql_query( $query );
+ // selecting all private categories
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= " WHERE status = 'private'";
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $radioname = 'access-'.$row['id'];
+ if ( $_POST[$radioname] == 0 )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'group_access';
+ $query.= ' (group_id,cat_id) VALUES';
+ $query.= ' ('.$_GET['group_id'].','.$row['id'].')';
+ $query.= ';';
+ mysql_query ( $query );
+ }
+ }
+ $vtp->addSession( $sub, 'confirmation' );
+ $url = './admin.php?page=group_list';
+ $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) );
+ $vtp->closeSession( $sub, 'confirmation' );
+}
+//---------------------------------------------------------------- form display
+$restrictions = get_group_restrictions( $_GET['group_id'] );
+$action = './admin.php?page=group_perm&amp;group_id='.$_GET['group_id'];
+$vtp->setVar( $sub, 'action', add_session_id( $action ) );
+// only private categories are listed
+$query = 'SELECT id';
+$query.= ' FROM '.PREFIX_TABLE.'categories';
+$query.= " WHERE status = 'private'";
+$query.= ';';
+$result = mysql_query( $query );
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $vtp->addSession( $sub, 'category' );
+ $vtp->setVar( $sub, 'category.id', $row['id'] );
+ // Is the group allowed to access this category
+ $is_group_allowed = is_group_allowed( $row['id'], $restrictions );
+ if ( $is_group_allowed == 0 )
+ {
+ $vtp->setVar( $sub, 'category.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'category.color', 'red' );
+ }
+ // category name
+ $cat_infos = get_cat_info( $row['id'] );
+ $name = get_cat_display_name( $cat_infos['name'],' &gt; ',
+ 'font-weight:bold;' );
+ $vtp->setVar( $sub, 'category.name', $name );
+ // any subcat forbidden for this group ?
+ if ( $is_group_allowed == 2 )
+ {
+ $vtp->addSession( $sub, 'parent_forbidden' );
+ $vtp->closeSession( $sub, 'parent_forbidden' );
+ }
+ // forbidden or authorized access ?
+ if ( $is_group_allowed == 0 or $is_group_allowed == 2 )
+ {
+ $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' );
+ }
+ $vtp->closeSession( $sub, 'category' );
+}
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
+?> \ No newline at end of file
diff --git a/admin/include/functions.php b/admin/include/functions.php
index c6678caf0..cd58d0822 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -101,13 +101,17 @@ function delete_category( $id )
{
delete_image( $row['id'] );
}
-
- // destruction of the restrictions linked to the category
- $query = 'DELETE FROM '.PREFIX_TABLE.'restrictions';
+
+ // destruction of the access linked to the category
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE cat_id = '.$id;
$query.= ';';
mysql_query( $query );
-
+ $query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE cat_id = '.$id;
+ $query.= ';';
+ mysql_query( $query );
+
// destruction of the sub-categories
$query = 'SELECT id';
$query.= ' FROM '.PREFIX_TABLE.'categories';
@@ -118,7 +122,7 @@ function delete_category( $id )
{
delete_category( $row['id'] );
}
-
+
// destruction of the category
$query = 'DELETE FROM '.PREFIX_TABLE.'categories';
$query.= ' WHERE id = '.$id;
@@ -156,21 +160,35 @@ function delete_image( $id )
// The delete_user function delete a user identified by the $user_id
// It also deletes :
-// - all the restrictions linked to this user
+// - all the access linked to this user
+// - all the links to any group
// - all the favorites linked to this user
+// - all sessions linked to this user
function delete_user( $user_id )
{
- // destruction of the restrictions linked to the user
- $query = 'DELETE FROM '.PREFIX_TABLE.'restrictions';
+ // destruction of the access linked to the user
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_access';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
mysql_query( $query );
-
+
+ // destruction of the group links for this user
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
+ $query.= ' WHERE user_id = '.$user_id;
+ $query.= ';';
+ mysql_query( $query );
+
// destruction of the favorites associated with the user
$query = 'DELETE FROM '.PREFIX_TABLE.'favorites';
$query.= ' WHERE user_id = '.$user_id;
$query.= ';';
mysql_query( $query );
+
+ // destruction of the sessions linked with the user
+ $query = 'DELETE FROM '.PREFIX_TABLE.'sessions';
+ $query.= ' WHERE user_id = '.$user_id;
+ $query.= ';';
+ mysql_query( $query );
// destruction of the user
$query = 'DELETE FROM '.PREFIX_TABLE.'users';
@@ -178,7 +196,32 @@ function delete_user( $user_id )
$query.= ';';
mysql_query( $query );
}
-
+
+// delete_group deletes a group identified by its $group_id.
