Location: PHPKode > projects > phpMyOrdering > phpMyOrdering-0.1.7-alpha/phpMyPurchasing-0.1.2-alpha/scripts/classes/class.permissions.php
<?PHP
/*
 * phpMyPurchasing - All rights reserved.
 * Jason Gerfen [hide@address.com]
 *
 * class.permissions.php - Permissions management libs
 *
 */

class permissions
{

 function process($token,$get,$post,$server)
 {
  global $errors, $handles, $defined;

  $user_details = $handles['encrypt']->DecodeAuthTokenHeavy( $token );
		$user = $user_details[0];
  $group = $user_details[3];

  $post = array_merge($post,$this->GenAllErrors($post));

		if(!empty($post['cmd'])) {
			if((!empty($post['txtObjectName']))&&(!empty($post['txtObjectID']))&&(!empty($post['txtObjectOwner']))) {
				if(($handles['val']->ValidateParagraph($post['txtObjectName'])!==-1)||($handles['val']->ValidateParagraph($post['txtObjectID'])!==-1)||($handles['val']->ValidateParagraph($post['txtObjectOwner'])!==-1)) {
echo "<pre>"; print_r($post); echo "</pre>";
 				if($post['cmd']==="addObject") {
      $flag = 'add';
      $sql['main'] = $this->add($token,$order,$post,$user);
      if(count($post['txtObjectUser'])>0) {
       foreach($post['txtObjectUser'] as $key => $value) {
        $u = (empty($value['id'])) ? $value['User'] : $value['name'];
        if(strncmp($u,"Select User...",strlen($u))!==0) {
         $sql['user'][$u] = $this->uadd($value['id'],$post['txtObjectID'],$u,$value['read'],$value['write']);
        }
       }
      }
      if(count($post['txtObjectGroup'])>0) {
       foreach($post['txtObjectGroup'] as $key => $value) {
        $g = (empty($value['id'])) ? $value['Group'] : $value['name'];
        if(strncmp($g,"Select Group...",strlen($g))!==0) {
         $sql['group'][$g] = $this->gadd($value['id'],$post['txtObjectID'],$g,$value['read'],$value['write']);
        }
       }
      }
					}
 				if($post['cmd']==="editObject") {
      $flag = 'edit';
				  $sql['main'] = $this->edit($post);
      if(count($post['txtObjectUser'])>0) {
       foreach($post['txtObjectUser'] as $key => $value) {
        $u = (empty($value['id'])) ? $value['User'] : $value['name'];
        $sql['user'][$u] = $this->uedit($value['id'],$post['txtObjectID'],$u,$value['read'],$value['write']);
       }
      }
      if(count($post['txtObjectGroup'])>0) {
       foreach($post['txtObjectGroup'] as $key => $value) {
        $g = (empty($value['id'])) ? $value['Group'] : $value['name'];
        $sql['group'][$g] = $this->gedit($value['id'],$post['txtObjectID'],$g,$value['read'],$value['write']);
       }
      }
 				}
 				if($post['cmd']==="delObject") {
      $flag = 'del';
				  $sql['main'] = $this->delete($post);
      $sql['user'] = $this->udelete($post);
      $sql['group'] = $this->gdelete($post);
 				}
echo "<pre>"; print_r($sql); echo "</pre>";
     $result = $this->execute($sql);
     if($result==='-1'){
      $x = $defined['error']; $class = "error";
      $message = "A database error occured when saving changes to '$post[txtObjectName]'";
     } else {
      $x = $defined['good']; $class = "good";
      $message = "Changes to '$post[txtObjectName]' were successful. $result changes were made.";
     }

     $post['error'] = '<div class="'.$class.'">' . $handles['err']->GenerateErrorImg( $x, "help/help.html", NULL, '800', '800' ) . '&nbsp;' . $message . '</div>';

