Location: PHPKode > projects > Exero CMS > upload/admin/groups.php
<?
/*========================================*\
| Exero CMS                                |
|==========================================|
|          http://ecms.getox.net           |
|https://sourceforge.net/projects/exerocms/|
|==========================================|
|     Exero CMS is released under the      |
|     GNU General Public License (GPL)     |
| opensource.org/licenses/gpl-license.php  |
\*========================================*/

require("global.php");
if(!checkadminsession()) {
	print_login();
	exit;
}

if(!adminpermissions("managegroups")) {
	print_no_permission();
	exit;
}

if($_REQUEST['do'] == "") {
	print_cp_header("Manage Groups");
	
	print_topmenu(array("groups.php?do=create"=>"Create"),"15","bold");
	
	print_table_header("Groups","2",'',"1");
	print_multicol_row(array("Group[align:left]"=>"","Options[align:right]"=>"140"),"optiontitle");
	$getusers = $db->query("SELECT * FROM ".TABLE_PREFIX."groups ORDER BY gid ASC");
	while($userinfo = $db->fetch_array($getusers)) {
		print_multicol_row(array($userinfo['title']."[align:left]"=>"","<a href=\"groups.php?do=edit&group=".$userinfo['gid']."\">Edit</a>, <a href=\"groups.php?do=delete&group=".$userinfo['gid']."\">Delete</a>[align:right]"=>"140"));
	}
	print_table_footer();
		
	print_cp_footer();
} else if($_REQUEST['do'] == "create") {
	$save = 0;
	$error = array();
	if($_POST['action'] == "submit") {
		$save = 1;
		// No checks needed, yet.
	}
	if(!$save) {
		print_cp_header("Create Group");
		
		if($showerror) {
			print_error($error);
		}
		
		print_form_header("groups.php?do=create","edit");
		print_form_hiddenfield("action","submit");
		print_form_hiddenfield("groupid",$groupinfo['gid']);
		print_table_header("Group Information","2",'',"0");
		print_form_textbox("Title","title",$groupinfo['title']);
		print_form_textbox("User title","usertitle",$groupinfo['usertitle']);
		print_table_optiontitle("Permissions",'',"2");
		print_form_yesno("<strong>AdminCP</strong>","admincp","0");
		$getperms = $db->query("SELECT * FROM permissions WHERE parent='none'");
		while($perminfo = $db->fetch_array($getperms)) {
			$groupaccess = explode(',',$perminfo['groupaccess']);
			print_form_yesno("<strong>".$perminfo['module']."</strong>","modperm".$perminfo['id'],"1");
			$getsectperms = $db->query("SELECT * FROM permissions WHERE parent='".$perminfo['module']."'");
			while($permsectinfo = $db->fetch_array($getsectperms)) {
				$groupaccess = explode(',',$permsectinfo['groupaccess']);
				$permsectinfo['section'] = str_replace("_","&nbsp;",$permsectinfo['section']);
				print_form_yesno("-- ".$permsectinfo['section'],"modperm".$permsectinfo['id'],"1");
			}
		}
		print_table_optiontitle("Admin Permissions",'',"2");
		print_form_yesno("Global Settings","globalsettings",$admininfo['globalsettings']);
		print_form_yesno("Install Modules","installmodules",$admininfo['installmodules']);
		print_form_yesno("Manage Modules","managemodules",$admininfo['managemodules']);
		print_form_yesno("Manage Blocks","manageblocks",$admininfo['manageblocks']);
		print_form_yesno("Manage Items","manageitems",$admininfo['manageitems']);
		print_form_yesno("Manage Pages","managepages",$admininfo['managepages']);
		print_form_yesno("Manage Users","manageusers",$admininfo['manageusers']);
		print_form_yesno("Manage Groups","managegroups",$admininfo['managegroups']);
		print_form_yesno("Use Admin Modules","useadminmodules",$admininfo['useadminmodules']);
		print_form_submit("Submit","2","0");
		print_table_footer();
		print_form_footer();

		print_cp_footer();
	} else {
		$db->query("INSERT INTO ".TABLE_PREFIX."groups VALUES(
		'',
		'".$db->real_escape_string($_POST['title'])."',
		'".$db->real_escape_string($_POST['usertitle'])."',
		'".$db->real_escape_string($_POST['admincp'])."')");
		$groupid = $db->insert_id();
		