+// It also deletes :
+// - all the access linked to this group
+// - all the links between this group and any user
+function delete_group( $group_id )
+{
+ // destruction of the access linked to the group
+ $query = 'DELETE FROM '.PREFIX_TABLE.'group_access';
+ $query.= ' WHERE group_id = '.$group_id;
+ $query.= ';';
+ mysql_query( $query );
+
+ // destruction of the group links for this group
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
+ $query.= ' WHERE group_id = '.$group_id;
+ $query.= ';';
+ mysql_query( $query );
+
+ // destruction of the group
+ $query = 'DELETE FROM '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE id = '.$group_id;
+ $query.= ';';
+ mysql_query( $query );
+}
+
// The check_favorites function deletes all the favorites of a user if he is
// not allowed to see them (the category or an upper category is restricted
// or invisible)
diff --git a/admin/include/isadmin.inc.php b/admin/include/isadmin.inc.php
index 64a77e9f3..17ef1435f 100644
--- a/admin/include/isadmin.inc.php
+++ b/admin/include/isadmin.inc.php
@@ -14,14 +14,12 @@
* the Free Software Foundation; *
* *
***************************************************************************/
-define( PREFIXE_INCLUDE, '.' );
+define( PREFIX_INCLUDE, '.' );
include_once( '../include/config.inc.php' );
include_once( '../include/user.inc.php' );
include( './include/functions.php' );
-$conf['lien_puce'] = $conf['repertoire_image'].'puce.gif';
-
$isadmin = true;
include_once( '../language/'.$user['language'].'.php' );
diff --git a/admin/perm.php b/admin/perm.php
deleted file mode 100644
index 257bb21fb..000000000
--- a/admin/perm.php
+++ /dev/null
@@ -1,270 +0,0 @@
-<?php
-/***************************************************************************
- * perm.php is a part of PhpWebGallery *
- * ------------------- *
- * last update : Tuesday, July 16, 2002 *
- * email : pierrick@z0rglub.com *
- * *
- ***************************************************************************/
-
-/***************************************************************************
- * *
- * This program is free software; you can redistribute it and/or modify *
- * it under the terms of the GNU General Public License as published by *
- * the Free Software Foundation; *
- * *
- ***************************************************************************/
- include_once( "./include/isadmin.inc.php" );
- //---------------------------------------------------données de l'utilisateur
- if ( isset( $HTTP_GET_VARS['user_id'] ) )
- {
- $query = "select id,pseudo,status from PREFIX_TABLE"."users where id = '".$HTTP_GET_VARS['user_id']."';";
- $result = mysql_query( $query );
- $row = mysql_fetch_array( $result );
- $page['pseudo'] = $row['pseudo'];
- $page['status'] = $row['status'];
- if ( mysql_num_rows( $result ) == 0 )
- {
- echo"<div class=\"erreur\">".$lang['user_err_unknown']."</div>";
- $erreur = true;
- }
- if ( $row['pseudo'] == $conf['webmaster'] )
- {
- echo"<div class=\"erreur\">".$lang['user_err_modify']."</div>";
- $erreur = true;
- }
- }
- //---------------------------------------------------données de la catégorie
- if ( isset( $HTTP_GET_VARS['cat_id'] ) )
- {
- $HTTP_GET_VARS['cat'] = $HTTP_GET_VARS['cat_id'];
- check_cat_id( $HTTP_GET_VARS['cat_id'] );
- if ( isset( $page['cat'] ) )
- {
- $result = get_cat_info( $page['cat'] );
- $page['cat_name'] = $result['name'];
- $page['id_uppercat'] = $result['id_uppercat'];
- }
- }
- //--------------------------------------------------------------- mise à jour
- if ( isset( $HTTP_POST_VARS['submit'] ) )
- {
- if ( isset( $HTTP_GET_VARS['user_id'] ) )
- {
- mysql_query ( "delete from PREFIX_TABLE"."restrictions where user_id = ".$HTTP_GET_VARS['user_id'].";" );
- $result = mysql_query ( "select id from PREFIX_TABLE"."categories;" );
- while ( $row = mysql_fetch_array ( $result ) )
- {
- $nom_select = "acces-".$row['id'];
- if ( $HTTP_POST_VARS[$nom_select] == 1 )
- {
- mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$HTTP_GET_VARS['user_id']."','".$row['id']."');" );
- }
- }