				} else {
					$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html", "", '800', '800' );
     $list = "<ul>";
     if($handles['val']->ValidateParagraph($post['txtObjectName'])===-1){ $list .= "<li>Object name is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtObjectNameErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtObjectID'])===-1){ $list .= "<li>ID field is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtObjectIDErr'] = $erlink; }
					if($handles['val']->ValidateParagraph($post['txtObjectOwner'])===-1){ $list .= "<li>Object owner field is invalid. Allowed: [ -?!#$&+0-9=?A-Z^_.,]</li>"; $post['txtObjectOwnerErr'] = $erlink; }
					$list .= "</ul>";
					$post['error'] = '<div class="error">' . $list . '</div>';
				}
			} else {
				$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html", "", '800', '800' );
    $list = "<ul>";
				if(empty($post['txtObjectName'])){ $list .= "<li>Object name is missing</li>"; $post['txtObjectNameErr'] = $erlink; }
				if(empty($post['txtObjectID'])){ $list .= "<li>Object ID is missing</li>"; $post['txtObjectIDErr'] = $erlink; }
				if(empty($post['txtObjectOwner'])){ $list .= "<li>Object owner is missing</li>"; $post['txtObjectOwnerErr'] = $erlink; }
				$list .= "</ul>";
				$post['error'] = '<div class="error">' . $list . '</div>';
			}
		} else {
   $post = array_merge($post, $this->GenAllValues());
   $post['txtObjectOwner'] = $user;
  }

  if(count($post['txtObjectGroup'])>0) {
   $post['groups'] = $this->GenOjectGroup($post['txtObjectGroup']);
  }
  if(count($post['txtObjectUser'])>0) {
   $post['users'] = $this->GenOjectUser($post['txtObjectUser']);
  }

  if(function_exists("json_encode")) {
   $jsonObjects = json_encode( array_map( $handles['val']->ValidateXSS, $this->getPermissionObjects($token) ) );
   $jsonGroups = json_encode( array_map( $handles['val']->ValidateXSS, $this->getGroupInfo($token)));
   $jsonUsers = json_encode( array_map( $handles['val']->ValidateXSS, $this->getGroupUsers($group)));
  } else {
   $jsonObjects = $handles['misc']->arr2json( array_map( $handles['val']->ValidateXSS, $this->getPermissionObjects($token) ) );
   $jsonGroups = $handles['misc']->arr2json( array_map( $handles['val']->ValidateXSS, $this->getGroupInfo($token) ) );
   $jsonUsers = $handles['misc']->arr2json( array_map( $handles['val']->ValidateXSS, $this->getGroupUsers($group) ) );
  }
  $post['jsonPermissions'] = 'var permissions = ' . $jsonObjects . ';';
  $post['jsonGroups'] = 'var groups = ' . $jsonGroups . ';';
  $post['jsonUsers'] = 'var users = ' . $jsonUsers . ';';

  return $post;
 }

 function genAllValues()
 {
  $post['txtObjectName'] = '';
  $post['txtObjectID'] = '';
  $post['txtObjectOwner'] = '';
  return $post;
 }

 function genAllErrors($post)
 {
  $post['groups'] = '';
  $post['users'] = '';
  $post['error'] = '';
  $post['txtObjectNameErr'] = '*';
  $post['txtObjectIDErr'] = '*';
  $post['txtObjectOwnerErr'] = '*';
  $post['txtObjectGroupsErr'] = '*';
  $post['txtObjectUsersErr'] = '*';
  return $post;
 }

 function getPermissionObjects($token)
	{
		global $defined;
  global $handles;

  $details = $handles['encrypt']->DecodeAuthTokenHeavy($token);
  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
  $sql = "SELECT * FROM `resources` ORDER BY `txtObjectName` ASC LIMIT 15";
		if(($value = $handles['db']->dbQuery($handles['val']->ValidateSQL($sql, $dbconn), $dbconn))!==-1) {
   if($handles['db']->dbNumRows($value)>0) {
				$data = $handles['db']->dbArrayResultsAssoc($value);
			}
		}
		$handles['misc']->CleanUpVars($details, NULL);
  $handles['db']->dbFixTable("resources", $dbconn);
  $handles['db']->dbFreeData($dbconn);
  $handles['db']->dbCloseConn($dbconn);
  return $data;
	}

 function getGroupInfo($token)
	{
		global $defined;
  global $handles;

  //$details = $handles['encrypt']->DecodeAuthTokenHeavy($token);
  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
  $sql = "SELECT * FROM `groups`";
		if(($value = $handles['db']->dbQuery($handles['val']->ValidateSQL($sql, $dbconn), $dbconn))!==-1) {
   if($handles['db']->dbNumRows($value)>0) {
				$data = $handles['db']->dbArrayResultsAssoc($value);
			}
		}
		$handles['misc']->CleanUpVars($details, NULL);
  $handles['db']->dbFixTable("groups", $dbconn);
  $handles['db']->dbFreeData($dbconn);
  $handles['db']->dbCloseConn($dbconn);
  return $data;
	}

 function getGroupUsers($group)
	{
		global $defined;
  global $handles;

