Location: PHPKode > projects > phpMyOrdering > phpMyOrdering-0.1.7-alpha/scripts/classes/class.applications.php
<?PHP
/*
 * phpMyAuth - All rights reserved.
 * Jason Gerfen [hide@address.com]
 *
 * Description:  class.applications.php - Application management libs
 *
 */

class ManageApplications
{

	function GenJumpMenuBoxApplications( $array, $name, $skin )
 {
  global $handles;

  $frm .= "<select name=\"" . $name . "\" size=\"8\" onClick=\"jumpMenu('parent',this,0)\" style=\"width: 100%\">";
  if( count( $array ) < 1 ) {
   $frm .= "<option value=\"" . $_SERVER['PHP_SELF'] . "?skin=" . $skin . "&id=NULL\">No Applications Defined</option>";
  } else {
   foreach( $array as $key => $value ) {
    $value['app-name'] = $handles['misc']->TrimString( $value['app-name'], 60 );
    $value['app-url'] = $handles['misc']->TrimString( $value['app-url'], 35 );
    $frm .= "<option value=\"" . $_SERVER['PHP_SELF'] . "?skin=" . $skin . "&id=" . $value['id'] . "\">" . $value['app-name'] . " :: " . $value['app-url'] . "</option>";
   }
  }
  $frm .= "</select>";
  $data = "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"3\">
            <tr>
             <td valign=\"top\">$frm</td>
            <tr>
           </table>";
  return $data;
 }

 function GenDropMenuWSelectedApplications( $array, $selected, $name )
 {
  global $handles;

  if( count( $array[0] ) !== 0 ) {
   $list .= "<select name=\"". $name . "\" style=\"width: 100%\">";
   if( !empty( $selected ) ) {
    $list .= "<option value=\"" . $selected . "\">" . $selected . "</option>";
   }
   $list .= "<option>---------------</option>";
   foreach( $array as $key => $value ) {
    $value['app-name'] = $handles['misc']->TrimString( $value['app-name'], 60 );
    $value['app-url'] = $handles['misc']->TrimString( $value['app-url'], 60 );
    $list .= "<option value=\"" . $value['app-name'] . "\">" . $value['app-name'] . " :: " . $value['app-url'] . "</option>";
   }
   $list .= "</select>";
  }
  return $list;
 }

 function GenMngApplications( $token, $get, $post )
 {
  global $defined;
  global $handles;
		global $errors;

  // perform a check on the users access level information
  if($handles['level']->ChkLevel( $token ) === "admin") {

 		// define some variables for the template etc.
			$FILE = "admin.manage.applications.tpl";
   $page = "admin.manage.applications.php";

   // decode the auth token for our username data
   $user_details = $handles['encrypt']->DecodeAuthTokenHeavy( $token );
			$username = $user_details[0]; $formData['addAppAdmin'] = $username;
   $groupmem = $user_details[3];

   // initialize a db connection handle
   $dbconn = $handles['db']->dbConnect( $defined['dbhost'], $defined['username'], $defined['password'], $defined['dbname'] );

			// provide count of online users
			$online = "SELECT * FROM `sessions`";
			$ret = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $online, $dbconn ), $dbconn );
			$usersonline = $handles['db']->dbNumRows( $ret );

   // Look for a GET id post allow editing/deleting of existing group data
   if( !empty( $get['id'] ) ) {
    if( $handles['val']->ValidateInteger( $get['id'] ) === -1 ) {
     $message = $handles['err']->GenerateErrorLink( "help/help.html", "#application_edit", $defined['error'], $errors['val_num'], NULL, NULL );
    } else {
     // populate the form with database information if already configured
				 $query = "SELECT * FROM `auth_applications` WHERE `id` = \"" . $get['id'] . "\" LIMIT 1";
		   if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $query, $dbconn ), $dbconn ) ) === -1 ) {
      $message = $handles['err']->GenerateErrorLink( "help/help.html", "#application_edit", $defined['error'], $errors['db_select'], NULL, NULL );
     } else {
      $data = $handles['db']->dbArrayResultsAssoc( $value );

