1 | <?php |
---|
2 | // +-----------------------------------------------------------------------+ |
---|
3 | // | PhpWebGallery - a PHP based picture gallery | |
---|
4 | // | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net | |
---|
5 | // | Copyright (C) 2003-2004 PhpWebGallery Team - http://phpwebgallery.net | |
---|
6 | // +-----------------------------------------------------------------------+ |
---|
7 | // | branch : BSF (Best So Far) |
---|
8 | // | file : $RCSfile$ |
---|
9 | // | last update : $Date: 2004-12-03 16:30:12 +0000 (Fri, 03 Dec 2004) $ |
---|
10 | // | last modifier : $Author: gweltas $ |
---|
11 | // | revision : $Revision: 631 $ |
---|
12 | // +-----------------------------------------------------------------------+ |
---|
13 | // | This program is free software; you can redistribute it and/or modify | |
---|
14 | // | it under the terms of the GNU General Public License as published by | |
---|
15 | // | the Free Software Foundation | |
---|
16 | // | | |
---|
17 | // | This program is distributed in the hope that it will be useful, but | |
---|
18 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
19 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
20 | // | General Public License for more details. | |
---|
21 | // | | |
---|
22 | // | You should have received a copy of the GNU General Public License | |
---|
23 | // | along with this program; if not, write to the Free Software | |
---|
24 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
25 | // | USA. | |
---|
26 | // +-----------------------------------------------------------------------+ |
---|
27 | if( !defined("PHPWG_ROOT_PATH") ) |
---|
28 | { |
---|
29 | die ("Hacking attempt!"); |
---|
30 | } |
---|
31 | include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' ); |
---|
32 | |
---|
33 | //-------------------------------------------------------------- delete a group |
---|
34 | $error = array(); |
---|
35 | if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) ) |
---|
36 | { |
---|
37 | // destruction of the access linked to the group |
---|
38 | $query = 'DELETE FROM '.GROUP_ACCESS_TABLE; |
---|
39 | $query.= ' WHERE group_id = '.$_POST['group_id']; |
---|
40 | $query.= ';'; |
---|
41 | pwg_query( $query ); |
---|
42 | |
---|
43 | // destruction of the users links for this group |
---|
44 | $query = 'DELETE FROM ' . USER_GROUP_TABLE; |
---|
45 | $query.= ' WHERE group_id = '.$_POST['group_id']; |
---|
46 | pwg_query( $query ); |
---|
47 | |
---|
48 | // destruction of the group |
---|
49 | $query = 'DELETE FROM ' . GROUPS_TABLE; |
---|
50 | $query.= ' WHERE id = '.$_POST['group_id']; |
---|
51 | $query.= ';'; |
---|
52 | pwg_query( $query ); |
---|
53 | } |
---|
54 | //----------------------------------------------------------------- add a group |
---|
55 | elseif ( isset( $_POST['new'] ) ) |
---|
56 | { |
---|
57 | if ( empty($_POST['newgroup']) || preg_match( "/'/", $_POST['newgroup'] ) |
---|
58 | or preg_match( '/"/', $_POST['newgroup'] ) ) |
---|
59 | { |
---|
60 | array_push( $error, $lang['group_add_error1'] ); |
---|
61 | } |
---|
62 | if ( count( $error ) == 0 ) |
---|
63 | { |
---|
64 | // is the group not already existing ? |
---|
65 | $query = 'SELECT id FROM '.GROUPS_TABLE; |
---|
66 | $query.= " WHERE name = '".$_POST['newgroup']."'"; |
---|
67 | $query.= ';'; |
---|
68 | $result = pwg_query( $query ); |
---|
69 | if ( mysql_num_rows( $result ) > 0 ) |
---|
70 | { |
---|
71 | array_push( $error, $lang['group_add_error2'] ); |
---|
72 | } |
---|
73 | } |
---|
74 | if ( count( $error ) == 0 ) |
---|
75 | { |
---|
76 | // creating the group |
---|
77 | $query = ' INSERT INTO '.GROUPS_TABLE; |
---|
78 | $query.= " (name) VALUES ('".$_POST['newgroup']."')"; |
---|
79 | $query.= ';'; |
---|
80 | pwg_query( $query ); |
---|
81 | } |
---|
82 | } |
---|
83 | //--------------------------------------------------------------- user management |
---|
84 | elseif ( isset( $_POST['add'] ) ) |
---|
85 | { |
---|
86 | $userdata = getuserdata($_POST['username']); |
---|
87 | if (!$userdata) echo "Utilisateur inexistant"; |
---|
88 | |
---|
89 | // create a new association between the user and a group |
---|
90 | $query = 'INSERT INTO '.USER_GROUP_TABLE; |
---|
91 | $query.= ' (user_id,group_id) VALUES'; |
---|
92 | $query.= ' ('.$userdata['id'].','.$_POST['edit_group_id'].')'; |
---|
93 | $query.= ';'; |
---|
94 | pwg_query( $query ); |
---|
95 | } |
---|
96 | elseif (isset( $_POST['deny_user'] )) |
---|
97 | { |
---|
98 | $sql_in = ''; |
---|