  $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
  if($group!=="admin") {
   $sql = "SELECT `txtUserName` FROM `users` WHERE `group` = \"" . $group . "\"";
  } else {
   $sql = "SELECT `txtUserName` FROM `users`";
  }
		if(($value = $handles['db']->dbQuery($handles['val']->ValidateSQL($sql, $dbconn), $dbconn))!==-1) {
   if($handles['db']->dbNumRows($value)>0) {
				$data = $handles['db']->dbArrayResultsAssoc($value);
			}
		}
		$handles['misc']->CleanUpVars($details, NULL);
  $handles['db']->dbFixTable("groups", $dbconn);
  $handles['db']->dbFreeData($dbconn);
  $handles['db']->dbCloseConn($dbconn);
  return $data;
	}

 function add($token,$order,$post,$user)
 {
  return "INSERT INTO `resources` (`txtObjectID`,`txtObjectName`,`txtObjectOwner`) VALUES (\"" . $post['txtObjectID'] . "\",\"" . $post['txtObjectName'] . "\",\"" . $post['txtObjectOwner'] . "\") ON DUPLICATE KEY UPDATE `txtObjectID` = \"" . $post['txtObjectID'] . "\",`txtObjectName` = \"" . $post['txtObjectName'] . "\",`txtObjectOwner` = \"" . $post['txtObjectOwner'] . "\"";
 }

 function uadd($id,$resource,$user,$read,$write)
 {
  global $handles;
  if((!empty($id))&&($handles['val']->ValidateInteger($id)!==-1)) {
   return "UPDATE `uresources` SET `txtObjectID` = \"" . $resource . "\",`txtObjectUser` = \"" . $user . "\",`txtObjectRead` = \"" . $read . "\", `txtObjectWrite` = \"" . $write . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
  } else {
   return "INSERT INTO `uresources` (`txtObjectID`,`txtObjectUser`,`txtObjectRead`,`txtObjectWrite`) VALUES (\"" . $resource . "\",\"" . $user . "\",\"" . $read . "\",\"" . $write . "\") ON DUPLICATE KEY UPDATE `txtObjectID` = \"" . $resource . "\", `txtObjectUser` = \"" . $user . "\", `txtObjectRead` = \"" . $read . "\", `txtObjectWrite` = \"" . $write . "\"";
  }
 }

 function gadd($id,$resource,$group,$read,$write)
 {
  global $handles;
  if((!empty($id))&&($handles['val']->ValidateInteger($id)!==-1)) {
   return "UPDATE `gresources` SET `txtObjectID` = \"" . $resource . "\",`txtObjectGroup` = \"" . $group . "\",`txtObjectRead` = \"" . $read . "\", `txtObjectWrite` = \"" . $write . "\" WHERE `id` = \"" . $id . "\" LIMIT 1";
  } else {
   return "INSERT INTO `gresources` (`txtObjectID`,`txtObjectGroup`,`txtObjectRead`,`txtObjectWrite`) VALUES (\"" . $resource . "\",\"" . $group . "\",\"" . $read . "\",\"" . $write . "\") ON DUPLICATE KEY UPDATE `txtObjectID` = \"" . $resource . "\", `txtObjectGroup` = \"" . $group . "\", `txtObjectRead` = \"" . $read . "\", `txtObjectWrite` = \"" . $write . "\"";
  }
 }

 function edit($post)
 {
  return "UPDATE `resources` SET `txtObjectID` = \"" . $post['txtObjectID'] . "\",`txtObjectName` = \"" . $post['txtObjectName'] . "\",`txtObjectOwner` = \"" . $post['txtObjectOwner'] . "\" WHERE `txtObjectID` = \"" . $post['txtObjectID'] . "\" LIMIT 1";
 }
 
 function uedit($post)
 {
  return "UPDATE `uresources` SET `txtObjectID` = \"" . $post['txtObjectID'] . "\",`txtObjectUser` = \"" . $post['txtObjectUser'] . "\",`txtObjectRead` = \"" . $post['txtObjectRead'] . "\", `txtObjectWrite` = \"" . $post['txtObjectWrite'] . "\" WHERE `txtObjectID` = \"" . $post['txtObjectID'] . "\" LIMIT 1";
 }
 
 function gedit($post)
 {
  return "UPDATE `gresources` SET `txtObjectID` = \"" . $post['txtObjectID'] . "\",`txtObjectGroup` = \"" . $post['txtObjectGroup'] . "\",`txtObjectRead` = \"" . $post['txtObjectRead'] . "\", `txtObjectWrite` = \"" . $post['txtObjectWrite'] . "\" WHERE `txtObjectID` = \"" . $post['txtObjectID'] . "\" LIMIT 1";
 }

