Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 2012) +++ branches/2.8.x/CHANGELOG (revision 2013) @@ -11,6 +11,8 @@ ! = Update/Change =============================================================================== +04 Nov-2013 Build 2013 Manuela v.d.Decken(DarkViper) +# admin/groups some logical errors fixed 03 Nov-2013 Build 2012 Manuela v.d.Decken(DarkViper) ! upgrade-script:: now repairs mismatched pagelinks from older versions ! upgrade-script:: /temp/TranslationTable/cache/ will be deleted now during upgrade Index: branches/2.8.x/wb/admin/groups/delete.inc.php =================================================================== --- branches/2.8.x/wb/admin/groups/delete.inc.php (revision 2012) +++ branches/2.8.x/wb/admin/groups/delete.inc.php (revision 2013) @@ -15,9 +15,6 @@ * @description all basic actions of this module, called by dispatcher only. */ -// Must include code to stop this file being access directly -if(defined('WB_PATH') == false) { exit("Cannot access this file directly"); } - /* ***************************************************************************** * Delete an existing group and remove existing group in user * @access public @@ -25,62 +22,41 @@ * @param int $group_id: ID from group to delete * @return bool: true or false */ - function delete_group($admin, $group_id = 0) + function delete_group($admin, $iGroupId = 0) { -// global $MESSAGE; - $database = WbDatabase::getInstance(); - $mLang = Translate::getInstance(); + $oDb = WbDatabase::getInstance(); + $oLang = Translate::getInstance(); // first check form-tan - if($admin->checkFTAN()) - { - if($group_id > 1) // prevent admin [ID 1] from being deleted - { - $sql = 'SELECT `name` FROM `'.TABLE_PREFIX.'groups` WHERE `group_id` = '.$group_id; - $groupname = ($database->get_one($sql)); - // $sql = 'SELECT * FROM `'.TABLE_PREFIX.'groups` '; - $sql = 'DELETE FROM `'.TABLE_PREFIX.'groups` '; - $sql .= 'WHERE `group_id` = '.$group_id; - if($database->query($sql) != false) - { - // remove group from users groups_id - msgQueue :: add($mLang->MESSAGE_GROUPS_DELETED,true); - $sql = 'SELECT `user_id`, `groups_id`, `home_folder` FROM `'.TABLE_PREFIX.'users` WHERE user_id != 1'; - if(($res_users = $database->query($sql)) && ($res_users->numRows() > 0) ) - { - while($rec_users = $res_users->fetchRow(MYSQL_ASSOC)) - { - $user_id = $rec_users['user_id']; - $groups_id = explode(',',$rec_users['groups_id']); - - if( is_numeric($x = array_search($group_id, $groups_id)) ) - { - unset($groups_id[$x]); - $groups_id = (sizeof($groups_id) == 0) ? FRONTEND_SIGNUP : implode(',',$groups_id); - $groups_id = ( ($groups_id == 1) && (trim($rec_users['home_folder']) != '') ) ? FRONTEND_SIGNUP : $groups_id; - $sql = 'UPDATE `'.TABLE_PREFIX.'users` SET '; - $sql .= '`groups_id` = \''.$groups_id.'\' '; - $sql .= 'WHERE `user_id` = '.$user_id; - if( $database->query($sql) ) - { - $sql_info = mysql_info($database->db_handle); - if(preg_match('/matched: *([1-9][0-9]*)/i', $sql_info) != 1) - { - msgQueue :: add($mLang->MESSAGE_RECORD_MODIFIED_FAILED ); - } - } else { - - msgQueue :: add($database->get_error()); - } - } - } - } - // $admin->print_success($msg); + if (!$admin->checkFTAN() || $iGroupId <= 1) { + msgQueue::add($oLang->MESSAGE_GENERIC_SECURITY_OFFENSE ); + } else { + // if FTAN is successful checked and not Administrator group is seleced + $sql = 'SELECT GROUP_CONCAT(`username` ORDER BY `username` SEPARATOR \', \') ' + . 'FROM `'.$oDb->TablePrefix.'users` ' + . 'WHERE `groups_id`=\''.(string)$iGroupId.'\''; + if (($sUsers = $oDb->getOne($sql))) { + // sorry, this group has users which having this group as the only one group + msgQueue::add($oLang->MESSAGE_UNABLE_DELETE_GROUP . '
' . $sUsers); + } else { + $sql = 'UPDATE `'.$oDb->TablePrefix.'users` ' + . 'SET `groups_id`=TRIM(BOTH \',\' FROM REPLACE(CONCAT(\',\',`groups_id`,\',\'),\','.$iGroupId.',\',\',\')) ' + . 'WHERE FIND_IN_SET('.$iGroupId.', `groups_id`) AND `user_id`!=1'; + // remove Group from Users + $oDb->doQuery($sql); + $sql = 'SELECT COUNT(*) ' + . 'FROM `'.$oDb->TablePrefix.'users` ' + . 'WHERE FIND_IN_SET('.$iGroupId.', `groups_id`) AND `user_id`!=1'; + if ($oDb->getOne($sql)) { + // the group already has assigned users. + msgQueue::add($oLang->MESSAGE_RECORD_MODIFIED_FAILED ); } else { - msgQueue :: add($mLang->MESSAGE_RECORD_MODIFIED_FAILED ); + $sql = 'DELETE FROM `'.$oDb->TablePrefix.'groups` ' + . 'WHERE `group_id`='.$iGroupId; + // delete the group itself + $oDb->doQuery($sql); + msgQueue::add($oLang->MESSAGE_GROUPS_DELETED,true); } } - } else { - msgQueue :: add($mLang->MESSAGE_GENERIC_SECURITY_OFFENSE ); } $admin->print_header(); return ; Index: branches/2.8.x/wb/admin/groups/languages/EN.php =================================================================== --- branches/2.8.x/wb/admin/groups/languages/EN.php (revision 2012) +++ branches/2.8.x/wb/admin/groups/languages/EN.php (revision 2013) @@ -35,6 +35,7 @@ $MENU['VIEW'] = 'View'; $MESSAGE['PAGES_LAST_MODIFIED'] = 'Last modification by'; +$MESSAGE['UNABLE_DELETE_GROUP'] = 'This group can not be deteted because it is the only one group of following users: '; $TEXT['ACTIONS'] = 'Actions'; $TEXT['ACTIVE'] = 'Active'; Index: branches/2.8.x/wb/admin/groups/languages/DE.php =================================================================== --- branches/2.8.x/wb/admin/groups/languages/DE.php (revision 2012) +++ branches/2.8.x/wb/admin/groups/languages/DE.php (revision 2013) @@ -37,6 +37,7 @@ $MENU['VIEW'] = 'Ansicht'; $MESSAGE['PAGES_LAST_MODIFIED'] = 'Letzte Änderung durch'; +$MESSAGE['UNABLE_DELETE_GROUP'] = 'Diese Gruppe kann nicht gelöscht werden, da es die einzige Gruppe folgender User ist: '; $TEXT['ACTIONS'] = 'Aktionen'; $TEXT['ACTIVE'] = 'Aktiv'; Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 2012) +++ branches/2.8.x/wb/admin/interface/version.php (revision 2013) @@ -51,5 +51,5 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.3'); -if(!defined('REVISION')) define('REVISION', '2012'); +if(!defined('REVISION')) define('REVISION', '2013'); if(!defined('SP')) define('SP', '');