| 1 |
1710
|
Luisehahne
|
<?php
|
| 2 |
|
|
/**
|
| 3 |
|
|
* @category admin
|
| 4 |
|
|
* @package groups
|
| 5 |
|
|
* @author WebsiteBaker Project, Independend-Software-Team
|
| 6 |
1907
|
Luisehahne
|
* @copyright 2009-2013, Website Baker Org. e.V.
|
| 7 |
|
|
* @link http://www.websitebaker.org/
|
| 8 |
1710
|
Luisehahne
|
* @license http://www.gnu.org/licenses/gpl.html
|
| 9 |
|
|
* @platform WebsiteBaker 2.8.x
|
| 10 |
|
|
* @requirements PHP 5.2.2 and higher
|
| 11 |
|
|
* @version $Id$
|
| 12 |
1907
|
Luisehahne
|
* @filesource $HeadURL$
|
| 13 |
1710
|
Luisehahne
|
* @lastmodified $Date$
|
| 14 |
|
|
* @description all basic actions of this module, called by dispatcher only.
|
| 15 |
|
|
*/
|
| 16 |
|
|
|
| 17 |
|
|
/* -------------------------------------------------------- */
|
| 18 |
|
|
// Must include code to stop this file being accessed directly
|
| 19 |
|
|
if(defined('WB_PATH') == false)
|
| 20 |
|
|
{
|
| 21 |
|
|
// Stop this file being access directly
|
| 22 |
|
|
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
| 23 |
|
|
}
|
| 24 |
|
|
/* -------------------------------------------------------- */
|
| 25 |
|
|
|
| 26 |
|
|
/* *****************************************************************************
|
| 27 |
|
|
* Modify existing groups or insert a new group
|
| 28 |
|
|
* @access public
|
| 29 |
|
|
* @param object &$admin: reference to admin-object
|
| 30 |
|
|
* @param object &$database: reference to database object
|
| 31 |
|
|
* @param int $group_id: ID from group to modify or 0 for a new group
|
| 32 |
|
|
* @return string: parsed HTML-content
|
| 33 |
|
|
*/
|
| 34 |
|
|
function save_group($admin, $group_id = 0)
|
| 35 |
|
|
{
|
| 36 |
1883
|
Luisehahne
|
// global $TEXT, $MESSAGE, $HEADING, $MENU;
|
| 37 |
1710
|
Luisehahne
|
include_once('upgradePermissions.php');
|
| 38 |
|
|
include_once(WB_PATH.'/framework/functions.php');
|
| 39 |
|
|
$database = WbDatabase::getInstance();
|
| 40 |
1883
|
Luisehahne
|
$mLang = Translate::getInstance();
|
| 41 |
1710
|
Luisehahne
|
// check for valid group_id
|
| 42 |
|
|
$sql = '';
|
| 43 |
|
|
|
| 44 |
|
|
// $system_settings = getSystemDefaultPermissions();
|
| 45 |
|
|
$system_settings = isset($_POST['system_permissions']) ? $_POST['system_permissions'] : array();
|
| 46 |
|
|
|
| 47 |
|
|
// check FTAN and prevent 'admin'[id=1] from become changed
|
| 48 |
|
|
if( $admin->checkFTAN() && $group_id != 1 )
|
| 49 |
|
|
{
|
| 50 |
|
|
$system_permissions = get_system_permissions ($admin,$system_settings);
|
| 51 |
|
|
$system_permissions = set_system_permissions($system_permissions);
|
| 52 |
|
|
|
| 53 |
|
|
$module_permissions = set_module_permissions($admin);
|
| 54 |
|
|
$module_permissions = implode (',', $module_permissions);
|
| 55 |
|
|
|
| 56 |
|
|
$template_permissions = set_template_permissions($admin);
|
| 57 |
|
|
$template_permissions = implode (',', $template_permissions);
|
| 58 |
|
|
|
| 59 |
|
|
// prepare empty record to add new group
|
| 60 |
1868
|
Luisehahne
|
$group_name = $database->escapeString(strip_tags(trim($admin->get_post('name'))));
|
| 61 |
1710
|
Luisehahne
|
// print '<pre style="text-align: left;"><strong>function '.__FUNCTION__.'( '.''.' );</strong> basename: '.basename(__FILE__).' line: '.__LINE__.' -> <br />';
|
| 62 |
|
|
// print_r( $_POST ); print '</pre>';
|
| 63 |
|
|
|
| 64 |
|
|
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'groups` ';
|
| 65 |
|
|
$sql .= 'WHERE `group_id` <> '.$group_id.' AND `name` LIKE BINARY \''.$group_name.'\'';
|
| 66 |
|
|
|
| 67 |
|
|
if($group_name == '')
|
| 68 |
|
|
{
|
| 69 |
1883
|
Luisehahne
|
msgQueue::add($mLang->MESSAGE_GROUPS_GROUP_NAME_BLANK );
|
| 70 |
1710
|
Luisehahne
|
} elseif($group_name != '') {
|
| 71 |
|
|
// check request vars and assign values to record
|
| 72 |
|
|
if( $database->get_one($sql) != false )
|
| 73 |
|
|
{
|
| 74 |
1883
|
Luisehahne
|
msgQueue::add($mLang->MESSAGE_GROUPS_GROUP_NAME_EXISTS );
|
| 75 |
1710
|
Luisehahne
|
} else {
|
| 76 |
|
|
if( $group_id == 0 )
|
| 77 |
|
|
{
|
| 78 |
|
|
$sql = 'INSERT INTO `'.TABLE_PREFIX.'groups` ';
|
| 79 |
|
|
$where = '';
|
| 80 |
|
|
} else {
|
| 81 |
|
|
$sql = 'UPDATE `'.TABLE_PREFIX.'groups` ';
|
| 82 |
|
|
$where = 'WHERE `group_id` = '.$group_id;
|
| 83 |
|
|
}
|
| 84 |
|
|
}
|
| 85 |
|
|
}
|
| 86 |
|
|
|
| 87 |
|
|
// save new/changed values if no error given before
|
| 88 |
|
|
if( msgQueue::isEmpty() )
|
| 89 |
|
|
{
|
| 90 |
|
|
$sql .= 'SET `name` = \''.$group_name.'\', ';
|
| 91 |
|
|
$sql .= '`system_permissions` = \''.$system_permissions.'\', ';
|
| 92 |
|
|
$sql .= '`module_permissions` = \''.$module_permissions.'\', ';
|
| 93 |
|
|
$sql .= '`template_permissions` = \''.$template_permissions.'\' ';
|
| 94 |
|
|
$sql .= $where;
|
| 95 |
|
|
if( $database->query($sql) )
|
| 96 |
|
|
{
|
| 97 |
1883
|
Luisehahne
|
msgQueue::add($mLang->MESSAGE_GROUPS_SAVED ,true);
|
| 98 |
1710
|
Luisehahne
|
} else {
|
| 99 |
1883
|
Luisehahne
|
msgQueue::add($mLang->MESSAGE_RECORD_MODIFIED_FAILED );
|
| 100 |
1710
|
Luisehahne
|
}
|
| 101 |
|
|
}
|
| 102 |
|
|
} else {
|
| 103 |
|
|
msgQueue::add('FTAN-check failed or tried to change admin');
|
| 104 |
|
|
}
|
| 105 |
|
|
$admin->print_header();
|
| 106 |
|
|
return $group_id;
|
| 107 |
|
|
}
|