 function delete($post)
 {
  return "DELETE FROM `resources` WHERE `txtObjectID` = \"" . $post['txtObjectID'] . "\" LIMIT 1";
 }

 function udelete($post)
 {
  return "DELETE FROM `uresources` WHERE `txtObjectID` = \"" . $post['txtObjectID'] . "\"";
 }

 function gdelete($post)
 {
  return "DELETE FROM `gresources` WHERE `txtObjectID` = \"" . $post['txtObjectID'] . "\"";
 }

 function execute($sql)
 {
  global $defined, $handles;
  if(count($sql)>0) {
   $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
   $a=0;
   foreach($sql as $key => $value) {
    if(is_array($value)) { $this->execute($value); continue; }
    if(($res = $handles['db']->dbQuery($handles['val']->ValidateSQL($value, $dbconn), $dbconn))!==-1) {
     if(($a=$handles['db']->dbNumRowsAffected($dbconn))>0) {
      $a++;
      $return = $a;
			  }
		  } else {
     $return = '-1';
    }
   }
   $handles['db']->dbFixTable("resources", $dbconn);
   $handles['db']->dbFixTable("gresources", $dbconn);
   $handles['db']->dbFixTable("uresources", $dbconn);
   $handles['db']->dbFreeData($dbconn);
   $handles['db']->dbCloseConn($dbconn);
  }
  return $return;
 }

 function GenOjectGroup($data)
 {
  global $defined;
  if(count($data)>0) {
   foreach($data as $key => $value) {
    $g = (empty($value['name'])) ? $value['Group'] : $value['name'];
    if($value['read'] === "1") { $read = " checked"; } else { $read = ""; }
    if($value['write'] === "1") { $write = " checked"; } else { $write = ""; }
    if(strncmp($g,"Select Group...",strlen($g))!==0) {
     $form .= "<tr>";
     $form .= "<td width=\"25\"><a href=\"javascript:removeRow('gperms'," . $key . ")\" alt=\"Remove " . $g . " permissions?\" title=\"Remove " . $g . " permission?\"><img src=\"" . $defined['templates'] . "/images/icons/icon-remove.png\" title=\"Remove " . $g . " permissions?\"></a></td>";
     $form .= "<td width=\"30%\"><input type=\"text\" name=\"txtObjectGroup[" . $key . "][name]\" value=\"" . $g . "\" style=\"width: 100%\"></td>";
     $form .= "<td align=\"center\"><input type=\"checkbox\" name=\"txtObjectGroup[" . $key . "][read]\" value=\"1\"" . $read . "></td>";
     $form .= "<td align=\"center\"><input type=\"checkbox\" name=\"txtObjectGroup[" . $key . "][write]\" value=\"1\"" . $write . "></td><td></td>";
     $form .= "</tr>";
    }
   }
  }
  return $form;
 }

 function GenOjectUser($data)
 {
  global $defined;
  if(count($data)>0) {
   foreach($data as $key => $value) {
    $u = (empty($value['name'])) ? $value['User'] : $value['name'];
    if($value['read'] === "1") { $read = " checked"; } else { $read = ""; }
    if($value['write'] === "1") { $write = " checked"; } else { $write = ""; }
    if(strncmp($u,"Select User...",strlen($u))!==0) {
     $form .= "<tr>";
     $form .= "<td width=\"25\"><a href=\"javascript:removeRow('uperms'," . $key . ")\" alt=\"Remove " . $u . " permissions?\" title=\"Remove " . $u . " permission?\"><img src=\"" . $defined['templates'] . "/images/icons/icon-remove.png\" title=\"Remove " . $u . " permissions?\"></a></td>";
     $form .= "<td width=\"30%\"><input type=\"text\" name=\"txtObjectUser[" . $key . "][name]\" value=\"" . $u . "\" style=\"width: 100%\"></td>";
     $form .= "<td align=\"center\"><input type=\"checkbox\" name=\"txtObjectUser[" . $key . "][read]\" value=\"1\"" . $read . "></td>";
     $form .= "<td align=\"center\"><input type=\"checkbox\" name=\"txtObjectUser[" . $key . "][write]\" value=\"1\"" . $write . "></td><td></td></tr>";
    }
   }
  }
  return $form;
 }

}
?>
Return current item: phpMyOrdering