Revision 2013
Added by darkviper almost 11 years ago
- admin/groups some logical errors fixed
| delete.inc.php | ||
|---|---|---|
| 15 | 15 |
* @description all basic actions of this module, called by dispatcher only. |
| 16 | 16 |
*/ |
| 17 | 17 |
|
| 18 |
// Must include code to stop this file being access directly |
|
| 19 |
if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); }
|
|
| 20 |
|
|
| 21 | 18 |
/* ***************************************************************************** |
| 22 | 19 |
* Delete an existing group and remove existing group in user |
| 23 | 20 |
* @access public |
| ... | ... | |
| 25 | 22 |
* @param int $group_id: ID from group to delete |
| 26 | 23 |
* @return bool: true or false |
| 27 | 24 |
*/ |
| 28 |
function delete_group($admin, $group_id = 0)
|
|
| 25 |
function delete_group($admin, $iGroupId = 0)
|
|
| 29 | 26 |
{
|
| 30 |
// global $MESSAGE; |
|
| 31 |
$database = WbDatabase::getInstance(); |
|
| 32 |
$mLang = Translate::getInstance(); |
|
| 27 |
$oDb = WbDatabase::getInstance(); |
|
| 28 |
$oLang = Translate::getInstance(); |
|
| 33 | 29 |
// first check form-tan |
| 34 |
if($admin->checkFTAN()) |
|
| 35 |
{
|
|
| 36 |
if($group_id > 1) // prevent admin [ID 1] from being deleted |
|
| 37 |
{
|
|
| 38 |
$sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'groups` WHERE `group_id` = '.$group_id; |
|
| 39 |
$groupname = ($database->get_one($sql)); |
|
| 40 |
// $sql = 'SELECT * FROM `'.TABLE_PREFIX.'groups` '; |
|
| 41 |
$sql = 'DELETE FROM `'.TABLE_PREFIX.'groups` '; |
|
| 42 |
$sql .= 'WHERE `group_id` = '.$group_id; |
|
| 43 |
if($database->query($sql) != false) |
|
| 44 |
{
|
|
| 45 |
// remove group from users groups_id |
|
| 46 |
msgQueue :: add($mLang->MESSAGE_GROUPS_DELETED,true); |
|
| 47 |
$sql = 'SELECT `user_id`, `groups_id`, `home_folder` FROM `'.TABLE_PREFIX.'users` WHERE user_id != 1'; |
|
| 48 |
if(($res_users = $database->query($sql)) && ($res_users->numRows() > 0) ) |
|
| 49 |
{
|
|
| 50 |
while($rec_users = $res_users->fetchRow(MYSQL_ASSOC)) |
|
| 51 |
{
|
|
| 52 |
$user_id = $rec_users['user_id']; |
|
| 53 |
$groups_id = explode(',',$rec_users['groups_id']);
|
|
| 54 |
|
|
| 55 |
if( is_numeric($x = array_search($group_id, $groups_id)) ) |
|
| 56 |
{
|
|
| 57 |
unset($groups_id[$x]); |
|
| 58 |
$groups_id = (sizeof($groups_id) == 0) ? FRONTEND_SIGNUP : implode(',',$groups_id);
|
|
| 59 |
$groups_id = ( ($groups_id == 1) && (trim($rec_users['home_folder']) != '') ) ? FRONTEND_SIGNUP : $groups_id; |
|
| 60 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` SET '; |
|
| 61 |
$sql .= '`groups_id` = \''.$groups_id.'\' '; |
|
| 62 |
$sql .= 'WHERE `user_id` = '.$user_id; |
|
| 63 |
if( $database->query($sql) ) |
|
| 64 |
{
|
|
| 65 |
$sql_info = mysql_info($database->db_handle); |
|
| 66 |
if(preg_match('/matched: *([1-9][0-9]*)/i', $sql_info) != 1)
|
|
| 67 |
{
|
|
| 68 |
msgQueue :: add($mLang->MESSAGE_RECORD_MODIFIED_FAILED ); |
|
| 69 |
} |
|
| 70 |
} else {
|
|
| 71 |
|
|
| 72 |
msgQueue :: add($database->get_error()); |
|
| 73 |
} |
|
| 74 |
} |
|
| 75 |
} |
|
| 76 |
} |
|
| 77 |
// $admin->print_success($msg); |
|
| 30 |
if (!$admin->checkFTAN() || $iGroupId <= 1) {
|
|
| 31 |
msgQueue::add($oLang->MESSAGE_GENERIC_SECURITY_OFFENSE ); |
|
| 32 |
} else {
|
|
| 33 |
// if FTAN is successful checked and not Administrator group is seleced |
|
| 34 |
$sql = 'SELECT GROUP_CONCAT(`username` ORDER BY `username` SEPARATOR \', \') ' |
|
| 35 |
. 'FROM `'.$oDb->TablePrefix.'users` ' |
|
| 36 |
. 'WHERE `groups_id`=\''.(string)$iGroupId.'\''; |
|
| 37 |
if (($sUsers = $oDb->getOne($sql))) {
|
|
| 38 |
// sorry, this group has users which having this group as the only one group |
|
| 39 |
msgQueue::add($oLang->MESSAGE_UNABLE_DELETE_GROUP . '<br />' . $sUsers); |
|
| 40 |
} else {
|
|
| 41 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'users` ' |
|
| 42 |
. 'SET `groups_id`=TRIM(BOTH \',\' FROM REPLACE(CONCAT(\',\',`groups_id`,\',\'),\','.$iGroupId.',\',\',\')) ' |
|
| 43 |
. 'WHERE FIND_IN_SET('.$iGroupId.', `groups_id`) AND `user_id`!=1';
|
|
| 44 |
// remove Group from Users |
|
| 45 |
$oDb->doQuery($sql); |
|
| 46 |
$sql = 'SELECT COUNT(*) ' |
|
| 47 |
. 'FROM `'.$oDb->TablePrefix.'users` ' |
|
| 48 |
. 'WHERE FIND_IN_SET('.$iGroupId.', `groups_id`) AND `user_id`!=1';
|
|
| 49 |
if ($oDb->getOne($sql)) {
|
|
| 50 |
// the group already has assigned users. |
|
| 51 |
msgQueue::add($oLang->MESSAGE_RECORD_MODIFIED_FAILED ); |
|
| 78 | 52 |
} else {
|
| 79 |
msgQueue :: add($mLang->MESSAGE_RECORD_MODIFIED_FAILED ); |
|
| 53 |
$sql = 'DELETE FROM `'.$oDb->TablePrefix.'groups` ' |
|
| 54 |
. 'WHERE `group_id`='.$iGroupId; |
|
| 55 |
// delete the group itself |
|
| 56 |
$oDb->doQuery($sql); |
|
| 57 |
msgQueue::add($oLang->MESSAGE_GROUPS_DELETED,true); |
|
| 80 | 58 |
} |
| 81 | 59 |
} |
| 82 |
} else {
|
|
| 83 |
msgQueue :: add($mLang->MESSAGE_GENERIC_SECURITY_OFFENSE ); |
|
| 84 | 60 |
} |
| 85 | 61 |
$admin->print_header(); |
| 86 | 62 |
return ; |
Also available in: Unified diff