		$getperms = $db->query("SELECT * FROM permissions");
		while($perminfo = $db->fetch_array($getperms)) {
			$groupaccess = explode(',',$perminfo['groupaccess']);
			if($_POST['modperm'.$perminfo['id']] == "1") {
				array_push($groupaccess,$groupid);
			}
			if(is_array($groupaccess)) {
				$groupaccess = implode(',',$groupaccess);
			}
			$db->query("UPDATE permissions SET groupaccess='".$groupaccess."' WHERE id='".$perminfo['id']."' LIMIT 1");
		}
		
		if($_POST['admincp'] == "1") {
				$db->query("INSERT INTO admin_permissions VALUES(
					'".$groupid."',
					'".$db->real_escape_string($_POST['globalsettings'])."',
					'".$db->real_escape_string($_POST['installmodules'])."',
					'".$db->real_escape_string($_POST['managemodules'])."',
					'".$db->real_escape_string($_POST['manageblocks'])."',
					'".$db->real_escape_string($_POST['managepages'])."',
					'".$db->real_escape_string($_POST['manageitems'])."',
					'".$db->real_escape_string($_POST['manageusers'])."',
					'".$db->real_escape_string($_POST['managegroups'])."',
					'".$db->real_escape_string($_POST['useadminmodules'])."')");
		}
		print_redirect("groups.php","Group Created","Group Created.");
	}
} else if($_REQUEST['do'] == "edit") {
	$save = 0;
	$error = array();
	if($_POST['action'] == "submit") {
		$save = 1;
		// No checks needed, yet.
	}
	if(!$save) {
		print_cp_header("Edit Group");
		
		if($showerror) {
			print_error($error);
		}
		if(isset($_POST['groupid'])) {
			$id = $_POST['groupid'];
		} else {
			$id = $_REQUEST['group'];
		}
		$groupinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."groups WHERE gid='".$db->real_escape_string($id)."' LIMIT 1");
		$admininfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."admin_permissions WHERE groupid='".$db->real_escape_string($id)."' LIMIT 1");
		
		print_form_header("groups.php?do=edit","edit");
		print_form_hiddenfield("action","submit");
		print_form_hiddenfield("groupid",$groupinfo['gid']);
		print_table_header("Group Information","2",'',"0");
		print_form_textbox("Title","title",$groupinfo['title']);
		print_form_textbox("User title","usertitle",$groupinfo['usertitle']);
		print_table_optiontitle("Permissions",'',"2");
		print_form_yesno("<strong>AdminCP</strong>","admincp",$groupinfo['admincp']);
		$getperms = $db->query("SELECT * FROM permissions WHERE parent='none'");
		while($perminfo = $db->fetch_array($getperms)) {
			$groupaccess = explode(',',$perminfo['groupaccess']);
			if(in_array($groupinfo['gid'],$groupaccess)) {
				print_form_yesno("<strong>".$perminfo['module']."</strong>","modperm".$perminfo['id'],"1");
			} else {
				print_form_yesno("<strong>".$perminfo['module']."</strong>","modperm".$perminfo['id'],"0");
			}
			$getsectperms = $db->query("SELECT * FROM permissions WHERE parent='".$perminfo['module']."'");
			while($permsectinfo = $db->fetch_array($getsectperms)) {
				$groupaccess = explode(',',$permsectinfo['groupaccess']);
				$permsectinfo['section'] = str_replace("_","&nbsp;",$permsectinfo['section']);
				if(in_array($groupinfo['gid'],$groupaccess)) {
					print_form_yesno("-- ".$permsectinfo['section'],"modperm".$permsectinfo['id'],"1");
				} else {
					print_form_yesno("-- ".$permsectinfo['section'],"modperm".$permsectinfo['id'],"0");
				}
			}
		}
		print_table_optiontitle("Admin Permissions",'',"2");
		print_form_yesno("Global Settings","globalsettings",$admininfo['globalsettings']);
		print_form_yesno("Install Modules","installmodules",$admininfo['installmodules']);
		print_form_yesno("Manage Modules","managemodules",$admininfo['managemodules']);
		print_form_yesno("Manage Blocks","manageblocks",$admininfo['manageblocks']);
		print_form_yesno("Manage Items","manageitems",$admininfo['manageitems']);
		print_form_yesno("Manage Pages","managepages",$admininfo['managepages']);
		print_form_yesno("Manage Users","manageusers",$admininfo['manageusers']);
		print_form_yesno("Manage Groups","managegroups",$admininfo['managegroups']);
		print_form_yesno("Use Admin Modules","useadminmodules",$admininfo['useadminmodules']);
		print_form_submit("Submit","2","0");
		print_table_footer();
		print_form_footer();

