Context Navigation

source: trunk/admin/group_list.php @ 704

Last change on this file since 704 was 704, checked in by plg, 19 years ago
bug fixed : when trying to link a blank user to a group, only a french hard coded message was displayed and a wrong SQL query was executed
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 7.1 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2005-01-17 21:02:43 +0000 (Mon, 17 Jan 2005) $
10	// \| last modifier : $Author: plg $
11	// \| revision : $Revision: 704 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27	if( !defined("PHPWG_ROOT_PATH") )
28	{
29	die ("Hacking attempt!");
30	}
31	include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
32
33	//-------------------------------------------------------------- delete a group
34	$error = array();
35	if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) )
36	{
37	// destruction of the access linked to the group
38	$query = 'DELETE FROM '.GROUP_ACCESS_TABLE;
39	$query.= ' WHERE group_id = '.$_POST['group_id'];
40	$query.= ';';
41	pwg_query( $query );
42
43	// destruction of the users links for this group
44	$query = 'DELETE FROM ' . USER_GROUP_TABLE;
45	$query.= ' WHERE group_id = '.$_POST['group_id'];
46	pwg_query( $query );
47
48	// destruction of the group
49	$query = 'DELETE FROM ' . GROUPS_TABLE;
50	$query.= ' WHERE id = '.$_POST['group_id'];
51	$query.= ';';
52	pwg_query( $query );
53	}
54	//----------------------------------------------------------------- add a group
55	elseif ( isset( $_POST['new'] ) )
56	{
57	if ( empty($_POST['newgroup']) \|\| preg_match( "/'/", $_POST['newgroup'] )
58	or preg_match( '/"/', $_POST['newgroup'] ) )
59	{
60	array_push( $error, $lang['group_add_error1'] );
61	}
62	if ( count( $error ) == 0 )
63	{
64	// is the group not already existing ?
65	$query = 'SELECT id FROM '.GROUPS_TABLE;
66	$query.= " WHERE name = '".$_POST['newgroup']."'";
67	$query.= ';';
68	$result = pwg_query( $query );
69	if ( mysql_num_rows( $result ) > 0 )
70	{
71	array_push( $error, $lang['group_add_error2'] );
72	}
73	}
74	if ( count( $error ) == 0 )
75	{
76	// creating the group
77	$query = ' INSERT INTO '.GROUPS_TABLE;
78	$query.= " (name) VALUES ('".$_POST['newgroup']."')";
79	$query.= ';';
80	pwg_query( $query );
81	}
82	}
83	//--------------------------------------------------------------- user management
84	elseif ( isset( $_POST['add'] ) )
85	{
86	$userdata = getuserdata($_POST['username']);
87	if (!$userdata)
88	{
89	array_push($error, $lang['user_err_unknown']);
90	}
91	else
92	{
93	// create a new association between the user and a group
94	$query = '
95	INSERT INTO '.USER_GROUP_TABLE.'
96	(user_id,group_id)
97	VALUES
98	('.$userdata['id'].','.$_POST['edit_group_id'].')
99	;';
100	pwg_query($query);
101	}
102	}
103	elseif (isset( $_POST['deny_user'] ))
104	{
105	$sql_in = '';
106	$members = $_POST['members'];
107	for($i = 0; $i < count($members); $i++)
108	{
109	$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
110	}
111	$query = 'DELETE FROM ' . USER_GROUP_TABLE;
112	$query.= ' WHERE user_id IN ('.$sql_in;
113	$query.= ') AND group_id = '.$_POST['edit_group_id'];
114	pwg_query( $query );
115	}
116	//-------------------------------------------------------------- errors display
117	if ( sizeof( $error ) != 0 )
118	{
119	$template->assign_block_vars('errors',array());
120	for ( $i = 0; $i < sizeof( $error ); $i++ )
121	{
122	$template->assign_block_vars('errors.error',array('ERROR'=>$error[$i]));
123	}
124	}
125	//----------------------------------------------------------------- groups list
126
127	$query = 'SELECT id,name FROM '.GROUPS_TABLE;
128	$query.= ' ORDER BY id ASC;';
129	$result = pwg_query( $query );
130	$groups_display = '<select name="group_id">';
131	$groups_nb=0;
132	while ( $row = mysql_fetch_array( $result ) )
133	{
134	$groups_nb++;
135	$selected = '';
136	if (isset($_POST['group_id']) && $_POST['group_id']==$row['id'])
137	$selected = 'selected';
138	$groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>';
139	}
140	$groups_display .= '</select>';
141
142	$action = PHPWG_ROOT_PATH.'admin.php?page=group_list';
143	//----------------------------------------------------- template initialization
144	$template->set_filenames( array('groups'=>'admin/group_list.tpl') );
145	$template->assign_vars(array(
146	'S_GROUP_SELECT'=>$groups_display,
147
148	'L_GROUP_SELECT'=>$lang['group_list_title'],
149	'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'],
150	'L_LOOK_UP'=>$lang['edit'],
151	'L_GROUP_DELETE'=>$lang['delete'],
152	'L_CREATE_NEW_GROUP'=>$lang['group_add'],
153	'L_GROUP_EDIT'=>$lang['group_edit'],
154	'L_USER_NAME'=>$lang['login'],
155	'L_USER_EMAIL'=>$lang['mail_address'],
156	'L_USER_SELECT'=>$lang['Select'],
157	'L_DENY_SELECTED'=>$lang['group_deny_user'],
158	'L_ADD_MEMBER'=>$lang['group_add_user'],
159	'L_FIND_USERNAME'=>$lang['Find_username'],
160
161	'S_GROUP_ACTION'=>add_session_id($action),
162	'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
163	));
164
165	if ($groups_nb)
166	{
167	$template->assign_block_vars('select_box',array());
168	}
169
170	//----------------------------------------------------------------- add a group
171	if ( isset( $_POST['edit']) \|\| isset( $_POST['add']) \|\| isset( $_POST['deny_user'] ))
172	{
173	// Retrieving the group name
174	$query = 'SELECT id, name FROM '.GROUPS_TABLE;
175	$query.= " WHERE id = '".$_POST['group_id']."'";
176	$query.= ';';
177	$result = mysql_fetch_array(pwg_query( $query ));
178	$template->assign_block_vars('edit_group',array(
179	'GROUP_NAME'=>$result['name'],
180	'GROUP_ID'=>$result['id']
181	));
182
183	// Retrieving all the users
184	$query = 'SELECT id, username, mail_address';
185	$query.= ' FROM ('.USERS_TABLE.' as u';
186	$query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)';
187	$query.= " WHERE ug.group_id = '".$_POST['group_id']."';";
188	$result = pwg_query( $query );
189	$i=0;
190	while ( $row = mysql_fetch_array( $result ) )
191	{
192	$class = ($i % 2)? 'row1':'row2'; $i++;
193	$template->assign_block_vars('edit_group.user',array(
194	'ID'=>$row['id'],
195	'NAME'=>$row['username'],
196	'EMAIL'=>$row['mail_address'],
197	'T_CLASS'=>$class
198	));
199	}
200	}
201
202	//----------------------------------------------------------- sending html code
203	$template->assign_var_from_handle('ADMIN_CONTENT', 'groups');
204	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: