<?PHP
/*
* phpMyAuth - All rights reserved.
* Jason Gerfen [hide@address.com]
*
* Description: class.applications.php - Application management libs
*
*/
class ManageApplications
{
function GenJumpMenuBoxApplications( $array, $name, $skin )
{
global $handles;
$frm .= "<select name=\"" . $name . "\" size=\"8\" onClick=\"jumpMenu('parent',this,0)\" style=\"width: 100%\">";
if( count( $array ) < 1 ) {
$frm .= "<option value=\"" . $_SERVER['PHP_SELF'] . "?skin=" . $skin . "&id=NULL\">No Applications Defined</option>";
} else {
foreach( $array as $key => $value ) {
$value['app-name'] = $handles['misc']->TrimString( $value['app-name'], 60 );
$value['app-url'] = $handles['misc']->TrimString( $value['app-url'], 35 );
$frm .= "<option value=\"" . $_SERVER['PHP_SELF'] . "?skin=" . $skin . "&id=" . $value['id'] . "\">" . $value['app-name'] . " :: " . $value['app-url'] . "</option>";
}
}
$frm .= "</select>";
$data = "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"3\">
<tr>
<td valign=\"top\">$frm</td>
<tr>
</table>";
return $data;
}
function GenDropMenuWSelectedApplications( $array, $selected, $name )
{
global $handles;
if( count( $array[0] ) !== 0 ) {
$list .= "<select name=\"". $name . "\" style=\"width: 100%\">";
if( !empty( $selected ) ) {
$list .= "<option value=\"" . $selected . "\">" . $selected . "</option>";
}
$list .= "<option>---------------</option>";
foreach( $array as $key => $value ) {
$value['app-name'] = $handles['misc']->TrimString( $value['app-name'], 60 );
$value['app-url'] = $handles['misc']->TrimString( $value['app-url'], 60 );
$list .= "<option value=\"" . $value['app-name'] . "\">" . $value['app-name'] . " :: " . $value['app-url'] . "</option>";
}
$list .= "</select>";
}
return $list;
}
function GenMngApplications( $token, $get, $post )
{
global $defined;
global $handles;
global $errors;
// perform a check on the users access level information
if($handles['level']->ChkLevel( $token ) === "admin") {
// define some variables for the template etc.
$FILE = "admin.manage.applications.tpl";
$page = "admin.manage.applications.php";
// decode the auth token for our username data
$user_details = $handles['encrypt']->DecodeAuthTokenHeavy( $token );
$username = $user_details[0]; $formData['addAppAdmin'] = $username;
$groupmem = $user_details[3];
// initialize a db connection handle
$dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );
// provide count of online users
$online = "SELECT * FROM `sessions`";
$ret = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $online, $dbconn ), $dbconn );
$usersonline = $handles['db']->dbNumRows( $ret );
// Look for a GET id post allow editing/deleting of existing group data
if( !empty( $get['id'] ) ) {
if( $handles['val']->ValidateInteger( $get['id'] ) === -1 ) {
$message = $handles['err']->GenerateErrorLink( "help/help.html", "#application_edit", $defined['error'], $errors['val_num'], NULL, NULL );
} else {
// populate the form with database information if already configured
$query = "SELECT * FROM `auth_applications` WHERE `id` = \"" . $get['id'] . "\" LIMIT 1";
if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $query, $dbconn ), $dbconn ) ) === -1 ) {
$message = $handles['err']->GenerateErrorLink( "help/help.html", "#application_edit", $defined['error'], $errors['db_select'], NULL, NULL );
} else {
$data = $handles['db']->dbArrayResultsAssoc( $value );
if( count( $data ) > 0 ) {
// validate and populate form data for both edit and delete forms
$editAppID = $handles['val']->ValidateXSS($data[0]['id']);
$formData['editAppName'] = $handles['val']->ValidateXSS($data[0]['app-name']); $formData['delAppName'] = $formData['editAppName']; $formData['resPermAppName'] = $formData['editAppName'];
$formData['editAppURL'] = $handles['val']->ValidateXSS($data[0]['app-url']); $formData['delAppURL'] = $formData['editAppURL']; $formData['resPermAppURL'] = $formData['editAppURL'];
$formData['editAppDescription'] = $handles['val']->ValidateXSS($data[0]['app-description']); $formData['delAppDescription'] = $formData['editAppDescription']; $formData['resPermAppDescription'] = $formData['editAppDescription'];
$formData['editAppAdmin'] = $handles['val']->ValidateXSS($data[0]['app-admin']); $formData['delAppAdmin'] = $formData['editAppAdmin']; $formData['resPermAppAdmin'] = $formData['editAppAdmin'];
