source: branches/2.0/admin/group_list.php @ 10075

Last change on this file since 10075 was 4529, checked in by plg, 15 years ago

bug 1328: implements check_pwg_token at group management level.

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 7.0 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if( !defined("PHPWG_ROOT_PATH") )
25{
26  die ("Hacking attempt!");
27}
28
29include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
30
31// +-----------------------------------------------------------------------+
32// | Check Access and exit when user status is not ok                      |
33// +-----------------------------------------------------------------------+
34check_status(ACCESS_ADMINISTRATOR);
35
36if (!empty($_POST) or isset($_GET['delete']) or isset($_GET['toggle_is_default']))
37{
38  check_pwg_token();
39}
40
41// +-----------------------------------------------------------------------+
42// |                             delete a group                            |
43// +-----------------------------------------------------------------------+
44
45if (isset($_GET['delete']) and is_numeric($_GET['delete']) and !is_adviser())
46{
47  // destruction of the access linked to the group
48  $query = '
49DELETE
50  FROM '.GROUP_ACCESS_TABLE.'
51  WHERE group_id = '.$_GET['delete'].'
52;';
53  pwg_query($query);
54 
55  // destruction of the users links for this group
56  $query = '
57DELETE
58  FROM '.USER_GROUP_TABLE.'
59  WHERE group_id = '.$_GET['delete'].'
60;';
61  pwg_query($query);
62
63  $query = '
64SELECT name
65  FROM '.GROUPS_TABLE.'
66  WHERE id = '.$_GET['delete'].'
67;';
68  list($groupname) = mysql_fetch_row(pwg_query($query));
69 
70  // destruction of the group
71  $query = '
72DELETE
73  FROM '.GROUPS_TABLE.'
74  WHERE id = '.$_GET['delete'].'
75;';
76  pwg_query($query);
77
78  array_push(
79    $page['infos'],
80    sprintf(l10n('group "%s" deleted'), $groupname)
81    );
82}
83
84// +-----------------------------------------------------------------------+
85// |                              add a group                              |
86// +-----------------------------------------------------------------------+
87
88if (isset($_POST['submit_add']) and !is_adviser())
89{
90  if (empty($_POST['groupname']))
91  {
92    array_push($page['errors'], l10n('group_add_error1'));
93  }
94  if (count($page['errors']) == 0)
95  {
96    // is the group not already existing ?
97    $query = '
98SELECT COUNT(*)
99  FROM '.GROUPS_TABLE.'
100  WHERE name = \''.$_POST['groupname'].'\'
101;';
102    list($count) = mysql_fetch_row(pwg_query($query));
103    if ($count != 0)
104    {
105      array_push($page['errors'], l10n('group_add_error2'));
106    }
107  }
108  if (count($page['errors']) == 0)
109  {
110    // creating the group
111    $query = '
112INSERT INTO '.GROUPS_TABLE.'
113  (name)
114  VALUES
115  (\''.mysql_real_escape_string($_POST['groupname']).'\')
116;';
117    pwg_query($query);
118
119    array_push(
120      $page['infos'],
121      sprintf(l10n('group "%s" added'), $_POST['groupname'])
122      );
123  }
124}
125
126// +-----------------------------------------------------------------------+
127// | toggle is default group property                                      |
128// +-----------------------------------------------------------------------+
129
130if (isset($_GET['toggle_is_default']) and is_numeric($_GET['toggle_is_default']) and !is_adviser())
131{
132  $query = '
133SELECT name, is_default
134  FROM '.GROUPS_TABLE.'
135  WHERE id = '.$_GET['toggle_is_default'].'
136;';
137  list($groupname, $is_default) = mysql_fetch_row(pwg_query($query));
138 
139  // update of the group
140  $query = '
141UPDATE '.GROUPS_TABLE.'
142  SET is_default = \''.boolean_to_string(!get_boolean($is_default)).'\'
143  WHERE id = '.$_GET['toggle_is_default'].'
144;';
145  pwg_query($query);
146
147  array_push(
148    $page['infos'],
149    sprintf(l10n('group "%s" updated'), $groupname)
150    );
151}
152
153// +-----------------------------------------------------------------------+
154// |                             template init                             |
155// +-----------------------------------------------------------------------+
156
157$template->set_filenames(array('group_list' => 'group_list.tpl'));
158
159$template->assign(
160  array(
161    'F_ADD_ACTION' => get_root_url().'admin.php?page=group_list',
162    'U_HELP' => get_root_url().'popuphelp.php?page=group_list',
163    'PWG_TOKEN' => get_pwg_token(),
164    )
165  );
166
167// +-----------------------------------------------------------------------+
168// |                              group list                               |
169// +-----------------------------------------------------------------------+
170
171$query = '
172SELECT id, name, is_default
173  FROM '.GROUPS_TABLE.'
174  ORDER BY name ASC
175;';
176$result = pwg_query($query);
177
178$admin_url = get_root_url().'admin.php?page=';
179$perm_url    = $admin_url.'group_perm&amp;group_id=';
180$del_url     = $admin_url.'group_list&amp;delete=';
181$members_url = $admin_url.'user_list&amp;group=';
182$toggle_is_default_url     = $admin_url.'group_list&amp;toggle_is_default=';
183
184while ($row = mysql_fetch_array($result))
185{
186  $query = '
187SELECT COUNT(*)
188  FROM '.USER_GROUP_TABLE.'
189  WHERE group_id = '.$row['id'].'
190;';
191  list($counter) = mysql_fetch_row(pwg_query($query));
192 
193  $template->append(
194    'groups',
195    array(
196      'NAME' => $row['name'],
197      'IS_DEFAULT' => (get_boolean($row['is_default']) ? ' ['.l10n('is_default_group').']' : ''),
198      'MEMBERS' => l10n_dec('%d member', '%d members', $counter),
199      'U_MEMBERS' => $members_url.$row['id'],
200      'U_DELETE' => $del_url.$row['id'].'&amp;pwg_token='.get_pwg_token(),
201      'U_PERM' => $perm_url.$row['id'],
202      'U_ISDEFAULT' => $toggle_is_default_url.$row['id'].'&amp;pwg_token='.get_pwg_token(),
203      )
204    );
205}
206
207// +-----------------------------------------------------------------------+
208// |                           sending html code                           |
209// +-----------------------------------------------------------------------+
210
211$template->assign_var_from_handle('ADMIN_CONTENT', 'group_list');
212
213?>
Note: See TracBrowser for help on using the repository browser.