- check_favorites( $HTTP_GET_VARS['user_id'] );
- echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=liste_users" )."\">".$lang['adduser_info_back']."</a> ]</div>";
- }
- else if ( isset( $HTTP_GET_VARS['cat_id'] ) )
- {
- mysql_query ( "delete from PREFIX_TABLE"."restrictions where cat_id = '".$page['cat']."';" );
- $result = mysql_query( "select id from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" );
- while ( $row = mysql_fetch_array ( $result ) )
- {
- $nom_select = "acces-".$row['id'];
- if ( $HTTP_POST_VARS[$nom_select] == 1 )
- {
- mysql_query ( "insert into PREFIX_TABLE"."restrictions (user_id,cat_id) values ('".$row['id']."','".$page['cat']."');" );
- }
- check_favorites( $row['id'] );
- }
- echo "<div class=\"info\">".$lang['permuser_info_message']." [ <a href=\"".add_session_id_to_url( "./admin.php?page=cat" )."\">".$lang['editcat_back']."</a> ]</div>";
- }
- }
- //--------------------------------------------------------------- formulaire
- function display_cat_manager( $id_uppercat, $indent, $uppercat_authorized, $level, $restriction )
- {
- global PREFIX_TABLE,$lang,$conf;
-
- $output = "";
-
- // will we use <th> or <td> lines ?
- if ( $level == 0 )
- {
- $start_line = "<th ";
- $start_line2 = "<th ";
- $end_line = "</th>";
- }
- else
- {
- $start_line = "<td ";
- $end_line = "</td>";
- if ( $level == 1 )
- {
- $start_line2 = "<td class=\"row1\" ";
- }
- else if ( $level == 2 )
- {
- $start_line2 = "<td class=\"row2\" ";
- }
- else if ( $level == 3 )
- {
- $start_line2 = "<td class=\"row3\" ";
- }
- else if ( $level == 4 )
- {
- $start_line2 = "<td class=\"row4\" ";
- }
- else
- {
- $start_line2 = "<td ";
- }
- }
-
- $query = "select id,name,dir,rank";
- $query.= " from PREFIX_TABLE"."categories";
- if ( !is_numeric( $id_uppercat ) )
- {
- $query.= " where id_uppercat is NULL";
- }
- else
- {
- $query.= " where id_uppercat = $id_uppercat";
- }
- $query.= " order by rank asc;";
- $result = mysql_query( $query );
- while ( $row = mysql_fetch_array( $result ) )
- {
- $subcat_authorized = true;
-
- $output.= "\n<tr>";
- $output.= "\n\t".$start_line."style=\"width:85%;text-align:left;\">$indent<img src=\"".$conf['lien_puce']."\" alt=\"&gt;\" />&nbsp;";
- if ( in_array( $row['id'], $restriction ) || !$uppercat_authorized )
- {
- $subcat_authorized = false;
- $color = "red";
- }
- else
- {
- $color = "green";
- }
- $output.= "<span style=\"color:$color;\">";
- if ( $row['name'] == "" )
- {
- $output.= str_replace( "_", " ", $row['dir'] );
- }
- else
- {
- $output.= $row['name'];
- }
- $output.= " [ dir : ".$row['dir']." ]";
- $output.= "</span>".$end_line;
- $output.= "\n\t".$start_line2." style=\"width:15%;white-space:nowrap;text-align:right;font-weight:normal;\">";
- $output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized'];
- $output.= "\n\t\t<input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\"";
- if ( in_array( $row['id'], $restriction ) )
- {
- $output.= " checked=\"checked\"";
- }
- $output.= "/>".$lang['permuser_forbidden'];
- $output.= $end_line;
- $output.= "\n<tr>";
- $output.= display_cat_manager( $row['id'], $indent."&nbsp;&nbsp;&nbsp;&nbsp;", $subcat_authorized, $level + 1, $restriction );
- }
- return $output;
- }
-
- if ( !$erreur )
- {
- //----------------------------------------------
- // cas 1 : permissions pour un utilisateur donné
- if ( isset( $HTTP_GET_VARS['user_id'] ) )
- {
- echo"
- <table style=\"width:100%;\">
- <tr>
- <th>".$lang['permuser_title']." \"".$page['pseudo']."\"</th>
- </tr>
- </table>";
- $restriction = get_restrictions( $HTTP_GET_VARS['user_id'], $page['status'], false );
- echo"
- <form action=\"".add_session_id_to_url( "./admin.php?page=perm&amp;user_id=".$HTTP_GET_VARS['user_id'] )."\" method=\"post\">
- <div style=\"color:darkblue;margin:10px;text-align:center;\">".$lang['permuser_warning']."</div>
- <table style=\"width:100%;\">";
-
- echo display_cat_manager( "NULL", "&nbsp;&nbsp;&nbsp;&nbsp;", true, 0, $restriction );
-
- echo"
- <tr>
- <td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td>