$formData['editAppEmail'] = $handles['val']->ValidateXSS($data[0]['app-email']); $formData['delAppEmail'] = $formData['editAppEmail']; $formData['resPermAppEmail'] = $formData['editAppEmail'];
$formData['resPermAppHash'] = $handles['val']->ValidateXSS($data[0]['resource']);
// formulate query to get resource items per group id
$sql = "SELECT * FROM `resources`";
// now get all resources assigned to this group if not admin group or user
if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
$message = $handles['err']->GenerateErrorLink( "help/help.html", "#application_edit", $defined['error'], $errors['db_select_err'], NULL, NULL );
} else {
$dataRes = $handles['db']->dbArrayResultsAssoc( $value );
if( count( $dataRes ) > 0 ) {
// since we have a valid list of resources lets formulate our query to get the group and user permissions
foreach( $dataRes as $key => $value ) {
if( $groupmem === "admin" ) {
$sqlPerms['groups'][$key] = "SELECT * FROM `resources_groups` WHERE `resource` = \"" . $value['resource'] . "\"";
$sqlPerms['users'][$key] = "SELECT * FROM `resources_users` WHERE `resource` = \"" . $value['resource'] . "\"";
} else {
$sqlPerms['groups'][$key] = "SELECT * FROM `resources_groups` WHERE `group` = \"" . $groupmem . "\" AND `resource` = \"" . $value['resource'] . "\"";
$sqlPerms['users'][$key] = "SELECT * FROM `resources_users` WHERE `user` = \"" . $username . "\" AND `resource` = \"" . $value['resource'] . "\"";
}
}
// loop get and create a nice form
foreach( $sqlPerms['groups'] as $key => $value ) {
if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $value, $dbconn ), $dbconn ) ) !== -1 ) {
$groupPerms = $handles['db']->dbArrayResultsAssoc( $value );
}
}
foreach( $sqlPerms['users'] as $key => $value ) {
if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $value, $dbconn ), $dbconn ) ) !== -1 ) {
$userPerms = $handles['db']->dbArrayResultsAssoc( $value );
}
}
// now we have to pass these along to create the form(s)
$objGrpPerms = $handles['permissions']->GenGroupObjectPermissions( $formData['editAppName'], $groupPerms );
$objUsrPerms = $handles['permissions']->GenUserObjectPermissions( $formData['editAppName'], $userPerms );
}
}
}
$message = $handles['err']->GenerateErrorLink( "help/help.html", "#host_search", $defined['good'], "You are currently editing record #" . $editAppID . " => " . $formData['editAppName'], NULL, NULL );
}
}
}
// look for some post data to process
if( !empty( $post ) ) {
// reassign our $_POST elements to local array after filtering elements
if( count( $post ) > 0 ) {
foreach( $post as $key => $value ) {
$formData[$handles['val']->ValidateXSS($key)] = $handles['val']->ValidateXSS($value);
}
}
// which button was pressed? Are we adding, editing, deleting, importing group data or managing permissions on existing objects?
// adding new group
if( !empty( $formData['AddApp'] ) ) {
// check for required fields
if( ( !empty( $formData['addAppName'] ) ) && ( !empty( $formData['addAppURL'] ) ) && ( !empty( $formData['addAppDescription'] ) ) && ( !empty( $formData['addAppAdmin'] ) ) && ( !empty( $formData['addAppEmail'] ) ) ) {
if( ( $handles['val']->ValidateAlphaChar( $formData['addAppName'] ) !== -1 ) && ( $handles['val']->ValidateURI( $formData['addAppURL'] ) !== -1 ) && ( $handles['val']->ValidateParagraph( $formData['addAppDescription'] ) !== -1 ) && ( $handles['val']->ValidateParagraph( $formData['addAppAdmin'] ) !== -1 ) && ( $handles['val']->ValidateEmail( $formData['addAppEmail'] ) !== -1 ) ) {
// well everything passed validation proceed to place the database
$sql = "INSERT INTO `auth_applications` ( `app-name`, `app-url`, `app-description`, `app-admin`, `app-email`, `resource`, `owner` ) VALUES ( \"" . $formData['addAppName'] . "\", \"" . $formData['addAppURL'] . "\", \"" . $formData['addAppDescription'] . "\", \"" . $formData['addAppAdmin'] . "\", \"" . $formData['addAppEmail'] . "\", \"" . md5( $formData['addAppName'] ) . "\", \"" . $username . "\" )";
// create a set of default permissions for this particular object
$sqlResource[0] = "INSERT INTO `resources` ( `resource`, `common-name`, `owner` ) VALUES ( \"" . md5( $formData['editAppName'] ) . "\", \"" . $formData['editAppName'] . "\", \"" . $username . "\" )";
