Location: PHPKode > projects > @1 File Store > control/folders/access.php
<?
require_once("const.php");
if($_SERVER["REQUEST_METHOD"]=="POST")
{
 $action=$_POST["action"];
 switch($action)
 {
  case "add":
   $SQL="INSERT INTO `".DB_PREFIX."access_list` SET `group_id`='".$_POST["group_id"]."'";
   $SQL.=", `folder_id`='".$_POST["folder_id"]."'";
  break;
  case "del":
   $SQL="DELETE FROM `".DB_PREFIX."access_list` WHERE `group_id`='".$_POST["group_id"]."'";
   $SQL.=" AND `folder_id`='".$_POST["folder_id"]."'";
  break;
  default:
   $SQL="SELECT COUNT(*) FROM `".DB_PREFIX."access_list`"; //fake :)
  break;
 }
 if(!$mysql->query($SQL))
 {
  exit($mysql->error);
 }
 Header("Location:access.php?id=".$_POST["folder_id"]);
 exit();
}else
 {
  if(!isset($_GET["id"]) || $_GET["id"]=="")
  {
   exit("Bad request");
  }
 }
$SQL="SELECT * FROM `".DB_PREFIX."folders` WHERE `id`='".$_GET["id"]."'";
if(!$mysql->query($SQL))
{
 exit($mysql->error);
}else
 {
  $smarty->assign("folder", $mysql->arr);
 }
$access=array();
$SQL="SELECT `".DB_PREFIX."user_groups`.`id` AS `uid`, `".DB_PREFIX."user_groups`.`group_name` AS `uname`";
$SQL.=" FROM `".DB_PREFIX."user_groups`, `".DB_PREFIX."access_list`";
$SQL.=" WHERE `".DB_PREFIX."access_list`.`folder_id`='".$_GET["id"]."'";
$SQL.=" AND `".DB_PREFIX."access_list`.`group_id`=`".DB_PREFIX."user_groups`.`id`";
if(!$mysql->query($SQL))
{
 exit($mysql->error);
}
while(!$mysql->EOF)
{
 $access[$mysql->field("uid")]=$mysql->field("uname");
 $mysql->movenext();
}
$smarty->assign("access_list", $access);

$user_groups=array();
$SQL="SELECT * FROM `".DB_PREFIX."user_groups`";
if(!$mysql->query($SQL))
{
 exit($mysql->error);
}
while(!$mysql->EOF)
{
 $user_groups[$mysql->field("id")]=$mysql->field("group_name");
 $mysql->movenext();
}
$smarty->assign("user_groups", $user_groups);

$smarty->display("control/access.tpl");
?>
Web-based Email Marketing Software for sending email newsletters
Return current item: @1 File Store