1 |
1710
|
Luisehahne
|
<?php
|
2 |
|
|
/**
|
3 |
|
|
* @category admin
|
4 |
|
|
* @package groups
|
5 |
|
|
* @author WebsiteBaker Project, Independend-Software-Team
|
6 |
1907
|
Luisehahne
|
* @copyright 2009-2013, Website Baker Org. e.V.
|
7 |
|
|
* @link http://www.websitebaker.org/
|
8 |
1710
|
Luisehahne
|
* @license http://www.gnu.org/licenses/gpl.html
|
9 |
|
|
* @platform WebsiteBaker 2.8.x
|
10 |
|
|
* @requirements PHP 5.2.2 and higher
|
11 |
|
|
* @version $Id$
|
12 |
1907
|
Luisehahne
|
* @filesource $HeadURL$
|
13 |
1710
|
Luisehahne
|
* @lastmodified $Date$
|
14 |
|
|
* @description all basic actions of this module, called by dispatcher only.
|
15 |
|
|
*/
|
16 |
|
|
|
17 |
|
|
/* -------------------------------------------------------- */
|
18 |
|
|
// Must include code to stop this file being accessed directly
|
19 |
|
|
if(defined('WB_PATH') == false)
|
20 |
|
|
{
|
21 |
|
|
// Stop this file being access directly
|
22 |
|
|
die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
|
23 |
|
|
}
|
24 |
|
|
/* -------------------------------------------------------- */
|
25 |
|
|
|
26 |
|
|
/* *****************************************************************************
|
27 |
|
|
* Modify existing groups or insert a new group
|
28 |
|
|
* @access public
|
29 |
|
|
* @param object &$admin: reference to admin-object
|
30 |
|
|
* @param object &$database: reference to database object
|
31 |
|
|
* @param int $group_id: ID from group to modify or 0 for a new group
|
32 |
|
|
* @return string: parsed HTML-content
|
33 |
|
|
*/
|
34 |
|
|
function save_group($admin, $group_id = 0)
|
35 |
|
|
{
|
36 |
1883
|
Luisehahne
|
// global $TEXT, $MESSAGE, $HEADING, $MENU;
|
37 |
1710
|
Luisehahne
|
include_once('upgradePermissions.php');
|
38 |
|
|
include_once(WB_PATH.'/framework/functions.php');
|
39 |
|
|
$database = WbDatabase::getInstance();
|
40 |
1883
|
Luisehahne
|
$mLang = Translate::getInstance();
|
41 |
1710
|
Luisehahne
|
// check for valid group_id
|
42 |
|
|
$sql = '';
|
43 |
|
|
|
44 |
1943
|
darkviper
|
$aSystemPermissionsPages = (isset($_POST["sp_pages"])) ? $_POST["sp_pages"] : array();
|
45 |
|
|
$aSystemPermissionsMedia = (isset($_POST["sp_media"])) ? $_POST["sp_media"] : array();
|
46 |
|
|
$aSystemPermissionsModules = (isset($_POST["sp_modules"])) ? $_POST["sp_modules"] : array();
|
47 |
|
|
$aSystemPermissionsTemplates = (isset($_POST["sp_templates"])) ? $_POST["sp_templates"] : array();
|
48 |
|
|
$aSystemPermissionsLanguages = (isset($_POST["sp_languages"])) ? $_POST["sp_languages"] : array();
|
49 |
|
|
$aSystemPermissionsSettings = (isset($_POST["sp_settings"])) ? $_POST["sp_settings"] : array();
|
50 |
|
|
$aSystemPermissionsAdmintools = (isset($_POST["sp_admintools"])) ? $_POST["sp_admintools"] : array();
|
51 |
|
|
$aSystemPermissionsUsers = (isset($_POST["sp_users"])) ? $_POST["sp_users"] : array();
|
52 |
|
|
$aSystemPermissionsGroups = (isset($_POST["sp_groups"])) ? $_POST["sp_groups"] : array();
|
53 |
|
|
$aSystemPermissionsPreferences = (isset($_POST["sp_preferences"])) ? $_POST["sp_preferences"] : array();
|
54 |
|
|
$aSystemPermissions = array_merge($aSystemPermissionsPages, $aSystemPermissionsMedia, $aSystemPermissionsModules,
