Changeset 657 for trunk/admin/user_perm.php
- Timestamp:
- Dec 25, 2004, 8:33:36 PM (19 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/user_perm.php
r655 r657 26 26 // +-----------------------------------------------------------------------+ 27 27 28 if ( !defined("IN_ADMIN"))28 if (!defined('IN_ADMIN')) 29 29 { 30 die ("Hacking attempt!");30 die('Hacking attempt!'); 31 31 } 32 include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php');32 include_once(PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php'); 33 33 34 34 $userdata = array(); 35 if ( isset( $_POST['submituser'] ))35 if (isset($_POST['submituser'])) 36 36 { 37 37 $userdata = getuserdata($_POST['username']); 38 38 } 39 elseif (isset($_POST['falsify']) || isset($_POST['trueify'])) 39 else if (isset($_POST['falsify']) 40 and isset($_POST['cat_true']) 41 and count($_POST['cat_true']) > 0) 40 42 { 41 43 $userdata = getuserdata(intval($_POST['userid'])); 42 // cleaning the user_access table for this user 43 if (isset($_POST['cat_true']) && count($_POST['cat_true']) > 0) 44 // if you forbid access to a category, all sub-categories become 45 // automatically forbidden 46 $subcats = get_subcat_ids($_POST['cat_true']); 47 $query = ' 48 DELETE FROM '.USER_ACCESS_TABLE.' 49 WHERE user_id = '.$userdata['id'].' 50 AND cat_id IN ('.implode(',', $subcats).') 51 ;'; 52 pwg_query($query); 53 } 54 else if (isset($_POST['trueify']) 55 and isset($_POST['cat_false']) 56 and count($_POST['cat_false']) > 0) 57 { 58 $userdata = getuserdata(intval($_POST['userid'])); 59 60 $uppercats = get_uppercat_ids($_POST['cat_false']); 61 $private_uppercats = array(); 62 63 $query = ' 64 SELECT id 65 FROM '.CATEGORIES_TABLE.' 66 WHERE id IN ('.implode(',', $uppercats).') 67 AND status = \'private\' 68 ;'; 69 $result = pwg_query($query); 70 while ($row = mysql_fetch_array($result)) 44 71 { 45 foreach ($_POST['cat_true'] as $auth_cat) 46 { 47 $query = 'DELETE FROM '.USER_ACCESS_TABLE; 48 $query.= ' WHERE user_id = '.$userdata['id']; 49 $query.= ' AND cat_id='.$auth_cat.';'; 50 pwg_query ( $query ); 51 } 72 array_push($private_uppercats, $row['id']); 73 } 74 75 // retrying to authorize a category which is already authorized may cause 76 // an error (in SQL statement), so we need to know which categories are 77 // accesible 78 $authorized_ids = array(); 79 80 $query = ' 81 SELECT cat_id 82 FROM '.USER_ACCESS_TABLE.' 83 WHERE user_id = '.$userdata['id'].' 84 ;'; 85 $result = pwg_query($query); 86 87 while ($row = mysql_fetch_array($result)) 88 { 89 array_push($authorized_ids, $row['cat_id']); 52 90 } 53 91 54 if (isset($_POST['cat_false']) && count($_POST['cat_false']) > 0) 92 $inserts = array(); 93 $to_autorize_ids = array_diff($private_uppercats, $authorized_ids); 94 foreach ($to_autorize_ids as $to_autorize_id) 55 95 { 56 foreach ($_POST['cat_false'] as $auth_cat) 57 { 58 $query = 'INSERT INTO '.USER_ACCESS_TABLE; 59 $query.= ' (user_id,cat_id) VALUES'; 60 $query.= ' ('.$userdata['id'].','.$auth_cat.')'; 61 $query.= ';'; 62 pwg_query ( $query ); 63 } 96 array_push($inserts, array('user_id' => $userdata['id'], 97 'cat_id' => $to_autorize_id)); 64 98 } 99 100 mass_inserts(USER_ACCESS_TABLE, array('user_id','cat_id'), $inserts); 65 101 } 102 //----------------------------------------------------- template initialization 103 if (empty($userdata)) 104 { 105 $template->set_filenames(array('user' => 'admin/user_perm.tpl')); 66 106 67 //----------------------------------------------------- template initialization 68 69 if ( empty($userdata)) 70 { 71 $template->set_filenames( array('user'=>'admin/user_perm.tpl') ); 107 $base_url = PHPWG_ROOT_PATH.'admin.php?page='; 108 72 109 $template->assign_vars(array( 73 110 'L_SELECT_USERNAME'=>$lang['Select_username'], … … 77 114 'L_SUBMIT'=>$lang['submit'], 78 115 79 'F_SEARCH_USER_ACTION' => add_session_id( PHPWG_ROOT_PATH.'admin.php?page=user_perm'),116 'F_SEARCH_USER_ACTION' => add_session_id($base_url.'user_perm'), 80 117 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') 81 118 )); … … 83 120 else 84 121 { 85 $cat_url = '<a href="'.add_session_id(PHPWG_ROOT_PATH.'admin.php?page=cat_options§ion=status'); 86 $cat_url .= '">'.$lang['permuser_info_link'].'</a>'; 87 $template->set_filenames( array('user'=>'admin/cat_options.tpl') ); 88 $template->assign_vars(array( 89 'L_RESET'=>$lang['reset'], 90 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], 91 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], 92 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'].' '.$cat_url, 93 94 'HIDDEN_NAME'=> 'userid', 95 'HIDDEN_VALUE'=>$userdata['id'], 96 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'), 97 )); 98 122 $template->set_filenames(array('user'=>'admin/cat_options.tpl')); 123 $template->assign_vars( 124 array( 125 'L_RESET'=>$lang['reset'], 126 'L_CAT_OPTIONS_TRUE'=>$lang['authorized'], 127 'L_CAT_OPTIONS_FALSE'=>$lang['forbidden'], 128 'L_CAT_OPTIONS_INFO'=>$lang['permuser_info'], 129 130 'HIDDEN_NAME'=> 'userid', 131 'HIDDEN_VALUE'=>$userdata['id'], 132 'F_ACTION' => add_session_id(PHPWG_ROOT_PATH.'admin.php?page=user_perm'), 133 )); 99 134 100 135 // only private categories are listed 101 $query_true = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE; 102 $query_true.= ' LEFT JOIN '.USER_ACCESS_TABLE.' as u'; 103 $query_true.= ' ON u.cat_id=id'; 104 $query_true.= ' WHERE status = \'private\' AND u.user_id='.$userdata['id'].';'; 136 $query_true = ' 137 SELECT id,name,uppercats,global_rank 138 FROM '.CATEGORIES_TABLE.' INNER JOIN '.USER_ACCESS_TABLE.' ON cat_id = id 139 WHERE status = \'private\' 140 AND user_id = '.$userdata['id'].' 141 ;'; 142 display_select_cat_wrapper($query_true,array(),'category_option_true'); 143 105 144 $result = pwg_query($query_true); 106 $ categorie_true= array();107 while ( !empty($result) &&$row = mysql_fetch_array($result))145 $authorized_ids = array(); 146 while ($row = mysql_fetch_array($result)) 108 147 { 109 array_push($ categorie_true, $row);148 array_push($authorized_ids, $row['id']); 110 149 } 111 150 112 $query = 'SELECT id,name,uppercats,global_rank FROM '.CATEGORIES_TABLE;113 $query.= ' WHERE status = \'private\''; 114 $result = pwg_query($query);115 $categorie_false = array();116 while ($row = mysql_fetch_array($result))151 $query_false = ' 152 SELECT id,name,uppercats,global_rank 153 FROM '.CATEGORIES_TABLE.' 154 WHERE status = \'private\''; 155 if (count($authorized_ids) > 0) 117 156 { 118 if (!in_array($row,$categorie_true))119 array_push($categorie_false, $row);157 $query_false.= ' 158 AND id NOT IN ('.implode(',', $authorized_ids).')'; 120 159 } 121 usort($categorie_true, 'global_rank_compare'); 122 usort($categorie_false, 'global_rank_compare'); 123 display_select_categories($categorie_true, array(), 'category_option_true', true); 124 display_select_categories($categorie_false, array(), 'category_option_false', true); 160 $query_false.= ' 161 ;'; 162 display_select_cat_wrapper($query_false,array(),'category_option_false'); 125 163 } 126 127 164 //----------------------------------------------------------- sending html code 128 165 $template->assign_var_from_handle('ADMIN_CONTENT', 'user');
Note: See TracChangeset
for help on using the changeset viewer.