Project

General

Profile

1 1710 Luisehahne
<?php
2
/**
3
 * @category        admin
4
 * @package         groups
5
 * @author          WebsiteBaker Project, Independend-Software-Team
6 1907 Luisehahne
 * @copyright       2009-2013, Website Baker Org. e.V.
7
 * @link            http://www.websitebaker.org/
8 1710 Luisehahne
 * @license         http://www.gnu.org/licenses/gpl.html
9
 * @platform        WebsiteBaker 2.8.x
10
 * @requirements    PHP 5.2.2 and higher
11
 * @version         $Id$
12 1907 Luisehahne
 * @filesource      $HeadURL$
13 1710 Luisehahne
 * @lastmodified    $Date$
14
 * @description     all basic actions of this module, called by dispatcher only.
15
 */
16
17
/* -------------------------------------------------------- */
18
// Must include code to stop this file being accessed directly
19
if(defined('WB_PATH') == false)
20
{
21
	// Stop this file being access directly
22
		die('<h2 style="color:red;margin:3em auto;text-align:center;">Cannot access this file directly</h2>');
23
}
24
/* -------------------------------------------------------- */
25
26
/* *****************************************************************************
27
 * Modify existing groups or insert a new group
28
 * @access public
29
 * @param object &$admin: reference to admin-object
30
 * @param object &$database: reference to database object
31
 * @param int $group_id: ID from group to modify or 0 for a new group
32
 * @return string: parsed HTML-content
33
 */
34
	function save_group($admin, $group_id = 0)
35
	{
36 1883 Luisehahne
//		global $TEXT, $MESSAGE, $HEADING, $MENU;
37 1710 Luisehahne
		include_once('upgradePermissions.php');
38
		include_once(WB_PATH.'/framework/functions.php');
39
		$database = WbDatabase::getInstance();
40 2098 darkviper
		$oLang = Translate::getInstance();
41
		$oLang->enableAddon('admin\groups');
42 1710 Luisehahne
	// check for valid group_id
43
		$sql = '';
44
45 1943 darkviper
		$aSystemPermissionsPages = (isset($_POST["sp_pages"])) ? $_POST["sp_pages"] : array();
46
		$aSystemPermissionsMedia = (isset($_POST["sp_media"])) ? $_POST["sp_media"] : array();
47
		$aSystemPermissionsModules = (isset($_POST["sp_modules"])) ? $_POST["sp_modules"] : array();
48
		$aSystemPermissionsTemplates = (isset($_POST["sp_templates"])) ? $_POST["sp_templates"] : array();
49
		$aSystemPermissionsLanguages = (isset($_POST["sp_languages"])) ? $_POST["sp_languages"] : array();
50
		$aSystemPermissionsSettings = (isset($_POST["sp_settings"])) ? $_POST["sp_settings"] : array();
51
		$aSystemPermissionsAdmintools = (isset($_POST["sp_admintools"])) ? $_POST["sp_admintools"] : array();
52
		$aSystemPermissionsUsers = (isset($_POST["sp_users"])) ? $_POST["sp_users"] : array();
53
		$aSystemPermissionsGroups = (isset($_POST["sp_groups"])) ? $_POST["sp_groups"] : array();
54
		$aSystemPermissionsPreferences = (isset($_POST["sp_preferences"])) ? $_POST["sp_preferences"] : array();
55
		$aSystemPermissions = array_merge($aSystemPermissionsPages, $aSystemPermissionsMedia, $aSystemPermissionsModules,
56
										$aSystemPermissionsTemplates, $aSystemPermissionsLanguages, $aSystemPermissionsSettings,
57
										$aSystemPermissionsAdmintools, $aSystemPermissionsUsers, $aSystemPermissionsGroups,
58
										$aSystemPermissionsPreferences);
59 1710 Luisehahne
60 1943 darkviper
		//addons,modules,modules_advanced,modules_install,modules_view,preferences,preferences_view
61 1710 Luisehahne
	// check FTAN and prevent 'admin'[id=1] from become changed
62
		if( $admin->checkFTAN() && $group_id != 1 )
63
		{
64 1943 darkviper
			$aSystemPermissions   = get_system_permissions ($admin,$aSystemPermissions);
65
			$sSystemPermissions   = set_system_permissions($aSystemPermissions);
66 1710 Luisehahne
67
			$module_permissions   = set_module_permissions($admin);
68
			$module_permissions   = implode (',', $module_permissions);
69
70
			$template_permissions = set_template_permissions($admin);
71
			$template_permissions = implode (',', $template_permissions);
72
73
			// prepare empty record to add new group
74 1868 Luisehahne
			$group_name = $database->escapeString(strip_tags(trim($admin->get_post('name'))));
75 1710 Luisehahne
76
			$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'groups` ';
77
			$sql .= 'WHERE `group_id` <> '.$group_id.' AND `name` LIKE BINARY \''.$group_name.'\'';
78
79
			if($group_name == '')
80
			{
81 2098 darkviper
				msgQueue::add($oLang->MESSAGE_GROUPS_GROUP_NAME_BLANK );
82 1710 Luisehahne
			} elseif($group_name != '') {
83
		// check request vars and assign values to record
84
				if( $database->get_one($sql) != false )
85
				{
86 2098 darkviper
					msgQueue::add($oLang->MESSAGE_GROUPS_GROUP_NAME_EXISTS );
87 1710 Luisehahne
				} else {
88
					if( $group_id == 0 )
89
					{
90
						$sql  = 'INSERT INTO `'.TABLE_PREFIX.'groups` ';
91
						$where = '';
92
					} else {
93
						$sql  = 'UPDATE `'.TABLE_PREFIX.'groups` ';
94
						$where = 'WHERE `group_id` = '.$group_id;
95
					}
96
                 }
97
			}
98
99
		// save new/changed values if no error given before
100
            if( msgQueue::isEmpty() )
101
			{
102
				$sql .= 'SET `name` = \''.$group_name.'\', ';
103 1943 darkviper
				$sql .= '`system_permissions` = \''.$sSystemPermissions.'\', ';
104 1710 Luisehahne
				$sql .= '`module_permissions` = \''.$module_permissions.'\', ';
105
				$sql .= '`template_permissions` = \''.$template_permissions.'\' ';
106
				$sql .= $where;
107
				if( $database->query($sql) )
108
				{
109 2098 darkviper
	                msgQueue::add($oLang->MESSAGE_GROUPS_SAVED ,true);
110 1710 Luisehahne
				} else {
111 2098 darkviper
					msgQueue::add($oLang->MESSAGE_RECORD_MODIFIED_FAILED );
112 1710 Luisehahne
				}
113
			}
114
		} else {
115
			msgQueue::add('FTAN-check failed or tried to change admin');
116
		}
117
		$admin->print_header();
118
		return $group_id;
119 1943 darkviper
	}