$sqlResource[1] = "INSERT INTO `resources_groups` ( `resource`, `group`, `read`, `write` ) VALUES ( \"" . md5( $formData['editAppName'] ) . "\", \"" . $groupmem . "\", \"1\", \"1\" )";
$sqlResource[2] = "INSERT INTO `resources_users` ( `resource`, `user`, `read`, `write` ) VALUES ( \"" . md5( $formData['editAppName'] ) . "\", \"" . $username . "\", \"1\", \"1\" )";
if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_insert_err'], '600', '600' );
if( eregi( "duplicate", $handles['db']->dbCatchError() ) ) {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_edit_err'] . ". An application with '" . $formData['addAppName'] . "' already exists", '600', '600' );
}
} else {
foreach( $sqlResource as $key => $value ) {
if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $value, $dbconn ), $dbconn ) ) === -1 ) {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_insert_err'] . " occured while attempting to setup some default permssions", '600', '600' );
} else {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_insert'], '600', '600' );
}
}
}
} else {
// since something failed a validate check figure it out
$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_par", "#val_par", '600', '600' );
$list = "<ul>";
if( $handles['val']->ValidateAlphaChar( $formData['addAppName'] ) === -1 ) { $list .= "<li>Application name field is invalid</li>"; $addAppName_err = $erlink; }
if( $handles['val']->ValidateURI( $formData['addAppURL'] ) === -1 ) { $list .= "<li>Application URL field is invalid</li>"; $addAppURL_err = $erlink; }
if( $handles['val']->ValidateParagraph( $formData['addAppDescription'] ) === -1 ) { $list .= "<li>Applicaiton description field is invalid</li>"; $addAppDescription_err = $erlink; }
if( $handles['val']->ValidateParagraph( $formData['addAppAdmin'] ) === -1 ) { $list .= "<li>Application admin field is invalid</li>"; $addAppAdmin_err = $erlink; }
if( $handles['val']->ValidateEmail( $formData['addAppEmail'] ) === -1 ) { $list .= "<li>Application email field is invalid</li>"; $addAppEmail_err = $erlink; }
$list .= "</ul>";
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_par", $defined['error'], $errors['val_par'] . $list, '600', '600' );
}
} else {
// figure out which ones are missing and generate a friendly error message
$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_empty", "#val_empty", '600', '600' );
$list = "<ul>";
if( empty( $formData['addAppName'] ) ) { $list .= "<li>Application name field is empty</li>"; $addAppName_err = $erlink; }
if( empty( $formData['addAppURL'] ) ) { $list .= "<li>Application URL field is empty</li>"; $addAppURL_err = $erlink; }
if( empty( $formData['addAppDescription'] ) ) { $list .= "<li>Applicaiton description field is empty</li>"; $addAppDescription_err = $erlink; }
if( empty( $formData['addAppAdmin'] ) ) { $list .= "<li>Application admin field is empty</li>"; $addAppAdmin_err = $erlink; }
if( empty( $formData['addAppEmail'] ) ) { $list .= "<li>Application email field is empty</li>"; $addAppEmail_err = $erlink; }
$list .= "</ul>";
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_missing", $defined['error'], $errors['val_missing'] . $list, '600', '600' );
}
}
// editing existing application
if( !empty( $formData['EditApp'] ) ) {
// check for required fields
if( ( !empty( $formData['editAppName'] ) ) && ( !empty( $formData['editAppURL'] ) ) && ( !empty( $formData['editAppDescription'] ) ) && ( !empty( $formData['editAppAdmin'] ) ) && ( !empty( $formData['editAppEmail'] ) ) ) {
if( ( $handles['val']->ValidateAlphaChar( $formData['editAppName'] ) !== -1 ) && ( $handles['val']->ValidateURI( $formData['editAppURL'] ) !== -1 ) && ( $handles['val']->ValidateParagraph( $formData['editAppDescription'] ) !== -1 ) && ( $handles['val']->ValidateParagraph( $formData['editAppAdmin'] ) !== -1 ) && ( $handles['val']->ValidateEmail( $formData['editAppEmail'] ) !== -1 ) ) {
// well everything passed validation proceed to place the database
$sql = "UPDATE `auth_applications` SET `app-name` = \"" . $formData['editAppName'] . "\", `app-url` = \"" . $formData['editAppURL'] . "\", `app-description` = \"" . $formData['editAppDescription'] . "\", `app-admin` = \"" . $formData['editAppAdmin'] . "\", `app-email` = \"" . $formData['editAppEmail'] . "\", `resource` = \"" . md5( $formData['editAppName'] ) . "\", `owner` = \"" . $username . "\" WHERE `id` = \"" . $formData['editAppID'] . "\" LIMIT 1";
