<?
/*========================================*\
| Exero CMS |
|==========================================|
| http://ecms.getox.net |
|https://sourceforge.net/projects/exerocms/|
|==========================================|
| Exero CMS is released under the |
| GNU General Public License (GPL) |
| opensource.org/licenses/gpl-license.php |
\*========================================*/
require("global.php");
if(!checkadminsession()) {
print_login();
exit;
}
if(!adminpermissions("managegroups")) {
print_no_permission();
exit;
}
if($_REQUEST['do'] == "") {
print_cp_header("Manage Groups");
print_topmenu(array("groups.php?do=create"=>"Create"),"15","bold");
print_table_header("Groups","2",'',"1");
print_multicol_row(array("Group[align:left]"=>"","Options[align:right]"=>"140"),"optiontitle");
$getusers = $db->query("SELECT * FROM ".TABLE_PREFIX."groups ORDER BY gid ASC");
while($userinfo = $db->fetch_array($getusers)) {
print_multicol_row(array($userinfo['title']."[align:left]"=>"","<a href=\"groups.php?do=edit&group=".$userinfo['gid']."\">Edit</a>, <a href=\"groups.php?do=delete&group=".$userinfo['gid']."\">Delete</a>[align:right]"=>"140"));
}
print_table_footer();
print_cp_footer();
} else if($_REQUEST['do'] == "create") {
$save = 0;
$error = array();
if($_POST['action'] == "submit") {
$save = 1;
// No checks needed, yet.
}
if(!$save) {
print_cp_header("Create Group");
if($showerror) {
print_error($error);
}
print_form_header("groups.php?do=create","edit");
print_form_hiddenfield("action","submit");
print_form_hiddenfield("groupid",$groupinfo['gid']);
print_table_header("Group Information","2",'',"0");
print_form_textbox("Title","title",$groupinfo['title']);
print_form_textbox("User title","usertitle",$groupinfo['usertitle']);
print_table_optiontitle("Permissions",'',"2");
print_form_yesno("<strong>AdminCP</strong>","admincp","0");
$getperms = $db->query("SELECT * FROM permissions WHERE parent='none'");
while($perminfo = $db->fetch_array($getperms)) {
$groupaccess = explode(',',$perminfo['groupaccess']);
print_form_yesno("<strong>".$perminfo['module']."</strong>","modperm".$perminfo['id'],"1");
$getsectperms = $db->query("SELECT * FROM permissions WHERE parent='".$perminfo['module']."'");
while($permsectinfo = $db->fetch_array($getsectperms)) {
$groupaccess = explode(',',$permsectinfo['groupaccess']);
$permsectinfo['section'] = str_replace("_"," ",$permsectinfo['section']);
print_form_yesno("-- ".$permsectinfo['section'],"modperm".$permsectinfo['id'],"1");
}
}
print_table_optiontitle("Admin Permissions",'',"2");
print_form_yesno("Global Settings","globalsettings",$admininfo['globalsettings']);
print_form_yesno("Install Modules","installmodules",$admininfo['installmodules']);
print_form_yesno("Manage Modules","managemodules",$admininfo['managemodules']);
print_form_yesno("Manage Blocks","manageblocks",$admininfo['manageblocks']);
print_form_yesno("Manage Items","manageitems",$admininfo['manageitems']);
print_form_yesno("Manage Pages","managepages",$admininfo['managepages']);
print_form_yesno("Manage Users","manageusers",$admininfo['manageusers']);
print_form_yesno("Manage Groups","managegroups",$admininfo['managegroups']);
print_form_yesno("Use Admin Modules","useadminmodules",$admininfo['useadminmodules']);
print_form_submit("Submit","2","0");
print_table_footer();
print_form_footer();
print_cp_footer();
} else {
$db->query("INSERT INTO ".TABLE_PREFIX."groups VALUES(
'',
'".$db->real_escape_string($_POST['title'])."',
'".$db->real_escape_string($_POST['usertitle'])."',
'".$db->real_escape_string($_POST['admincp'])."')");
$groupid = $db->insert_id();
$getperms = $db->query("SELECT * FROM permissions");
while($perminfo = $db->fetch_array($getperms)) {
$groupaccess = explode(',',$perminfo['groupaccess']);
if($_POST['modperm'.$perminfo['id']] == "1") {
array_push($groupaccess,$groupid);
}
if(is_array($groupaccess)) {