- </tr>
- <table>
- </form>";
- }
- //----------------------------------------------
- // cas 2 : permissions pour une catégorie donnée
- else if ( isset( $HTTP_GET_VARS['cat_id'] ) )
- {
- echo"
- <table style=\"width:100%;\">
- <tr>
- <th>".$lang['permuser_cat_title']."\"".get_cat_display_name( $page['cat_name'], " - ", "font-style:italic;" )."\"</th>
- </tr>
- </table>";
- echo"
- <form action=\"".add_session_id_to_url( "./admin.php?page=perm&amp;cat_id=".$page['cat'] )."\" method=\"post\">
- <table style=\"width:100%;\">";
-
- $result = mysql_query( "select id,pseudo,status from PREFIX_TABLE"."users where pseudo != '".$conf['webmaster']."';" );
- $i = 0;
- while ( $row = mysql_fetch_array( $result ) )
- {
- $restrictions = get_restrictions( $row['id'], $row['status'], false );
- $is_user_allowed = is_user_allowed( $page['cat'], $restrictions );
- $class = "";
- if ( $i%2 == 1 )
- {
- $class = "class=\"row2\"";
- }
- echo"
- <tr>
- <td $class><a href=\"".add_session_id_to_url( "./admin.php?page=perm&amp;user_id=".$row['id'] )."\">";
- echo "<span style=\"color:";
- if ( $is_user_allowed > 0 )
- {
- echo "red";
- }
- else
- {
- echo "green";
- }
- echo "\">".$row['pseudo']."</span></a></td>
- <td $class style=\"text-align:right;\">";
- if ( $is_user_allowed == 2 )
- {
- echo "<a href=\"".add_session_id_to_url( "./admin.php?page=perm&amp;cat_id=".$page['id_uppercat'] )."\"><span style=\"color:red;\">".$lang['permuser_parent_forbidden']."</span></a>";
- }
- else
- {
- echo"
- <input type=\"radio\" name=\"acces-".$row['id']."\" value=\"0\" checked=\"checked\"/>".$lang['permuser_authorized']."
- <input type=\"radio\" name=\"acces-".$row['id']."\" value=\"1\"";
- if ( $is_user_allowed == 1 )
- {
- echo" checked=\"checked\"";
- }
- echo"/>".$lang['permuser_forbidden'];
- }
- echo"
- </td>
- </tr>";
- $i++;
- }
- echo"
- <tr>
- <td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" value=\"".$lang['submit']."\"/></td>
- </tr>
- </table>
- </form>";
- }
- }
-?> \ No newline at end of file
diff --git a/admin/user_list.php b/admin/user_list.php
index d4289489d..766bfc310 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -17,32 +17,18 @@
include_once( './include/isadmin.inc.php' );
//----------------------------------------------------- template initialization
$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_list.vtp' );
-// language
-$vtp->setGlobalVar( $sub, 'listuser_confirm', $lang['listuser_confirm'] );
-$vtp->setGlobalVar( $sub, 'listuser_modify_hint',
- $lang['listuser_modify_hint'] );
-$vtp->setGlobalVar( $sub, 'listuser_modify', $lang['listuser_modify'] );
-$vtp->setGlobalVar( $sub, 'listuser_permission',
- $lang['listuser_permission'] );
-$vtp->setGlobalVar( $sub, 'listuser_permission_hint',
- $lang['listuser_permission_hint'] );
-$vtp->setGlobalVar( $sub, 'listuser_delete_hint',
- $lang['listuser_delete_hint'] );
-$vtp->setGlobalVar( $sub, 'listuser_delete', $lang['listuser_delete'] );
-$vtp->setGlobalVar( $sub, 'yes', $lang['yes'] );
-$vtp->setGlobalVar( $sub, 'no', $lang['no'] );
-$vtp->setGlobalVar( $sub, 'listuser_button_all',
- $lang['listuser_button_all'] );
-$vtp->setGlobalVar( $sub, 'listuser_button_invert',
- $lang['listuser_button_invert'] );
-$vtp->setGlobalVar( $sub, 'listuser_button_create_address',
- $lang['listuser_button_create_address'] );
+$tpl = array( 'listuser_confirm','listuser_modify_hint','listuser_modify',
+ 'listuser_permission','listuser_permission_hint',
+ 'listuser_delete_hint','listuser_delete','yes','no',
+ 'listuser_button_all','listuser_button_invert',
+ 'listuser_button_create_address' );
+templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------------- delete a user
if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
{
- $query = 'select username';
- $query.= ' from '.PREFIX_TABLE.'users';
- $query.= ' where id = '.$_GET['delete'];
+ $query = 'SELECT username';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ' WHERE id = '.$_GET['delete'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
// confirm user deletion ?