if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_edit_err'], '600', '600' );
if( eregi( "duplicate", $handles['db']->dbCatchError() ) ) {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_edit_err'] . ". An application with '" . $formData['editAppName'] . "' already exists", '600', '600' );
}
} else {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_edit'], '600', '600' );
}
} else {
// since something failed a validate check figure it out
$erlink = $handerr->GenerateErrorImg( $defined['error'], "help/help.html#val_par", "#val_par", '600', '600' );
$list = "<ul>";
if( $handles['val']->ValidateAlphaChar( $formData['editAppName'] ) === -1 ) { $list .= "<li>Application name field is invalid</li>"; $editAppName_err = $erlink; }
if( $handles['val']->ValidateURI( $formData['editAppURL'] ) === -1 ) { $list .= "<li>Application URL field is invalid</li>"; $editAppURL_err = $erlink; }
if( $handles['val']->ValidateParagraph( $formData['editAppDescription'] ) === -1 ) { $list .= "<li>Applicaiton description field is invalid</li>"; $editAppDescription_err = $erlink; }
if( $handles['val']->ValidateParagraph( $formData['editAppAdmin'] ) === -1 ) { $list .= "<li>Application admin field is invalid</li>"; $editAppAdmin_err = $erlink; }
if( $handles['val']->ValidateEmail( $formData['editAppEmail'] ) === -1 ) { $list .= "<li>Application email field is invalid</li>"; $editAppEmail_err = $erlink; }
$list .= "</ul>";
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_par", $defined['error'], $errors['val_par'] . $list, '600', '600' );
}
} else {
// figure out which ones are missing and generate a friendly error message
$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_empty", "#val_empty", '600', '600' );
$list = "<ul>";
if( empty( $formData['editAppName'] ) ) { $list .= "<li>Application name field is empty</li>"; $editAppName_err = $erlink; }
if( empty( $formData['editAppURL'] ) ) { $list .= "<li>Application URL field is empty</li>"; $editAppURL_err = $erlink; }
if( empty( $formData['editAppDescription'] ) ) { $list .= "<li>Applicaiton description field is empty</li>"; $editAppDescription_err = $erlink; }
if( empty( $formData['editAppAdmin'] ) ) { $list .= "<li>Application admin field is empty</li>"; $editAppAdmin_err = $erlink; }
if( empty( $formData['editAppEmail'] ) ) { $list .= "<li>Application email field is empty</li>"; $editAppEmail_err = $erlink; }
$list .= "</ul>";
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_missing", $defined['error'], $errors['val_missing'] . $list, '600', '600' );
}
}
// deleting existing application
if( !empty( $formData['DelApp'] ) ) {
// check for required fields
if( ( !empty( $formData['delAppName'] ) ) && ( !empty( $formData['delAppURL'] ) ) && ( !empty( $formData['delAppDescription'] ) ) && ( !empty( $formData['delAppAdmin'] ) ) && ( !empty( $formData['delAppEmail'] ) ) ) {
if(( $handles['val']->ValidateAlphaChar($formData['delAppName']) !== -1 ) && ( $handles['val']->ValidateURI($formData['delAppURL']) !== -1 ) && ( $handles['val']->ValidateParagraph($formData['delAppDescription']) !== -1 ) && ( $handles['val']->ValidateParagraph($formData['delAppAdmin']) !== -1 ) && ( $handles['val']->ValidateEmail($formData['delAppEmail']) !== -1 )) {
// well everything passed validation proceed to remove object and associated permissions
$sql[0] = "DELETE FROM `auth_applications` WHERE `id` = \"" . $formData['editAppID'] . "\" LIMIT 1";
$sql[1] = "DELETE FROM `resources` WHERE `resource` = \"" . md5( $formData['delAppName'] ) . "\"";
$sql[2] = "DELETE FROM `resources_groups` WHERE `resource` = \"" . md5( $formData['delAppName'] ) . "\"";
$sql[3] = "DELETE FROM `resources_users` WHERE `resource` = \"" . md5( $formData['delAppName'] ) . "\"";
foreach( $sql as $key => $value ) {
if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_del_err'], '600', '600' );
if( eregi( "duplicate", $db->dbCatchError() ) ) {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_del_err'], '600', '600' );
}
} else {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_del'], '600', '600' );
}
}
} else {
// since something failed a validate check figure it out
$erlink = $handerr->GenerateErrorImg( $defined['error'], "help/help.html#val_par", "#val_par", '600', '600' );