		print_cp_footer();
	} else {
		$db->query("UPDATE ".TABLE_PREFIX."groups SET
		title='".$db->real_escape_string($_POST['title'])."',
		usertitle='".$db->real_escape_string($_POST['usertitle'])."',
		admincp='".$db->real_escape_string($_POST['admincp'])."'
		WHERE gid='".$db->real_escape_string($_POST['groupid'])."'
		");
		
		$getperms = $db->query("SELECT * FROM permissions");
		while($perminfo = $db->fetch_array($getperms)) {
			$groupaccess = explode(',',$perminfo['groupaccess']);
			if($_POST['modperm'.$perminfo['id']] == "1") {
				if(!in_array($_POST['groupid'],$groupaccess)) {
					array_push($groupaccess,$_POST['groupid']);
				}
			} else {
				if(in_array($_POST['groupid'],$groupaccess)) {
					$groupaccess = array_pull($groupaccess,$_POST['groupid']);
				}
			}
			if(is_array($groupaccess)) {
				$groupaccess = implode(',',$groupaccess);
			}
			$db->query("UPDATE permissions SET groupaccess='".$groupaccess."' WHERE id='".$perminfo['id']."' LIMIT 1");
		}
		
		if($_POST['admincp'] == "1") {
		
			$checkadminperm = $db->num_rows($db->query("SELECT * FROM admin_permissions WHERE groupid='".$db->real_escape_string($_POST['groupid'])."' LIMIT 1"));
			if($checkadminperm == 1) {
			$db->query("UPDATE admin_permissions SET
				globalsettings='".$db->real_escape_string($_POST['globalsettings'])."',
				installmodules='".$db->real_escape_string($_POST['installmodules'])."',
				managemodules='".$db->real_escape_string($_POST['managemodules'])."',
				manageblocks='".$db->real_escape_string($_POST['manageblocks'])."',
				managepages='".$db->real_escape_string($_POST['managepages'])."',
				manageitems='".$db->real_escape_string($_POST['manageitems'])."',
				manageusers='".$db->real_escape_string($_POST['manageusers'])."',
				managegroups='".$db->real_escape_string($_POST['managegroups'])."',
				useadminmodules='".$db->real_escape_string($_POST['useadminmodules'])."'
				WHERE groupid='".$db->real_escape_string($_POST['groupid'])."' LIMIT 1");
			} else {
				$db->query("INSERT INTO admin_permissions VALUES(
					'".$db->real_escape_string($_POST['groupid'])."',
					'".$db->real_escape_string($_POST['globalsettings'])."',
					'".$db->real_escape_string($_POST['installmodules'])."',
					'".$db->real_escape_string($_POST['managemodules'])."',
					'".$db->real_escape_string($_POST['manageblocks'])."',
					'".$db->real_escape_string($_POST['managepages'])."',
					'".$db->real_escape_string($_POST['manageitems'])."',
					'".$db->real_escape_string($_POST['manageusers'])."',
					'".$db->real_escape_string($_POST['managegroups'])."',
					'".$db->real_escape_string($_POST['useadminmodules'])."')");
			}
		}
		print_redirect("groups.php","Group Saved","Group Saved.");
	}
} else if($_REQUEST['do'] == "delete") {
	$db->query("DELETE FROM ".TABLE_PREFIX."groups WHERE gid='".$db->real_escape_string($_REQUEST['group'])."'");
	print_redirect("groups.php","Group Deleted","Group Deleted.");
}
?>
Return current item: Exero CMS