1
|
<?php
|
2
|
/**
|
3
|
* @category admin
|
4
|
* @package groups
|
5
|
* @author WebsiteBaker Project, Independend-Software-Team
|
6
|
* @copyright 2009-2012, Website Baker Org. e.V.
|
7
|
* @link http://www.websitebaker2.org/
|
8
|
* @license http://www.gnu.org/licenses/gpl.html
|
9
|
* @platform WebsiteBaker 2.8.x
|
10
|
* @requirements PHP 5.2.2 and higher
|
11
|
* @version $Id: save.inc.php 1710 2012-08-29 11:50:26Z Luisehahne $
|
12
|
* @filesource $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/groups/save.inc.php $
|
13
|
* @lastmodified $Date: 2012-08-29 13:50:26 +0200 (Wed, 29 Aug 2012) $
|
14
|
* @description all basic actions of this module, called by dispatcher only.
|
15
|
*/
|
16
|
|
17
|
/* -------------------------------------------------------- */
|
18
|
// Must include code to stop this file being accessed directly
|
19
|
if(defined('WB_PATH') == false)
|
20
|
{
|
21
|
// Stop this file being access directly
|
22
|
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
23
|
}
|
24
|
/* -------------------------------------------------------- */
|
25
|
|
26
|
/* *****************************************************************************
|
27
|
* Modify existing groups or insert a new group
|
28
|
* @access public
|
29
|
* @param object &$admin: reference to admin-object
|
30
|
* @param object &$database: reference to database object
|
31
|
* @param int $group_id: ID from group to modify or 0 for a new group
|
32
|
* @return string: parsed HTML-content
|
33
|
*/
|
34
|
function save_group($admin, $group_id = 0)
|
35
|
{
|
36
|
global $TEXT, $MESSAGE, $HEADING, $MENU;
|
37
|
include_once('upgradePermissions.php');
|
38
|
include_once(WB_PATH.'/framework/functions.php');
|
39
|
$database = WbDatabase::getInstance();
|
40
|
// check for valid group_id
|
41
|
$sql = '';
|
42
|
|
43
|
// $system_settings = getSystemDefaultPermissions();
|
44
|
$system_settings = isset($_POST['system_permissions']) ? $_POST['system_permissions'] : array();
|
45
|
|
46
|
// check FTAN and prevent 'admin'[id=1] from become changed
|
47
|
if( $admin->checkFTAN() && $group_id != 1 )
|
48
|
{
|
49
|
$system_permissions = get_system_permissions ($admin,$system_settings);
|
50
|
$system_permissions = set_system_permissions($system_permissions);
|
51
|
|
52
|
$module_permissions = set_module_permissions($admin);
|
53
|
$module_permissions = implode (',', $module_permissions);
|
54
|
|
55
|
$template_permissions = set_template_permissions($admin);
|
56
|
$template_permissions = implode (',', $template_permissions);
|
57
|
|
58
|
// prepare empty record to add new group
|
59
|
$group_name = mysql_real_escape_string(strip_tags(trim($admin->get_post('name'))));
|
60
|
// print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong> basename: '.basename(__FILE__).' line: '.__LINE__.' -> <br />';
|
61
|
// print_r( $_POST ); print '</pre>';
|
62
|
|
63
|
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'groups` ';
|
64
|
$sql .= 'WHERE `group_id` <> '.$group_id.' AND `name` LIKE BINARY \''.$group_name.'\'';
|
65
|
|
66
|
if($group_name == '')
|
67
|
{
|
68
|
msgQueue::add($MESSAGE['GROUPS_GROUP_NAME_BLANK']);
|
69
|
} elseif($group_name != '') {
|
70
|
// check request vars and assign values to record
|
71
|
if( $database->get_one($sql) != false )
|
72
|
{
|
73
|
msgQueue::add($MESSAGE['GROUPS_GROUP_NAME_EXISTS']);
|
74
|
} else {
|
75
|
if( $group_id == 0 )
|
76
|
{
|
77
|
$sql = 'INSERT INTO `'.TABLE_PREFIX.'groups` ';
|
78
|
$where = '';
|
79
|
} else {
|
80
|
$sql = 'UPDATE `'.TABLE_PREFIX.'groups` ';
|
81
|
$where = 'WHERE `group_id` = '.$group_id;
|
82
|
}
|
83
|
}
|
84
|
}
|
85
|
|
86
|
// save new/changed values if no error given before
|
87
|
if( msgQueue::isEmpty() )
|
88
|
{
|
89
|
$sql .= 'SET `name` = \''.$group_name.'\', ';
|
90
|
$sql .= '`system_permissions` = \''.$system_permissions.'\', ';
|
91
|
$sql .= '`module_permissions` = \''.$module_permissions.'\', ';
|
92
|
$sql .= '`template_permissions` = \''.$template_permissions.'\' ';
|
93
|
$sql .= $where;
|
94
|
if( $database->query($sql) )
|
95
|
{
|
96
|
msgQueue::add($MESSAGE['GROUPS_SAVED'],true);
|
97
|
} else {
|
98
|
msgQueue::add($MESSAGE['RECORD_MODIFIED_FAILED']);
|
99
|
}
|
100
|
}
|
101
|
} else {
|
102
|
msgQueue::add('FTAN-check failed or tried to change admin');
|
103
|
}
|
104
|
$admin->print_header();
|
105
|
return $group_id;
|
106
|
}
|