$groupaccess = implode(',',$groupaccess);
}
$db->query("UPDATE permissions SET groupaccess='".$groupaccess."' WHERE id='".$perminfo['id']."' LIMIT 1");
}
if($_POST['admincp'] == "1") {
$db->query("INSERT INTO admin_permissions VALUES(
'".$groupid."',
'".$db->real_escape_string($_POST['globalsettings'])."',
'".$db->real_escape_string($_POST['installmodules'])."',
'".$db->real_escape_string($_POST['managemodules'])."',
'".$db->real_escape_string($_POST['manageblocks'])."',
'".$db->real_escape_string($_POST['managepages'])."',
'".$db->real_escape_string($_POST['manageitems'])."',
'".$db->real_escape_string($_POST['manageusers'])."',
'".$db->real_escape_string($_POST['managegroups'])."',
'".$db->real_escape_string($_POST['useadminmodules'])."')");
}
print_redirect("groups.php","Group Created","Group Created.");
}
} else if($_REQUEST['do'] == "edit") {
$save = 0;
$error = array();
if($_POST['action'] == "submit") {
$save = 1;
// No checks needed, yet.
}
if(!$save) {
print_cp_header("Edit Group");
if($showerror) {
print_error($error);
}
if(isset($_POST['groupid'])) {
$id = $_POST['groupid'];
} else {
$id = $_REQUEST['group'];
}
$groupinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."groups WHERE gid='".$db->real_escape_string($id)."' LIMIT 1");
$admininfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."admin_permissions WHERE groupid='".$db->real_escape_string($id)."' LIMIT 1");
print_form_header("groups.php?do=edit","edit");
print_form_hiddenfield("action","submit");
print_form_hiddenfield("groupid",$groupinfo['gid']);
print_table_header("Group Information","2",'',"0");
print_form_textbox("Title","title",$groupinfo['title']);
print_form_textbox("User title","usertitle",$groupinfo['usertitle']);
print_table_optiontitle("Permissions",'',"2");
print_form_yesno("<strong>AdminCP</strong>","admincp",$groupinfo['admincp']);
$getperms = $db->query("SELECT * FROM permissions WHERE parent='none'");
while($perminfo = $db->fetch_array($getperms)) {
$groupaccess = explode(',',$perminfo['groupaccess']);
if(in_array($groupinfo['gid'],$groupaccess)) {
print_form_yesno("<strong>".$perminfo['module']."</strong>","modperm".$perminfo['id'],"1");
} else {
print_form_yesno("<strong>".$perminfo['module']."</strong>","modperm".$perminfo['id'],"0");
}
$getsectperms = $db->query("SELECT * FROM permissions WHERE parent='".$perminfo['module']."'");
while($permsectinfo = $db->fetch_array($getsectperms)) {
$groupaccess = explode(',',$permsectinfo['groupaccess']);
$permsectinfo['section'] = str_replace("_"," ",$permsectinfo['section']);
if(in_array($groupinfo['gid'],$groupaccess)) {
print_form_yesno("-- ".$permsectinfo['section'],"modperm".$permsectinfo['id'],"1");
} else {
print_form_yesno("-- ".$permsectinfo['section'],"modperm".$permsectinfo['id'],"0");
}
}
}
print_table_optiontitle("Admin Permissions",'',"2");
print_form_yesno("Global Settings","globalsettings",$admininfo['globalsettings']);
print_form_yesno("Install Modules","installmodules",$admininfo['installmodules']);
print_form_yesno("Manage Modules","managemodules",$admininfo['managemodules']);
print_form_yesno("Manage Blocks","manageblocks",$admininfo['manageblocks']);
print_form_yesno("Manage Items","manageitems",$admininfo['manageitems']);
print_form_yesno("Manage Pages","managepages",$admininfo['managepages']);
print_form_yesno("Manage Users","manageusers",$admininfo['manageusers']);
print_form_yesno("Manage Groups","managegroups",$admininfo['managegroups']);
print_form_yesno("Use Admin Modules","useadminmodules",$admininfo['useadminmodules']);
print_form_submit("Submit","2","0");
print_table_footer();
print_form_footer();
print_cp_footer();
} else {
$db->query("UPDATE ".TABLE_PREFIX."groups SET
title='".$db->real_escape_string($_POST['title'])."',
usertitle='".$db->real_escape_string($_POST['usertitle'])."',
admincp='".$db->real_escape_string($_POST['admincp'])."'