@@ -64,9 +50,9 @@ if ( isset ( $_GET['delete'] ) and is_numeric( $_GET['delete'] ) )
if ( $row['username'] != 'guest'
and $row['username'] != $conf['webmaster'] )
{
- $query = 'select count(*) as nb_result';
- $query.= ' from '.PREFIX_TABLE.'users';
- $query.= ' where id = '.$_GET['delete'];
+ $query = 'SELECT COUNT(*) AS nb_result';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ' WHERE id = '.$_GET['delete'];
$query.= ';';
$row2 = mysql_fetch_array( mysql_query( $query ) );
if ( $row2['nb_result'] > 0 )
@@ -102,9 +88,9 @@ else
}
$vtp->setVar( $sub, 'users.form_action', $action );
- $query = 'select id,username,status,mail_address';
- $query.= ' from '.PREFIX_TABLE.'users';
- $query.= ' order by status asc, username asc';
+ $query = 'SELECT id,username,status,mail_address';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
+ $query.= ' ORDER BY status ASC, username ASC';
$query.= ';';
$result = mysql_query( $query );
@@ -122,16 +108,8 @@ else
$title = $lang['listuser_user_group'].' ';
switch ( $row['status'] )
{
- case 'admin' :
- {
- $title.= $lang['adduser_status_admin'];
- break;
- }
- case 'guest' :
- {
- $title.= $lang['adduser_status_guest'];
- break;
- }
+ case 'admin' : $title.= $lang['adduser_status_admin']; break;
+ case 'guest' : $title.= $lang['adduser_status_guest']; break;
}
$vtp->setVar( $sub, 'category.title', $title );
$current_status = $row['status'];
@@ -152,9 +130,6 @@ else
if ( $row['username'] == 'guest' )
{
$vtp->setVar( $sub, 'user.color', 'green' );
- }
- if ( $row['username'] == 'guest' )
- {
$vtp->setVar( $sub, 'user.login', $lang['guest'] );
}
else
@@ -179,7 +154,8 @@ else
$vtp->closeSession( $sub, 'modify' );
}
// manage permission or not ?
- if ( $row['username'] == $conf['webmaster'] )
+ if ( $row['username'] == $conf['webmaster']
+ and $user['username'] != $conf['webmaster'] )
{
$vtp->addSession( $sub, 'not_permission' );
$vtp->closeSession( $sub, 'not_permission' );
@@ -187,7 +163,7 @@ else
else
{
$vtp->addSession( $sub, 'permission' );
- $url = './admin.php?page=perm&amp;user_id='.$row['id'];
+ $url = './admin.php?page=user_perm&amp;user_id='.$row['id'];
$vtp->setVar( $sub, 'permission.url', add_session_id( $url ) );
$vtp->setVar( $sub, 'permission.login', $row['username'] );
$vtp->closeSession( $sub, 'permission' );
@@ -215,9 +191,8 @@ else
{
$mail_address = array();
$i = 0;
- $query = 'select';
- $query.= ' id,mail_address';
- $query.= ' from '.PREFIX_TABLE.'users';
+ $query = 'SELECT id,mail_address';
+ $query.= ' FROM '.PREFIX_TABLE.'users';
$query.= ';';
$result = mysql_query( $query );
while ( $row = mysql_fetch_array( $result ) )
diff --git a/admin/user_modify.php b/admin/user_modify.php
index 4989c31e2..792eef16b 100644
--- a/admin/user_modify.php
+++ b/admin/user_modify.php
@@ -20,7 +20,8 @@ $sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_modify.vtp' );
$error = array();
$tpl = array( 'adduser_info_message', 'adduser_info_back', 'adduser_fill_form',
'login', 'new', 'password', 'mail_address', 'adduser_status',
- 'submit', 'adduser_info_password_updated' );
+ 'submit', 'adduser_info_password_updated','menu_groups',
+ 'dissociate','adduser_associate' );
templatize_array( $tpl, 'lang', $sub );
//--------------------------------------------------------- form criteria check
$error = array();
@@ -34,7 +35,9 @@ $query.= ' from '.PREFIX_TABLE.'users';
$query.= ' where id = '.$_GET['user_id'];
$query.= ';';
$row = mysql_fetch_array( mysql_query( $query ) );
-
+$page['username'] = $row['username'];
+$page['status'] = $row['status'];
+$page['mail_address'] = $row['mail_address'];
// user is not modifiable if :
// 1. the selected user is the user "guest"
// 2. the selected user is the webmaster and the user making the modification
@@ -66,6 +69,34 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
$_POST['status'], $use_new_password,
$_POST['password'] ) );
}
+// association with groups management
+if ( isset( $_POST['submit'] ) )
+{
+ // deletion of checked groups
