1 |
1710
|
Luisehahne
|
<?php
|
2 |
|
|
/**
|
3 |
|
|
* @category admin
|
4 |
|
|
* @package groups
|
5 |
|
|
* @author WebsiteBaker Project, Independend-Software-Team
|
6 |
|
|
* @copyright 2009-2012, Website Baker Org. e.V.
|
7 |
|
|
* @link http://www.websitebaker2.org/
|
8 |
|
|
* @license http://www.gnu.org/licenses/gpl.html
|
9 |
|
|
* @platform WebsiteBaker 2.8.x
|
10 |
|
|
* @requirements PHP 5.2.2 and higher
|
11 |
|
|
* @version $Id$
|
12 |
|
|
* @filesource $HeadURL$
|
13 |
|
|
* @lastmodified $Date$
|
14 |
|
|
* @description all basic actions of this module, called by dispatcher only.
|
15 |
|
|
*/
|
16 |
|
|
|
17 |
|
|
/* -------------------------------------------------------- */
|
18 |
|
|
// Must include code to stop this file being accessed directly
|
19 |
|
|
if(defined('WB_PATH') == false)
|
20 |
|
|
{
|
21 |
|
|
// Stop this file being access directly
|
22 |
|
|
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
23 |
|
|
}
|
24 |
|
|
/* -------------------------------------------------------- */
|
25 |
|
|
|
26 |
|
|
/* *****************************************************************************
|
27 |
|
|
* Modify existing groups or insert a new group
|
28 |
|
|
* @access public
|
29 |
|
|
* @param object &$admin: reference to admin-object
|
30 |
|
|
* @param object &$database: reference to database object
|
31 |
|
|
* @param int $group_id: ID from group to modify or 0 for a new group
|
32 |
|
|
* @return string: parsed HTML-content
|
33 |
|
|
*/
|
34 |
|
|
function save_group($admin, $group_id = 0)
|
35 |
|
|
{
|
36 |
|
|
global $TEXT, $MESSAGE, $HEADING, $MENU;
|
37 |
|
|
include_once('upgradePermissions.php');
|
38 |
|
|
include_once(WB_PATH.'/framework/functions.php');
|
39 |
|
|
$database = WbDatabase::getInstance();
|
40 |
|
|
// check for valid group_id
|
41 |
|
|
$sql = '';
|
42 |
|
|
|
43 |
|
|
// $system_settings = getSystemDefaultPermissions();
|
44 |
|
|
$system_settings = isset($_POST['system_permissions']) ? $_POST['system_permissions'] : array();
|
45 |
|
|
|
46 |
|
|
// check FTAN and prevent 'admin'[id=1] from become changed
|
47 |
|
|
if( $admin->checkFTAN() && $group_id != 1 )
|
48 |
|
|
{
|
49 |
|
|
$system_permissions = get_system_permissions ($admin,$system_settings);
|
50 |
|
|
$system_permissions = set_system_permissions($system_permissions);
|
51 |
|
|
|
52 |
|
|
$module_permissions = set_module_permissions($admin);
|
53 |
|
|
$module_permissions = implode (',', $module_permissions);
|
54 |
|
|
|
55 |
|
|
$template_permissions = set_template_permissions($admin);
|
56 |
|
|
$template_permissions = implode (',', $template_permissions);
|
57 |
|
|
|
58 |
|
|
// prepare empty record to add new group
|
59 |
|
|
$group_name = mysql_real_escape_string(strip_tags(trim($admin->get_post('name'))));
|
60 |
|
|
// print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong> basename: '.basename(__FILE__).' line: '.__LINE__.' -> <br />';
|
61 |
|
|
// print_r( $_POST ); print '</pre>';
|
62 |
|
|
|
63 |
|
|
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'groups` ';
|
64 |
|
|
$sql .= 'WHERE `group_id` <> '.$group_id.' AND `name` LIKE BINARY \''.$group_name.'\'';
|
65 |
|
|
|
66 |
|
|
if($group_name == '')
|
67 |
|
|
{
|
68 |
|
|
msgQueue::add($MESSAGE['GROUPS_GROUP_NAME_BLANK']);
|
69 |
|
|
} elseif($group_name != '') {
|
70 |
|
|
// check request vars and assign values to record
|
71 |
|
|
if( $database->get_one($sql) != false )
|
72 |
|
|
{
|
73 |
|
|
msgQueue::add($MESSAGE['GROUPS_GROUP_NAME_EXISTS']);
|
74 |
|
|
} else {
|
75 |
|
|
if( $group_id == 0 )
|
76 |
|
|
{
|
77 |
|
|
$sql = 'INSERT INTO `'.TABLE_PREFIX.'groups` ';
|
78 |
|
|
$where = '';
|
79 |
|
|
} else {
|
80 |
|
|
$sql = 'UPDATE `'.TABLE_PREFIX.'groups` ';
|
81 |
|
|
$where = 'WHERE `group_id` = '.$group_id;
|
82 |
|
|
}
|
83 |
|
|
}
|
84 |
|
|
}
|
85 |
|
|
|
86 |
|
|
// save new/changed values if no error given before
|
87 |
|
|
if( msgQueue::isEmpty() )
|
88 |
|
|
{
|
89 |
|
|
$sql .= 'SET `name` = \''.$group_name.'\', ';
|
90 |
|
|
$sql .= '`system_permissions` = \''.$system_permissions.'\', ';
|
91 |
|
|
$sql .= '`module_permissions` = \''.$module_permissions.'\', ';
|
92 |
|
|
$sql .= '`template_permissions` = \''.$template_permissions.'\' ';
|
93 |
|
|
$sql .= $where;
|
94 |
|
|
if( $database->query($sql) )
|
95 |
|
|
{
|
96 |
|
|
msgQueue::add($MESSAGE['GROUPS_SAVED'],true);
|
97 |
|
|
} else {
|
98 |
|
|
msgQueue::add($MESSAGE['RECORD_MODIFIED_FAILED']);
|
99 |
|
|
}
|
100 |
|
|
}
|
101 |
|
|
} else {
|
102 |
|
|
msgQueue::add('FTAN-check failed or tried to change admin');
|
103 |
|
|
}
|
104 |
|
|
$admin->print_header();
|
105 |
|
|
return $group_id;
|
106 |
|
|
}
|