$list = "<ul>";
if( $handles['val']->ValidateAlphaChar( $formData['delAppName'] ) === -1 ) { $list .= "<li>Application name field is invalid</li>"; $delAppName_err = $erlink; }
if( $handles['val']->ValidateURI( $formData['delAppURL'] ) === -1 ) { $list .= "<li>Application URL field is invalid</li>"; $delAppURL_err = $erlink; }
if( $handles['val']->ValidateParagraph( $formData['delAppDescription'] ) === -1 ) { $list .= "<li>Applicaiton description field is invalid</li>"; $delAppDescription_err = $erlink; }
if( $handles['val']->ValidateParagraph( $formData['delAppAdmin'] ) === -1 ) { $list .= "<li>Application admin field is invalid</li>"; $delAppAdmin_err = $erlink; }
if( $handles['val']->ValidateEmail( $formData['delAppEmail'] ) === -1 ) { $list .= "<li>Application email field is invalid</li>"; $delAppEmail_err = $erlink; }
$list .= "</ul>";
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_par", $defined['error'], $errors['val_par'] . $list, '600', '600' );
}
} else {
// figure out which ones are missing and generate a friendly error message
$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_empty", "#val_empty", '600', '600' );
$list = "<ul>";
if( empty( $formData['delAppName'] ) ) { $list .= "<li>Application name field is empty</li>"; $delAppName_err = $erlink; }
if( empty( $formData['delAppURL'] ) ) { $list .= "<li>Application URL field is empty</li>"; $delAppURL_err = $erlink; }
if( empty( $formData['delAppDescription'] ) ) { $list .= "<li>Applicaiton description field is empty</li>"; $delAppDescription_err = $erlink; }
if( empty( $formData['delAppAdmin'] ) ) { $list .= "<li>Application admin field is empty</li>"; $delAppAdmin_err = $erlink; }
if( empty( $formData['delAppEmail'] ) ) { $list .= "<li>Application email field is empty</li>"; $delAppEmail_err = $erlink; }
$list .= "</ul>";
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_missing", $defined['error'], $errors['val_missing'] . $list, '600', '600' );
}
}
}
// Process application permissions
if( !empty( $formData['resPermApp'] ) ) {
// check for required fields
if( ( !empty( $formData['resPermAppName'] ) ) && ( !empty( $formData['resPermAppURL'] ) ) && ( !empty( $formData['resPermAppDescription'] ) ) && ( !empty( $formData['resPermAppAdmin'] ) ) && ( !empty( $formData['resPermAppEmail'] ) ) ) {
if(( $handles['val']->ValidateAlphaChar($formData['resPermAppName']) !== -1 ) && ( $handles['val']->ValidateURI($formData['resPermAppURL']) !== -1 ) && ( $handles['val']->ValidateParagraph($formData['resPermAppDescription']) !== -1 ) && ( $handles['val']->ValidateParagraph($formData['resPermAppAdmin']) !== -1 ) && ( $handles['val']->ValidateEmail($formData['resPermAppEmail']) !== -1 )) {
// we will use this to ensure valid data
$sql_err = 0;
// generate an array of sql statements for permissions to add first
if( count( $formData['permissions'] ) > 0 ) {
foreach( $formData['permissions'] as $key => $value ) {
// ok for each object create sql for each group found
if( ( $value['group'][0] !== "---------------" ) && ( !empty( $value['group']['read'] ) ) || ( !empty( $value['group']['write'] ) ) ) {
if( ( $handles['val']->ValidateAlphaChar( $value['group'][0] ) === 0 ) && ( $handles['val']->ValidateInteger( $value['group']['read'] ) === 0 ) && ( $handles['val']->ValidateInteger( $value['group']['write'] ) === 0 ) ) {
$sql[$key]['groups'] = "INSERT INTO `resources_groups` ( `resource`, `group`, `read`, `write` ) VALUES ( \"" . $key . "\", \"" . $value['group'][0] . "\", \"" . $value['group']['read'] . "\", \"" . $value['group']['write'] . "\")";
} else {
$sql_err = 1;
}
}
if( ( $value['user']['name'] !== "---------------" ) && ( !empty( $value['user']['read'] ) ) || ( !empty( $value['user']['write'] ) ) ) {
if( ( $handles['val']->ValidateAlphaChar( $value['user']['name'] ) === 0 ) && ( $handles['val']->ValidateInteger( $value['user']['read'] ) === 0 ) && ( $handles['val']->ValidateInteger( $value['user']['write'] ) === 0 ) ) {
$sql[$key]['users'] = "INSERT INTO `resources_users` ( `resource`, `user`, `read`, `write` ) VALUES ( \"" . $key . "\", \"" . $value['user']['name'] . "\", \"" . $value['user']['read'] . "\", \"" . $value['user']['write'] . "\")";
} else {
$sql_err = 2;
}
}
// update or delete existing permission for groups?