99 | $members = $_POST['members']; |
---|
100 | for($i = 0; $i < count($members); $i++) |
---|
101 | { |
---|
102 | $sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]); |
---|
103 | } |
---|
104 | $query = 'DELETE FROM ' . USER_GROUP_TABLE; |
---|
105 | $query.= ' WHERE user_id IN ('.$sql_in; |
---|
106 | $query.= ') AND group_id = '.$_POST['edit_group_id']; |
---|
107 | pwg_query( $query ); |
---|
108 | } |
---|
109 | //-------------------------------------------------------------- errors display |
---|
110 | if ( sizeof( $error ) != 0 ) |
---|
111 | { |
---|
112 | $template->assign_block_vars('errors',array()); |
---|
113 | for ( $i = 0; $i < sizeof( $error ); $i++ ) |
---|
114 | { |
---|
115 | $template->assign_block_vars('errors.error',array('ERROR'=>$error[$i])); |
---|
116 | } |
---|
117 | } |
---|
118 | //----------------------------------------------------------------- groups list |
---|
119 | |
---|
120 | $query = 'SELECT id,name FROM '.GROUPS_TABLE; |
---|
121 | $query.= ' ORDER BY id ASC;'; |
---|
122 | $result = pwg_query( $query ); |
---|
123 | $groups_display = '<select name="group_id">'; |
---|
124 | $groups_nb=0; |
---|
125 | while ( $row = mysql_fetch_array( $result ) ) |
---|
126 | { |
---|
127 | $groups_nb++; |
---|
128 | $selected = ''; |
---|
129 | if (isset($_POST['group_id']) && $_POST['group_id']==$row['id']) |
---|
130 | $selected = 'selected'; |
---|
131 | $groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>'; |
---|
132 | } |
---|
133 | $groups_display .= '</select>'; |
---|
134 | |
---|
135 | $action = PHPWG_ROOT_PATH.'admin.php?page=group_list'; |
---|
136 | //----------------------------------------------------- template initialization |
---|
137 | $template->set_filenames( array('groups'=>'admin/group_list.tpl') ); |
---|
138 | $tpl = array( 'group_add','add','listuser_permission','delete', |
---|
139 | 'group_confirm','yes','no','group_list_title' ); |
---|
140 | |
---|
141 | $template->assign_vars(array( |
---|
142 | 'S_GROUP_SELECT'=>$groups_display, |
---|
143 | |
---|
144 | 'L_GROUP_SELECT'=>$lang['group_list_title'], |
---|
145 | 'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'], |
---|
146 | 'L_LOOK_UP'=>$lang['edit'], |
---|
147 | 'L_GROUP_DELETE'=>$lang['delete'], |
---|
148 | 'L_CREATE_NEW_GROUP'=>$lang['group_add'], |
---|
149 | 'L_GROUP_EDIT'=>$lang['group_edit'], |
---|
150 | 'L_USER_NAME'=>$lang['login'], |
---|
151 | 'L_USER_EMAIL'=>$lang['mail_address'], |
---|
152 | 'L_USER_SELECT'=>$lang['Select'], |
---|
153 | 'L_DENY_SELECTED'=>$lang['group_deny_user'], |
---|
154 | 'L_ADD_MEMBER'=>$lang['group_add_user'], |
---|
155 | 'L_FIND_USERNAME'=>$lang['Find_username'], |
---|
156 | |
---|
157 | 'S_GROUP_ACTION'=>add_session_id($action), |
---|
158 | 'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php') |
---|
159 | )); |
---|
160 | |
---|
161 | if ($groups_nb) |
---|
162 | { |
---|
163 | $template->assign_block_vars('select_box',array()); |
---|
164 | } |
---|
165 | |
---|
166 | //----------------------------------------------------------------- add a group |
---|
167 | if ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] )) |
---|
168 | { |
---|
169 | // Retrieving the group name |
---|
170 | $query = 'SELECT id, name FROM '.GROUPS_TABLE; |
---|
171 | $query.= " WHERE id = '".$_POST['group_id']."'"; |
---|
172 | $query.= ';'; |
---|
173 | $result = mysql_fetch_array(pwg_query( $query )); |
---|
174 | $template->assign_block_vars('edit_group',array( |
---|
175 | 'GROUP_NAME'=>$result['name'], |
---|
176 | 'GROUP_ID'=>$result['id'] |
---|
177 | )); |
---|
178 | |
---|
179 | // Retrieving all the users |
---|
180 | $query = 'SELECT id, username, mail_address'; |
---|
181 | $query.= ' FROM ('.USERS_TABLE.' as u'; |
---|
182 | $query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)'; |
---|
183 | $query.= " WHERE ug.group_id = '".$_POST['group_id']."';"; |
---|
184 | $result = pwg_query( $query ); |
---|
185 | $i=0; |
---|
186 | while ( $row = mysql_fetch_array( $result ) ) |
---|
187 | { |
---|
188 | $class = ($i % 2)? 'row1':'row2'; $i++; |
---|
189 | $template->assign_block_vars('edit_group.user',array( |
---|
190 | 'ID'=>$row['id'], |
---|
191 | 'NAME'=>$row['username'], |
---|
192 | 'EMAIL'=>$row['mail_address'], |
---|
193 | 'T_CLASS'=>$class |
---|
194 | )); |
---|
195 | } |
---|
196 | } |
---|
197 | |
---|
198 | //----------------------------------------------------------- sending html code |
---|
199 | $template->assign_var_from_handle('ADMIN_CONTENT', 'groups'); |
---|
200 | ?> |
---|