      if( count( $data ) > 0 ) {
       
							// validate and populate form data for both edit and delete forms
 				 	$editAppID = $handles['val']->ValidateXSS($data[0]['id']);
 				 	$formData['editAppName'] = $handles['val']->ValidateXSS($data[0]['app-name']); $formData['delAppName'] = $formData['editAppName']; $formData['resPermAppName'] = $formData['editAppName'];
 				  $formData['editAppURL'] = $handles['val']->ValidateXSS($data[0]['app-url']); $formData['delAppURL'] = $formData['editAppURL']; $formData['resPermAppURL'] = $formData['editAppURL'];
 				  $formData['editAppDescription'] = $handles['val']->ValidateXSS($data[0]['app-description']); $formData['delAppDescription'] = $formData['editAppDescription']; $formData['resPermAppDescription'] = $formData['editAppDescription'];
       $formData['editAppAdmin'] = $handles['val']->ValidateXSS($data[0]['app-admin']); $formData['delAppAdmin'] = $formData['editAppAdmin']; $formData['resPermAppAdmin'] = $formData['editAppAdmin'];
       $formData['editAppEmail'] = $handles['val']->ValidateXSS($data[0]['app-email']); $formData['delAppEmail'] = $formData['editAppEmail']; $formData['resPermAppEmail'] = $formData['editAppEmail'];
       $formData['resPermAppHash'] = $handles['val']->ValidateXSS($data[0]['resource']);

       // formulate query to get resource items per group id
       $sql = "SELECT * FROM `resources`";
       // now get all resources assigned to this group if not admin group or user
       if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
        $message = $handles['err']->GenerateErrorLink( "help/help.html", "#application_edit", $defined['error'], $errors['db_select_err'], NULL, NULL );
       } else {
        $dataRes = $handles['db']->dbArrayResultsAssoc( $value );
        if( count( $dataRes ) > 0 ) {
         // since we have a valid list of resources lets formulate our query to get the group and user permissions
         foreach( $dataRes as $key => $value ) {
										if( $groupmem === "admin" ) {
           $sqlPerms['groups'][$key] = "SELECT * FROM `resources_groups` WHERE `resource` = \"" . $value['resource'] . "\"";
           $sqlPerms['users'][$key] = "SELECT * FROM `resources_users` WHERE `resource` = \"" . $value['resource'] . "\"";
										} else {
           $sqlPerms['groups'][$key] = "SELECT * FROM `resources_groups` WHERE `group` = \"" . $groupmem . "\" AND `resource` = \"" . $value['resource'] . "\"";
           $sqlPerms['users'][$key] = "SELECT * FROM `resources_users` WHERE `user` = \"" . $username . "\" AND `resource` = \"" . $value['resource'] . "\"";
										}
         }
         // loop get and create a nice form
         foreach( $sqlPerms['groups'] as $key => $value ) {
          if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $value, $dbconn ), $dbconn ) ) !== -1 ) {
           $groupPerms = $handles['db']->dbArrayResultsAssoc( $value );
          }
         }
         foreach( $sqlPerms['users'] as $key => $value ) {
          if( ( $value = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $value, $dbconn ), $dbconn ) ) !== -1 ) {
           $userPerms = $handles['db']->dbArrayResultsAssoc( $value );
          }
         }
         // now we have to pass these along to create the form(s)
         $objGrpPerms = $handles['permissions']->GenGroupObjectPermissions( $formData['editAppName'], $groupPerms );
         $objUsrPerms = $handles['permissions']->GenUserObjectPermissions( $formData['editAppName'], $userPerms );
        }
       }

      }
      $message = $handles['err']->GenerateErrorLink( "help/help.html", "#host_search", $defined['good'], "You are currently editing record #" . $editAppID . " => " . $formData['editAppName'], NULL, NULL );
 	   }
    }
   }

   // look for some post data to process
			if( !empty( $post ) ) {
				
				// reassign our $_POST elements to local array after filtering elements
				if( count( $post ) > 0 ) {
					foreach( $post as $key => $value ) {
						$formData[$handles['val']->ValidateXSS($key)] = $handles['val']->ValidateXSS($value);
					}
				}

				// which button was pressed? Are we adding, editing, deleting, importing group data or managing permissions on existing objects?