WHERE gid='".$db->real_escape_string($_POST['groupid'])."'
");
$getperms = $db->query("SELECT * FROM permissions");
while($perminfo = $db->fetch_array($getperms)) {
$groupaccess = explode(',',$perminfo['groupaccess']);
if($_POST['modperm'.$perminfo['id']] == "1") {
if(!in_array($_POST['groupid'],$groupaccess)) {
array_push($groupaccess,$_POST['groupid']);
}
} else {
if(in_array($_POST['groupid'],$groupaccess)) {
$groupaccess = array_pull($groupaccess,$_POST['groupid']);
}
}
if(is_array($groupaccess)) {
$groupaccess = implode(',',$groupaccess);
}
$db->query("UPDATE permissions SET groupaccess='".$groupaccess."' WHERE id='".$perminfo['id']."' LIMIT 1");
}
if($_POST['admincp'] == "1") {
$checkadminperm = $db->num_rows($db->query("SELECT * FROM admin_permissions WHERE groupid='".$db->real_escape_string($_POST['groupid'])."' LIMIT 1"));
if($checkadminperm == 1) {
$db->query("UPDATE admin_permissions SET
globalsettings='".$db->real_escape_string($_POST['globalsettings'])."',
installmodules='".$db->real_escape_string($_POST['installmodules'])."',
managemodules='".$db->real_escape_string($_POST['managemodules'])."',
manageblocks='".$db->real_escape_string($_POST['manageblocks'])."',
managepages='".$db->real_escape_string($_POST['managepages'])."',
manageitems='".$db->real_escape_string($_POST['manageitems'])."',
manageusers='".$db->real_escape_string($_POST['manageusers'])."',
managegroups='".$db->real_escape_string($_POST['managegroups'])."',
useadminmodules='".$db->real_escape_string($_POST['useadminmodules'])."'
WHERE groupid='".$db->real_escape_string($_POST['groupid'])."' LIMIT 1");
} else {
$db->query("INSERT INTO admin_permissions VALUES(
'".$db->real_escape_string($_POST['groupid'])."',
'".$db->real_escape_string($_POST['globalsettings'])."',
'".$db->real_escape_string($_POST['installmodules'])."',
'".$db->real_escape_string($_POST['managemodules'])."',
'".$db->real_escape_string($_POST['manageblocks'])."',
'".$db->real_escape_string($_POST['managepages'])."',
'".$db->real_escape_string($_POST['manageitems'])."',
'".$db->real_escape_string($_POST['manageusers'])."',
'".$db->real_escape_string($_POST['managegroups'])."',
'".$db->real_escape_string($_POST['useadminmodules'])."')");
}
}
print_redirect("groups.php","Group Saved","Group Saved.");
}
} else if($_REQUEST['do'] == "delete") {
$db->query("DELETE FROM ".TABLE_PREFIX."groups WHERE gid='".$db->real_escape_string($_REQUEST['group'])."'");
print_redirect("groups.php","Group Deleted","Group Deleted.");
}
?>