+ $query = 'SELECT id,name';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' ORDER BY id ASC';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $dissociate = 'dissociate-'.$row['id'];
+ if ( $_POST[$dissociate] == 1 )
+ {
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_group';
+ $query.= ' WHERE user_id = '.$_GET['user_id'];
+ $query.= ' AND group_id ='.$row['id'];
+ $query.= ';';
+ mysql_query( $query );
+ }
+ }
+ // create a new association between the user and a group
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_group';
+ $query.= ' (user_id,group_id) VALUES';
+ $query.= ' ('.$_GET['user_id'].','.$_POST['associate'].')';
+ $query.= ';';
+ mysql_query( $query );
+}
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
@@ -82,7 +113,7 @@ if ( sizeof( $error ) != 0 )
if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
{
$vtp->addSession( $sub, 'confirmation' );
- $vtp->setVar( $sub, 'confirmation.username', $row['username'] );
+ $vtp->setVar( $sub, 'confirmation.username', $page['username'] );
$url = add_session_id( './admin.php?page=user_list' );
$vtp->setVar( $sub, 'confirmation.url', $url );
$vtp->closeSession( $sub, 'confirmation' );
@@ -91,7 +122,6 @@ if ( sizeof( $error ) == 0 and isset( $_POST['submit'] ) )
$vtp->addSession( $sub, 'password_updated' );
$vtp->closeSession( $sub, 'password_updated' );
}
- $display_form = false;
}
//------------------------------------------------------------------------ form
if ( $display_form )
@@ -99,13 +129,15 @@ if ( $display_form )
$vtp->addSession( $sub, 'form' );
$action = './admin.php?page=user_modify&amp;user_id='.$_GET['user_id'];
$vtp->setVar( $sub, 'form.form_action', add_session_id( $action ) );
- $vtp->setVar( $sub, 'form.user:username', $row['username'] );
- $vtp->setVar( $sub, 'form.user:password', $_POST['password'] );
- $vtp->setVar( $sub, 'form.user:mail_address', $_POST['mail_address'] );
-
- if ( !isset( $_POST['status'] ) )
+ $vtp->setVar( $sub, 'form.user:username', $page['username'] );
+ if ( isset( $_POST['mail_address'] ) )
+ {
+ $page['mail_address'] = $_POST['mail_address'];
+ }
+ $vtp->setVar( $sub, 'form.user:mail_address', $page['mail_address'] );
+ if ( isset( $_POST['status'] ) )
{
- $_POST['status'] = 'guest';
+ $page['status'] = $_POST['status'];
}
$option = get_enums( PREFIX_TABLE.'users', 'status' );
for ( $i = 0; $i < sizeof( $option ); $i++ )
@@ -114,12 +146,55 @@ if ( $display_form )
$vtp->setVar( $sub, 'status_option.value', $option[$i] );
$vtp->setVar( $sub, 'status_option.option',
$lang['adduser_status_'.$option[$i]] );
- if( $option[$i] == $_POST['status'] )
+ if( $option[$i] == $page['status'] )
{
$vtp->setVar( $sub, 'status_option.selected', ' selected="selected"' );
}
$vtp->closeSession( $sub, 'status_option' );
}
+ // groups linked with this user
+ $query = 'SELECT id,name';
+ $query.= ' FROM '.PREFIX_TABLE.'user_group, '.PREFIX_TABLE.'groups';
+ $query.= ' WHERE group_id = id';
+ $query.= ' AND user_id = '.$_GET['user_id'];
+ $query.= ';';
+ $result = mysql_query( $query );
+ $user_groups = array();
+ if ( mysql_num_rows( $result ) > 0 )
+ {
+ $vtp->addSession( $sub, 'groups' );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $vtp->addSession( $sub, 'group' );
+ $vtp->setVar( $sub, 'group.name', $row['name'] );
+ $vtp->setVar( $sub, 'group.dissociate_id', $row['id'] );
+ $vtp->closeSession( $sub, 'group' );
+ array_push( $user_groups, $row['id'] );
+ }
+ $vtp->closeSession( $sub, 'groups' );
+ }
+ // empty group not to take into account
+ $vtp->addSession( $sub, 'associate_group' );
+ $vtp->setVar( $sub, 'associate_group.value', 'undef' );
+ $vtp->setVar( $sub, 'associate_group.option', '' );
+ $vtp->closeSession( $sub, 'associate_group' );
+ // groups not linked yet to the user
+ $query = 'SELECT id,name';
+ $query.= ' FROM '.PREFIX_TABLE.'groups';
+ $query.= ' ORDER BY id ASC';
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ if ( !in_array( $row['id'], $user_groups ) )
+ {
+ $vtp->addSession( $sub, 'associate_group' );
