Project

General

Profile

1
<?php
2
/**
3
 * @category        admin
4
 * @package         groups
5
 * @author          WebsiteBaker Project, Independend-Software-Team
6
 * @copyright       2009-2012, Website Baker Org. e.V.
7
 * @link			http://www.websitebaker2.org/
8
 * @license         http://www.gnu.org/licenses/gpl.html
9
 * @platform        WebsiteBaker 2.8.x
10
 * @requirements    PHP 5.2.2 and higher
11
 * @version         $Id: save.inc.php 1868 2013-02-19 21:07:19Z Luisehahne $
12
 * @filesource		$HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/groups/save.inc.php $
13
 * @lastmodified    $Date: 2013-02-19 22:07:19 +0100 (Tue, 19 Feb 2013) $
14
 * @description     all basic actions of this module, called by dispatcher only.
15
 */
16

    
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(defined('WB_PATH') == false)
20
{
21
	// Stop this file being access directly
22
		die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
23
}
24
/* -------------------------------------------------------- */
25

    
26
/* *****************************************************************************
27
 * Modify existing groups or insert a new group
28
 * @access public
29
 * @param object &$admin: reference to admin-object
30
 * @param object &$database: reference to database object
31
 * @param int $group_id: ID from group to modify or 0 for a new group
32
 * @return string: parsed HTML-content
33
 */
34
	function save_group($admin, $group_id = 0)
35
	{
36
		global $TEXT, $MESSAGE, $HEADING, $MENU;
37
		include_once('upgradePermissions.php');
38
		include_once(WB_PATH.'/framework/functions.php');
39
		$database = WbDatabase::getInstance();
40
	// check for valid group_id
41
		$sql = '';
42

    
43
//		$system_settings = getSystemDefaultPermissions();
44
		$system_settings = isset($_POST['system_permissions']) ? $_POST['system_permissions'] : array();
45

    
46
	// check FTAN and prevent 'admin'[id=1] from become changed
47
		if( $admin->checkFTAN() && $group_id != 1 )
48
		{
49
			$system_permissions   = get_system_permissions ($admin,$system_settings);
50
			$system_permissions   = set_system_permissions($system_permissions);
51

    
52
			$module_permissions   = set_module_permissions($admin);
53
			$module_permissions   = implode (',', $module_permissions);
54

    
55
			$template_permissions = set_template_permissions($admin);
56
			$template_permissions = implode (',', $template_permissions);
57

    
58
			// prepare empty record to add new group
59
			$group_name = $database->escapeString(strip_tags(trim($admin->get_post('name'))));
60
//	print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong>  basename: '.basename(__FILE__).'  line: '.__LINE__.' -> <br />';
61
//	print_r( $_POST ); print '</pre>';
62

    
63
			$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'groups` ';
64
			$sql .= 'WHERE `group_id` <> '.$group_id.' AND `name` LIKE BINARY \''.$group_name.'\'';
65

    
66
			if($group_name == '')
67
			{
68
				msgQueue::add($MESSAGE['GROUPS_GROUP_NAME_BLANK']);
69
			} elseif($group_name != '') {
70
		// check request vars and assign values to record
71
				if( $database->get_one($sql) != false )
72
				{
73
					msgQueue::add($MESSAGE['GROUPS_GROUP_NAME_EXISTS']);
74
				} else {
75
					if( $group_id == 0 )
76
					{
77
						$sql  = 'INSERT INTO `'.TABLE_PREFIX.'groups` ';
78
						$where = '';
79
					} else {
80
						$sql  = 'UPDATE `'.TABLE_PREFIX.'groups` ';
81
						$where = 'WHERE `group_id` = '.$group_id;
82
					}
83
                 }
84
			}
85

    
86
		// save new/changed values if no error given before
87
            if( msgQueue::isEmpty() )
88
			{
89
				$sql .= 'SET `name` = \''.$group_name.'\', ';
90
				$sql .= '`system_permissions` = \''.$system_permissions.'\', ';
91
				$sql .= '`module_permissions` = \''.$module_permissions.'\', ';
92
				$sql .= '`template_permissions` = \''.$template_permissions.'\' ';
93
				$sql .= $where;
94
				if( $database->query($sql) )
95
				{
96
	                msgQueue::add($MESSAGE['GROUPS_SAVED'],true);
97
				} else {
98
					msgQueue::add($MESSAGE['RECORD_MODIFIED_FAILED']);
99
				}
100
			}
101
		} else {
102
			msgQueue::add('FTAN-check failed or tried to change admin');
103
		}
104
		$admin->print_header();
105
		return $group_id;
106
	}
(5-5/6)