|
55 |
|
|
$aSystemPermissionsTemplates, $aSystemPermissionsLanguages, $aSystemPermissionsSettings,
|
56 |
|
|
$aSystemPermissionsAdmintools, $aSystemPermissionsUsers, $aSystemPermissionsGroups,
|
57 |
|
|
$aSystemPermissionsPreferences);
|
58 |
1710
|
Luisehahne
|
|
59 |
1943
|
darkviper
|
//addons,modules,modules_advanced,modules_install,modules_view,preferences,preferences_view
|
60 |
1710
|
Luisehahne
|
// check FTAN and prevent 'admin'[id=1] from become changed
|
61 |
|
|
if( $admin->checkFTAN() && $group_id != 1 )
|
62 |
|
|
{
|
63 |
1943
|
darkviper
|
$aSystemPermissions = get_system_permissions ($admin,$aSystemPermissions);
|
64 |
|
|
$sSystemPermissions = set_system_permissions($aSystemPermissions);
|
65 |
1710
|
Luisehahne
|
|
66 |
|
|
$module_permissions = set_module_permissions($admin);
|
67 |
|
|
$module_permissions = implode (',', $module_permissions);
|
68 |
|
|
|
69 |
|
|
$template_permissions = set_template_permissions($admin);
|
70 |
|
|
$template_permissions = implode (',', $template_permissions);
|
71 |
|
|
|
72 |
|
|
// prepare empty record to add new group
|
73 |
1868
|
Luisehahne
|
$group_name = $database->escapeString(strip_tags(trim($admin->get_post('name'))));
|
74 |
1710
|
Luisehahne
|
|
75 |
|
|
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'groups` ';
|
76 |
|
|
$sql .= 'WHERE `group_id` <> '.$group_id.' AND `name` LIKE BINARY \''.$group_name.'\'';
|
77 |
|
|
|
78 |
|
|
if($group_name == '')
|
79 |
|
|
{
|
80 |
1883
|
Luisehahne
|
msgQueue::add($mLang->MESSAGE_GROUPS_GROUP_NAME_BLANK );
|
81 |
1710
|
Luisehahne
|
} elseif($group_name != '') {
|
82 |
|
|
// check request vars and assign values to record
|
83 |
|
|
if( $database->get_one($sql) != false )
|
84 |
|
|
{
|
85 |
1883
|
Luisehahne
|
msgQueue::add($mLang->MESSAGE_GROUPS_GROUP_NAME_EXISTS );
|
86 |
1710
|
Luisehahne
|
} else {
|
87 |
|
|
if( $group_id == 0 )
|
88 |
|
|
{
|
89 |
|
|
$sql = 'INSERT INTO `'.TABLE_PREFIX.'groups` ';
|
90 |
|
|
$where = '';
|
91 |
|
|
} else {
|
92 |
|
|
$sql = 'UPDATE `'.TABLE_PREFIX.'groups` ';
|
93 |
|
|
$where = 'WHERE `group_id` = '.$group_id;
|
94 |
|
|
}
|
95 |
|
|
}
|
96 |
|
|
}
|
97 |
|
|
|
98 |
|
|
// save new/changed values if no error given before
|
99 |
|
|
if( msgQueue::isEmpty() )
|
100 |
|
|
{
|
101 |
|
|
$sql .= 'SET `name` = \''.$group_name.'\', ';
|
102 |
1943
|
darkviper
|
$sql .= '`system_permissions` = \''.$sSystemPermissions.'\', ';
|
103 |
1710
|
Luisehahne
|
$sql .= '`module_permissions` = \''.$module_permissions.'\', ';
|
104 |
|
|
$sql .= '`template_permissions` = \''.$template_permissions.'\' ';
|
105 |
|
|
$sql .= $where;
|
106 |
|
|
if( $database->query($sql) )
|
107 |
|
|
{
|
108 |
1883
|
Luisehahne
|
msgQueue::add($mLang->MESSAGE_GROUPS_SAVED ,true);
|
109 |
1710
|
Luisehahne
|
} else {
|
110 |
1883
|
Luisehahne
|
msgQueue::add($mLang->MESSAGE_RECORD_MODIFIED_FAILED );
|
111 |
1710
|
Luisehahne
|
}
|
112 |
|
|
}
|
113 |
|
|
} else {
|
114 |
|
|
msgQueue::add('FTAN-check failed or tried to change admin');
|
115 |
|
|
}
|
116 |
|
|
$admin->print_header();
|
117 |
|
|
return $group_id;
|
118 |
1943
|
darkviper
|
}
|