if( count( $value['existing']['group'] ) > 0 ) {
foreach( $value['existing']['group'] as $id => $cat ) {
if( !empty( $cat['delete'] ) ) {
if( ( $handles['val']->ValidateAlphaChar( $id ) === 0 ) && ( $handles['val']->ValidateAlphaChar( $key ) === 0 ) ) {
$sql[$key]['existing']['groups'][$id] = "DELETE FROM `resources_groups` WHERE `group` = \"" . $id . "\" AND `resource` = \"" . $key . "\" LIMIT 1";
} else {
$sql_err = 3;
}
} else {
if( ( $handles['val']->ValidateAlphaChar( $id ) === 0 ) && ( $handles['val']->ValidateAlphaChar( $key ) === 0 ) && ( $handles['val']->ValidateInteger( $cat['read'] ) === 0 ) && ( $handles['val']->ValidateInteger( $cat['write'] ) === 0 ) ) {
$sql[$key]['existing']['groups'][$id] = "UPDATE `resources_groups` SET `read` = \"" . $cat['read'] . "\", `write` = \"" . $cat['write'] . "\" WHERE `resource` = \"" . $key . "\" AND `group` = \"" . $id . "\" LIMIT 1";
} else {
$sql_err = 4;
}
}
}
}
// update or delete existing permission for users?
if( count( $value['existing']['user'] ) > 0 ) {
foreach( $value['existing']['user'] as $id => $cat ) {
if( !empty( $cat['delete'] ) ) {
if( ( $handles['val']->ValidateAlphaChar( $id ) === 0 ) && ( $handles['val']->ValidateAlphaChar( $key ) === 0 ) ) {
$sql[$key]['existing']['users'][$id] = "DELETE FROM `resources_users` WHERE `user` = \"" . $id . "\" AND `resource` = \"" . $key . "\" LIMIT 1";
} else {
$sql_err = 5;
}
} else {
if( ( $handles['val']->ValidateAlphaChar( $id ) === 0 ) && ( $handles['val']->ValidateAlphaChar( $key ) === 0 ) && ( $handles['val']->ValidateInteger( $cat['read'] ) === 0 ) && ( $handles['val']->ValidateInteger( $cat['write'] ) === 0 ) ) {
$sql[$key]['existing']['users'][$id] = "UPDATE `resources_users` SET `read` = \"" . $cat['read'] . "\", `write` = \"" . $cat['write'] . "\" WHERE `resource` = \"" . $key . "\" AND `user` = \"" . $id . "\" LIMIT 1";
} else {
$sql_err = 6;
}
}
}
}
}
}
if( $sql_err === 0 ) {
// execute the statements adding our users and groups to the resource object
foreach( $sql as $key => $value ) {
foreach( $value as $x => $sql ) {
if( !is_array( $sql ) ) {
if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_insert_err'], '600', '600' );
} else {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_insert'], '600', '600' );
}
} else {
foreach( $sql as $y => $z ) {
foreach( $z as $i => $query ) {
if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $query, $dbconn ), $dbconn ) ) === -1 ) {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_insert_err'], '600', '600' );
} else {
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_insert'], '600', '600' );
}
}
}
}
}
}
} else {
// may want to add some better message information based on return codes
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], "It seems that at least one piece of data contains an invalid integer or alpha numeric string.", '600', '600' );
}
} else {
// since something failed a validate check figure it out
$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_par", "#val_par", '600', '600' );
$list = "<ul>";
if( $handles['val']->ValidateAlphaChar( $formData['resPermAppName'] ) === -1 ) { $list .= "<li>Name field is invalid</li>"; $resPermAppName_err = $erlink; }
if( $handles['val']->ValidatePhone( $formData['resPermAppPhone'] ) === -1 ) { $list .= "<li>Contact field is invalid, phone number expected xxx-xxx-xxxx</li>"; $resPermAppContact_err = $erlink; }
if( $handles['val']->ValidateParagraph( $formData['resPermAppDescription'] ) === -1 ) { $list .= "<li>Description field is invalid</li>"; $resPermAppDescription_err = $erlink; }
if( $handles['val']->ValidateParagraph( $formData['resPermAppManager'] ) === -1 ) { $list .= "<li>Manager field is invalid</li>"; $resPermAppManager_err = $erlink; }
$list .= "</ul>";
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_par", $defined['error'], $errors['val_par'] . $list, '600', '600' );
