Project

General

Profile

1
<?php
2
/**
3
 * @category        admin
4
 * @package         groups
5
 * @author          WebsiteBaker Project, Independend-Software-Team
6
 * @copyright       2009-2013, Website Baker Org. e.V.
7
 * @link            http://www.websitebaker.org/
8
 * @license         http://www.gnu.org/licenses/gpl.html
9
 * @platform        WebsiteBaker 2.8.x
10
 * @requirements    PHP 5.2.2 and higher
11
 * @version         $Id: save.inc.php 2070 2014-01-03 01:21:42Z darkviper $
12
 * @filesource      $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/admin/groups/save.inc.php $
13
 * @lastmodified    $Date: 2014-01-03 02:21:42 +0100 (Fri, 03 Jan 2014) $
14
 * @description     all basic actions of this module, called by dispatcher only.
15
 */
16

    
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(defined('WB_PATH') == false)
20
{
21
	// Stop this file being access directly
22
		die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
23
}
24
/* -------------------------------------------------------- */
25

    
26
/* *****************************************************************************
27
 * Modify existing groups or insert a new group
28
 * @access public
29
 * @param object &$admin: reference to admin-object
30
 * @param object &$database: reference to database object
31
 * @param int $group_id: ID from group to modify or 0 for a new group
32
 * @return string: parsed HTML-content
33
 */
34
	function save_group($admin, $group_id = 0)
35
	{
36
//		global $TEXT, $MESSAGE, $HEADING, $MENU;
37
		include_once('upgradePermissions.php');
38
		include_once(WB_PATH.'/framework/functions.php');
39
		$database = WbDatabase::getInstance();
40
		$mLang = Translate::getInstance();
41
	// check for valid group_id
42
		$sql = '';
43

    
44
		$aSystemPermissionsPages = (isset($_POST["sp_pages"])) ? $_POST["sp_pages"] : array();
45
		$aSystemPermissionsMedia = (isset($_POST["sp_media"])) ? $_POST["sp_media"] : array();
46
		$aSystemPermissionsModules = (isset($_POST["sp_modules"])) ? $_POST["sp_modules"] : array();
47
		$aSystemPermissionsTemplates = (isset($_POST["sp_templates"])) ? $_POST["sp_templates"] : array();
48
		$aSystemPermissionsLanguages = (isset($_POST["sp_languages"])) ? $_POST["sp_languages"] : array();
49
		$aSystemPermissionsSettings = (isset($_POST["sp_settings"])) ? $_POST["sp_settings"] : array();
50
		$aSystemPermissionsAdmintools = (isset($_POST["sp_admintools"])) ? $_POST["sp_admintools"] : array();
51
		$aSystemPermissionsUsers = (isset($_POST["sp_users"])) ? $_POST["sp_users"] : array();
52
		$aSystemPermissionsGroups = (isset($_POST["sp_groups"])) ? $_POST["sp_groups"] : array();
53
		$aSystemPermissionsPreferences = (isset($_POST["sp_preferences"])) ? $_POST["sp_preferences"] : array();
54
		$aSystemPermissions = array_merge($aSystemPermissionsPages, $aSystemPermissionsMedia, $aSystemPermissionsModules,
55
										$aSystemPermissionsTemplates, $aSystemPermissionsLanguages, $aSystemPermissionsSettings,
56
										$aSystemPermissionsAdmintools, $aSystemPermissionsUsers, $aSystemPermissionsGroups,
57
										$aSystemPermissionsPreferences);
58

    
59
		//addons,modules,modules_advanced,modules_install,modules_view,preferences,preferences_view
60
	// check FTAN and prevent 'admin'[id=1] from become changed
61
		if( $admin->checkFTAN() && $group_id != 1 )
62
		{
63
			$aSystemPermissions   = get_system_permissions ($admin,$aSystemPermissions);
64
			$sSystemPermissions   = set_system_permissions($aSystemPermissions);
65

    
66
			$module_permissions   = set_module_permissions($admin);
67
			$module_permissions   = implode (',', $module_permissions);
68

    
69
			$template_permissions = set_template_permissions($admin);
70
			$template_permissions = implode (',', $template_permissions);
71

    
72
			// prepare empty record to add new group
73
			$group_name = $database->escapeString(strip_tags(trim($admin->get_post('name'))));
74

    
75
			$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'groups` ';
76
			$sql .= 'WHERE `group_id` <> '.$group_id.' AND `name` LIKE BINARY \''.$group_name.'\'';
77

    
78
			if($group_name == '')
79
			{
80
				msgQueue::add($mLang->MESSAGE_GROUPS_GROUP_NAME_BLANK );
81
			} elseif($group_name != '') {
82
		// check request vars and assign values to record
83
				if( $database->get_one($sql) != false )
84
				{
85
					msgQueue::add($mLang->MESSAGE_GROUPS_GROUP_NAME_EXISTS );
86
				} else {
87
					if( $group_id == 0 )
88
					{
89
						$sql  = 'INSERT INTO `'.TABLE_PREFIX.'groups` ';
90
						$where = '';
91
					} else {
92
						$sql  = 'UPDATE `'.TABLE_PREFIX.'groups` ';
93
						$where = 'WHERE `group_id` = '.$group_id;
94
					}
95
                 }
96
			}
97

    
98
		// save new/changed values if no error given before
99
            if( msgQueue::isEmpty() )
100
			{
101
				$sql .= 'SET `name` = \''.$group_name.'\', ';
102
				$sql .= '`system_permissions` = \''.$sSystemPermissions.'\', ';
103
				$sql .= '`module_permissions` = \''.$module_permissions.'\', ';
104
				$sql .= '`template_permissions` = \''.$template_permissions.'\' ';
105
				$sql .= $where;
106
				if( $database->query($sql) )
107
				{
108
	                msgQueue::add($mLang->MESSAGE_GROUPS_SAVED ,true);
109
				} else {
110
					msgQueue::add($mLang->MESSAGE_RECORD_MODIFIED_FAILED );
111
				}
112
			}
113
		} else {
114
			msgQueue::add('FTAN-check failed or tried to change admin');
115
		}
116
		$admin->print_header();
117
		return $group_id;
118
	}
(5-5/6)