+ $vtp->setVar( $sub, 'associate_group.value', $row['id'] );
+ $vtp->setVar( $sub, 'associate_group.option', $row['name'] );
+ $vtp->closeSession( $sub, 'associate_group' );
+ }
+ }
+
$url = add_session_id( './admin.php?page=user_list' );
$vtp->setVar( $sub, 'form.url_back', $url );
$vtp->closeSession( $sub, 'form' );
diff --git a/admin/user_perm.php b/admin/user_perm.php
new file mode 100644
index 000000000..081560c54
--- /dev/null
+++ b/admin/user_perm.php
@@ -0,0 +1,174 @@
+<?php
+/***************************************************************************
+ * user_perm.php *
+ * ------------------ *
+ * application : PhpWebGallery 1.3 *
+ * author : Pierrick LE GALL <pierrick@z0rglub.com> *
+ * *
+ ***************************************************************************/
+
+/***************************************************************************
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; *
+ * *
+ ***************************************************************************/
+include_once( './include/isadmin.inc.php' );
+//----------------------------------------------------- template initialization
+$sub = $vtp->Open( '../template/'.$user['template'].'/admin/user_perm.vtp' );
+$error = array();
+$tpl = array( 'permuser_authorized','permuser_forbidden','submit',
+ 'permuser_parent_forbidden','permuser_info_message',
+ 'adduser_info_back' );
+templatize_array( $tpl, 'lang', $sub );
+//--------------------------------------------------------------------- updates
+if ( isset( $_POST['submit'] ) )
+{
+ // cleaning the user_access table for this user
+ $query = 'DELETE FROM '.PREFIX_TABLE.'user_access';
+ $query.= ' WHERE user_id = '.$_GET['user_id'];
+ $query.= ';';
+ mysql_query( $query );
+ // selecting all private categories
+ $query = 'SELECT id';
+ $query.= ' FROM '.PREFIX_TABLE.'categories';
+ $query.= " WHERE status = 'private'";
+ $query.= ';';
+ $result = mysql_query( $query );
+ while ( $row = mysql_fetch_array( $result ) )
+ {
+ $radioname = 'access-'.$row['id'];
+ if ( $_POST[$radioname] == 0 )
+ {
+ $query = 'INSERT INTO '.PREFIX_TABLE.'user_access';
+ $query.= ' (user_id,cat_id) VALUES';
+ $query.= ' ('.$_GET['user_id'].','.$row['id'].')';
+ $query.= ';';
+ mysql_query ( $query );
+ }
+ }
+ check_favorites( $_GET['user_id'] );
+ $vtp->addSession( $sub, 'confirmation' );
+ $url = './admin.php?page=user_list';
+ $vtp->setVar( $sub, 'confirmation.back_url', add_session_id( $url ) );
+ $vtp->closeSession( $sub, 'confirmation' );
+}
+//---------------------------------------------------------------- form display
+$restrictions = get_restrictions( $_GET['user_id'], $page['user_status'],
+ false, false );
+$action = './admin.php?page=user_perm&amp;user_id='.$_GET['user_id'];
+$vtp->setVar( $sub, 'action', add_session_id( $action ) );
+// Association of group_ids with group_names -> caching informations
+$query = 'SELECT id,name';
+$query.= ' FROM '.PREFIX_TABLE.'groups';
+$query.= ';';
+$result = mysql_query( $query );
+$groups = array();
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $groups[$row['id']] = $row['name'];
+}
+// Listing of groups the user belongs to
+$query = 'SELECT ug.group_id as groupid';
+$query.= ' FROM '.PREFIX_TABLE.'user_group as ug';
+$query.= ' WHERE user_id = '.$_GET['user_id'];
+$query.= ';';
+$result = mysql_query( $query );
+$usergroups = array();
+while ( $row = mysql_fetch_array( $result ) )
+{
+ array_push( $usergroups, $row['groupid'] );
+}
+// only private categories are listed
+$query = 'SELECT id';
+$query.= ' FROM '.PREFIX_TABLE.'categories';
+$query.= " WHERE status = 'private'";
+$query.= ';';
+$result = mysql_query( $query );
+while ( $row = mysql_fetch_array( $result ) )
+{
+ $vtp->addSession( $sub, 'category' );
+ $vtp->setVar( $sub, 'category.id', $row['id'] );
+ // we have to know whether the user is authorized to access this
+ // category. The category can be accessible for this user thanks to his
+ // personnal access rights OR thanks to the access rights of a group he
+ // belongs to.