}
} else {
// figure out which ones are missing and generate a friendly error message
$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_empty", "#val_empty", '600', '600' );
$list = "<ul>";
if( empty( $formData['resPermAppName'] ) ) { $list .= "<li>Name field is missing data</li>"; $resPermAppName_err = $erlink; }
if( empty( $formData['resPermAppContact'] ) ) { $list .= "<li>Contact field is missing data</li>"; $resPermAppContact_err = $erlink; }
if( empty( $formData['resPermAppDescription'] ) ) { $list .= "<li>Description field is missing data</li>"; $resPermAppDescription_err = $erlink; }
if( empty( $formData['resPermAppManager'] ) ) { $list .= "<li>Manager field is missing data</li>"; $resPermAppManager_err = $erlink; }
$list .= "</ul>";
$message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_missing", $defined['error'], $errors['val_missing'] . $list, '600', '600' );
}
}
// get a list of current applications
if( count( $app_list ) === 0 ) {
$app_query = "SELECT * FROM `auth_applications` ORDER BY `app-name` ASC";
if( ( $current = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $app_query, $dbconn ), $dbconn ) ) !== -1 ) {
$app_list = $handles['db']->dbArrayResultsAssoc( $current );
}
$appList = $handles['applications']->GenJumpMenuBoxApplications( $app_list, 'addList', $get['skin'] );
}
// get a list of current groups
if( count( $user_list ) === 0 ) {
if( $groupmem === "admin" ) {
$user_query = "SELECT * FROM `users` ORDER BY `group` ASC";
} else {
$user_query = "SELECT * FROM `users` WHERE `owner` = \"" . $groupmem . "\" ORDER BY `group` ASC";
}
if( ( $current = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $user_query, $dbconn ), $dbconn ) ) !== -1 ) {
$user_list = $handles['db']->dbArrayResultsAssoc( $current );
}
$UserList = $handles['users']->GenDropMenuWSelectedUsers( $user_list, $formData['AddUser'], "permissions[" . $formData['resPermAppHash'] . "][user][name]" );
}
// Generate a list of user groups to select from (limit by group)
if( $groupmem === "admin" ) {
$grp = "SELECT `group` FROM `groups` ORDER BY `group` ASC";
} else {
$grp = "SELECT `group` FROM `groups` WHERE `group` = \"" . $groupmem . "\" ORDER BY `group` ASC";
}
if( ( $return = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $grp, $dbconn ), $dbconn ) ) !== -1 ) {
$grps = $handles['db']->dbArrayResultsAssoc( $return );
}
if( count( $grps ) === 0 ) {
$GroupsList = "No Groups defined";
} else {
$GroupList = $handles['groups']->GenDropMenuWSelectedGroups( $grps, $formData['editUsrGroup'], "permissions[" . $formData['resPermAppHash'] . "][group][]" );
}
// give a message for the editing of permissions area
if( empty( $get['id'] ) ) {
$editPermissionsMsg = "Please select an application from the list of configured applications on the right first...";
} else {
$editPermissionsMsg = "Add new user(s) and/or group(s) to <i>'" . $formData['resPermAppName'] . "'</i>...";
}
// Do some cleaning before leaving
$handles['misc']->CleanUpVars( $formData, NULL );
// Perform analyze, repair and optimize on used tables
$handles['db']->dbFixTable( "auth_applications", $dbconn );
$handles['db']->dbFixTable( "resources", $dbconn );
$handles['db']->dbFixTable( "resources_groups", $dbconn );
$handles['db']->dbFixTable( "resources_users", $dbconn );
$handles['db']->dbFixTable( "sessions", $dbconn );
// Free db handle and close connection(s)
$handles['db']->dbFreeData( $dbconn );
$handles['db']->dbCloseConn( $dbconn );
$handles['tpl']->assign( 'page', $page, NULL, NULL );
$handles['tpl']->assign( 'message', $message, NULL, NULL );
$handles['tpl']->assign( 'editPermissionsMsg', $editPermissionsMsg, NULL, NULL );
$handles['tpl']->assign( 'appList', $appList, NULL, NULL );
$handles['tpl']->assign( 'editAppID', $editAppID, NULL, NULL);
$handles['tpl']->assign( 'resAppPermHash', $formData['resPermAppHash'], NULL, NULL);