    // adding new group
				if( !empty( $formData['AddApp'] ) ) {

					// check for required fields
					if( ( !empty( $formData['addAppName'] ) ) && ( !empty( $formData['addAppURL'] ) ) && ( !empty( $formData['addAppDescription'] ) ) && ( !empty( $formData['addAppAdmin'] ) ) && ( !empty( $formData['addAppEmail'] ) ) ) {

      if( ( $handles['val']->ValidateAlphaChar( $formData['addAppName'] ) !== -1 )  && ( $handles['val']->ValidateURI( $formData['addAppURL'] ) !== -1 ) && ( $handles['val']->ValidateParagraph( $formData['addAppDescription'] ) !== -1 ) && ( $handles['val']->ValidateParagraph( $formData['addAppAdmin'] ) !== -1 ) && ( $handles['val']->ValidateEmail( $formData['addAppEmail'] ) !== -1 ) ) {

       // well everything passed validation proceed to place the database
							$sql = "INSERT INTO `auth_applications` ( `app-name`, `app-url`, `app-description`, `app-admin`, `app-email`, `resource`, `owner`  ) VALUES ( \"" . $formData['addAppName'] . "\", \"" . $formData['addAppURL'] . "\", \"" . $formData['addAppDescription'] . "\", \"" . $formData['addAppAdmin'] . "\", \"" . $formData['addAppEmail'] . "\", \"" . md5( $formData['addAppName'] ) . "\", \"" . $username . "\" )";

       // create a set of default permissions for this particular object
       $sqlResource[0] = "INSERT INTO `resources` ( `resource`, `common-name`, `owner` ) VALUES ( \"" . md5( $formData['editAppName'] ) . "\", \"" . $formData['editAppName'] . "\", \"" . $username . "\" )";
       $sqlResource[1] = "INSERT INTO `resources_groups` ( `resource`, `group`, `read`, `write` ) VALUES ( \"" . md5( $formData['editAppName'] ) . "\", \"" . $groupmem . "\", \"1\", \"1\" )";
       $sqlResource[2] = "INSERT INTO `resources_users` ( `resource`, `user`, `read`, `write` ) VALUES ( \"" . md5( $formData['editAppName'] ) . "\", \"" . $username . "\", \"1\", \"1\" )";

       if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
        $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_insert_err'], '600', '600' );
								if( eregi( "duplicate", $handles['db']->dbCatchError() ) ) {
         $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_edit_err'] . ". An application with '" . $formData['addAppName'] . "' already exists", '600', '600' );
        }
       } else {
        foreach( $sqlResource as $key => $value ) {
         if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $value, $dbconn ), $dbconn ) ) === -1 ) {
          $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_insert_err'] . " occured while attempting to setup some default permssions", '600', '600' );
         } else {
          $message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_insert'], '600', '600' );          
         }
        }
       }

						} else {
							// since something failed a validate check figure it out
							$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_par", "#val_par", '600', '600' );
       $list = "<ul>";
       if( $handles['val']->ValidateAlphaChar( $formData['addAppName'] ) === -1 ) { $list .= "<li>Application name field is invalid</li>"; $addAppName_err = $erlink; }
       if( $handles['val']->ValidateURI( $formData['addAppURL'] ) === -1 ) { $list .= "<li>Application URL field is invalid</li>"; $addAppURL_err = $erlink; }
       if( $handles['val']->ValidateParagraph( $formData['addAppDescription'] ) === -1 ) { $list .= "<li>Applicaiton description field is invalid</li>"; $addAppDescription_err = $erlink; }
       if( $handles['val']->ValidateParagraph( $formData['addAppAdmin'] ) === -1 ) { $list .= "<li>Application admin field is invalid</li>"; $addAppAdmin_err = $erlink; }
       if( $handles['val']->ValidateEmail( $formData['addAppEmail'] ) === -1 ) { $list .= "<li>Application email field is invalid</li>"; $addAppEmail_err = $erlink; }
       $list .= "</ul>";
       $message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_par", $defined['error'], $errors['val_par'] . $list, '600', '600' );
						}