+ // 1. group access :
+ // retrieving all authorized groups for this category and for this user
+ $query = 'SELECT ga.group_id as groupid';
+ $query.= ' FROM '.PREFIX_TABLE.'group_access as ga';
+ $query.= ', '.PREFIX_TABLE.'user_group as ug';
+ $query.= ' WHERE ga.group_id = ug.group_id';
+ $query.= ' AND ug.user_id = '.$_GET['user_id'];
+ $query.= ' AND cat_id = '.$row['id'];
+ $query.= ';';
+ $subresult = mysql_query( $query );
+ $authorized_groups = array();
+ while ( $subrow = mysql_fetch_array( $subresult ) )
+ {
+ array_push( $authorized_groups, $subrow['groupid'] );
+ }
+ // 2. personnal access
+ $is_user_allowed = is_user_allowed( $row['id'], $restrictions );
+ // link to the category permission management
+ $url = './admin.php?page=cat_perm&amp;cat_id='.$row['id'];
+ $vtp->setVar( $sub, 'category.cat_perm_link', add_session_id( $url ) );
+ // color of the category : green if the user is allowed by himself or
+ // thanks to a group he belongs to
+ if ( $is_user_allowed == 0 or count( $authorized_groups ) > 0 )
+ {
+ $vtp->setVar( $sub, 'category.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'category.color', 'red' );
+ }
+ // category name
+ $cat_infos = get_cat_info( $row['id'] );
+ $name = get_cat_display_name( $cat_infos['name'],' &gt; ',
+ 'font-weight:bold;' );
+ $vtp->setVar( $sub, 'category.name', $name );
+ // usergroups
+ if ( count( $usergroups ) > 0 )
+ {
+ $vtp->addSession( $sub, 'usergroups' );
+ foreach ( $usergroups as $i => $usergroup ) {
+ $vtp->addSession( $sub, 'usergroup' );
+ $vtp->setVar( $sub, 'usergroup.name', $groups[$usergroup] );
+ if ( in_array( $usergroup, $authorized_groups ) )
+ {
+ $vtp->setVar( $sub, 'usergroup.color', 'green' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'usergroup.color', 'red' );
+ }
+ if ( $i < count( $usergroups ) - 1 )
+ {
+ $vtp->setVar( $sub, 'usergroup.separation', ',' );
+ }
+ $vtp->closeSession( $sub, 'usergroup' );
+ }
+ $vtp->closeSession( $sub, 'usergroups' );
+ }
+ // any subcat forbidden for this user ?
+ if ( $is_user_allowed == 2 )
+ {
+ $vtp->addSession( $sub, 'parent_forbidden' );
+ $vtp->closeSession( $sub, 'parent_forbidden' );
+ }
+ // personnal forbidden or authorized access ?
+ if ( $is_user_allowed == 0 )
+ {
+ $vtp->setVar( $sub, 'category.authorized_checked', ' checked="checked"' );
+ }
+ else
+ {
+ $vtp->setVar( $sub, 'category.forbidden_checked', ' checked="checked"' );
+ }
+ $vtp->closeSession( $sub, 'category' );
+}
+//----------------------------------------------------------- sending html code
+$vtp->Parse( $handle , 'sub', $sub );
+?> \ No newline at end of file