$handles['tpl']->assign( 'UserList', $UserList, NULL, NULL );
$handles['tpl']->assign( 'usrList_err', $usrList_err, NULL, NULL );
$handles['tpl']->assign( 'GroupList', $GroupList, NULL, NULL );
$handles['tpl']->assign( 'grpList_err', $grpList_err, NULL, NULL );
$handles['tpl']->assign( 'addAppName', $formData['addAppName'], NULL, NULL);
$handles['tpl']->assign( 'addAppURL', $formData['addAppURL'], NULL, NULL);
$handles['tpl']->assign( 'addAppDescription', $formData['addAppDescription'], NULL, NULL);
$handles['tpl']->assign( 'addAppAdmin', $formData['addAppAdmin'], NULL, NULL);
$handles['tpl']->assign( 'addAppEmail', $formData['addAppEmail'], NULL, NULL);
$handles['tpl']->assign( 'addAppName_err', $addAppName_err, NULL, NULL);
$handles['tpl']->assign( 'addAppURL_err', $addAppURL_err, NULL, NULL);
$handles['tpl']->assign( 'addAppDescription_err', $addAppDescription_err, NULL, NULL);
$handles['tpl']->assign( 'addAppAdmin_err', $addAppAdmin_err, NULL, NULL);
$handles['tpl']->assign( 'addAppEmail_err', $addAppEmail_err, NULL, NULL);
$handles['tpl']->assign( 'editAppName', $formData['editAppName'], NULL, NULL);
$handles['tpl']->assign( 'editAppURL', $formData['editAppURL'], NULL, NULL);
$handles['tpl']->assign( 'editAppDescription', $formData['editAppDescription'], NULL, NULL);
$handles['tpl']->assign( 'editAppAdmin', $formData['editAppAdmin'], NULL, NULL);
$handles['tpl']->assign( 'editAppEmail', $formData['editAppEmail'], NULL, NULL);
$handles['tpl']->assign( 'editAppName_err', $editAppName_err, NULL, NULL);
$handles['tpl']->assign( 'editAppURL_err', $editAppURL_err, NULL, NULL);
$handles['tpl']->assign( 'editAppDescription_err', $editAppDescription_err, NULL, NULL);
$handles['tpl']->assign( 'editAppAdmin_err', $editAppAdmin_err, NULL, NULL);
$handles['tpl']->assign( 'editAppEmail_err', $editAppEmail_err, NULL, NULL);
$handles['tpl']->assign( 'delAppName', $formData['delAppName'], NULL, NULL);
$handles['tpl']->assign( 'delAppURL', $formData['delAppURL'], NULL, NULL);
$handles['tpl']->assign( 'delAppDescription', $formData['delAppDescription'], NULL, NULL);
$handles['tpl']->assign( 'delAppAdmin', $formData['delAppAdmin'], NULL, NULL);
$handles['tpl']->assign( 'delAppEmail', $formData['delAppEmail'], NULL, NULL);
$handles['tpl']->assign( 'delAppName_err', $delAppName_err, NULL, NULL);
$handles['tpl']->assign( 'delAppURL_err', $delAppURL_err, NULL, NULL);
$handles['tpl']->assign( 'delAppDescription_err', $delAppDescription_err, NULL, NULL);
$handles['tpl']->assign( 'delAppAdmin_err', $delAppAdmin_err, NULL, NULL);
$handles['tpl']->assign( 'delAppEmail_err', $delAppEmail_err, NULL, NULL);
$handles['tpl']->assign( 'objGrpPerms', $objGrpPerms, NULL, NULL );
$handles['tpl']->assign( 'objUsrPerms', $objUsrPerms, NULL, NULL );
$handles['tpl']->assign( 'resPermAppName', $formData['resPermAppName'], NULL, NULL);
$handles['tpl']->assign( 'resPermAppURL', $formData['resPermAppURL'], NULL, NULL);
$handles['tpl']->assign( 'resPermAppDescription', $formData['resPermAppDescription'], NULL, NULL);
$handles['tpl']->assign( 'resPermAppAdmin', $formData['resPermAppAdmin'], NULL, NULL);
$handles['tpl']->assign( 'resPermAppEmail', $formData['resPermAppEmail'], NULL, NULL);
$handles['tpl']->assign( 'resPermAppName_err', $resPermAppName_err, NULL, NULL);
$handles['tpl']->assign( 'resPermAppURL_err', $resPermAppURL_err, NULL, NULL);
$handles['tpl']->assign( 'resPermAppDescription_err', $resPermAppDescription_err, NULL, NULL);
$handles['tpl']->assign( 'resPermAppAdmin_err', $resPermAppAdmin_err, NULL, NULL);
$handles['tpl']->assign( 'resPermAppEmail_err', $resPermAppEmail_err, NULL, NULL);
$handles['tpl']->assign( 'importLDAPGrps', $importLDAPGrps, NULL, NULL );
$handles['tpl']->assign( 'importLDAPGrps_err', $importLDAPGrps_err, NULL, NULL );
} else {
$FILE = "notauthorized.tpl";
}
return $FILE;
}
}
?>