					} else {
						// figure out which ones are missing and generate a friendly error message
						$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_empty", "#val_empty", '600', '600' );
      $list = "<ul>";
       if( empty( $formData['addAppName'] ) ) { $list .= "<li>Application name field is empty</li>"; $addAppName_err = $erlink; }
       if( empty( $formData['addAppURL'] ) ) { $list .= "<li>Application URL field is empty</li>"; $addAppURL_err = $erlink; }
       if( empty( $formData['addAppDescription'] ) ) { $list .= "<li>Applicaiton description field is empty</li>"; $addAppDescription_err = $erlink; }
       if( empty( $formData['addAppAdmin'] ) ) { $list .= "<li>Application admin field is empty</li>"; $addAppAdmin_err = $erlink; }
       if( empty( $formData['addAppEmail'] ) ) { $list .= "<li>Application email field is empty</li>"; $addAppEmail_err = $erlink; }
      $list .= "</ul>";
      $message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_missing", $defined['error'], $errors['val_missing'] . $list, '600', '600' );
					}

				}

    // editing existing application
    if( !empty( $formData['EditApp'] ) ) {

					// check for required fields
					if( ( !empty( $formData['editAppName'] ) ) && ( !empty( $formData['editAppURL'] ) ) && ( !empty( $formData['editAppDescription'] ) ) && ( !empty( $formData['editAppAdmin'] ) ) && ( !empty( $formData['editAppEmail'] ) ) ) {

      if( ( $handles['val']->ValidateAlphaChar( $formData['editAppName'] ) !== -1 )  && ( $handles['val']->ValidateURI( $formData['editAppURL'] ) !== -1 ) && ( $handles['val']->ValidateParagraph( $formData['editAppDescription'] ) !== -1 ) && ( $handles['val']->ValidateParagraph( $formData['editAppAdmin'] ) !== -1 ) && ( $handles['val']->ValidateEmail( $formData['editAppEmail'] ) !== -1 ) ) {

       // well everything passed validation proceed to place the database
							$sql = "UPDATE `auth_applications` SET `app-name` = \"" . $formData['editAppName'] . "\", `app-url` = \"" . $formData['editAppURL'] . "\", `app-description` = \"" . $formData['editAppDescription'] . "\", `app-admin` = \"" . $formData['editAppAdmin'] . "\", `app-email` = \"" . $formData['editAppEmail'] . "\", `resource` = \"" . md5( $formData['editAppName'] ) . "\", `owner` = \"" . $username . "\" WHERE `id` = \"" . $formData['editAppID'] . "\" LIMIT 1";

       if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
        $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_edit_err'], '600', '600' );
								if( eregi( "duplicate", $handles['db']->dbCatchError() ) ) {
         $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_edit_err'] . ". An application with '" . $formData['editAppName'] . "' already exists", '600', '600' );
        }
       } else {
        $message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_edit'], '600', '600' );          
       }

						} else {
							// since something failed a validate check figure it out
							$erlink = $handerr->GenerateErrorImg( $defined['error'], "help/help.html#val_par", "#val_par", '600', '600' );
       $list = "<ul>";
       if( $handles['val']->ValidateAlphaChar( $formData['editAppName'] ) === -1 ) { $list .= "<li>Application name field is invalid</li>"; $editAppName_err = $erlink; }
       if( $handles['val']->ValidateURI( $formData['editAppURL'] ) === -1 ) { $list .= "<li>Application URL field is invalid</li>"; $editAppURL_err = $erlink; }
       if( $handles['val']->ValidateParagraph( $formData['editAppDescription'] ) === -1 ) { $list .= "<li>Applicaiton description field is invalid</li>"; $editAppDescription_err = $erlink; }
       if( $handles['val']->ValidateParagraph( $formData['editAppAdmin'] ) === -1 ) { $list .= "<li>Application admin field is invalid</li>"; $editAppAdmin_err = $erlink; }
       if( $handles['val']->ValidateEmail( $formData['editAppEmail'] ) === -1 ) { $list .= "<li>Application email field is invalid</li>"; $editAppEmail_err = $erlink; }
       $list .= "</ul>";
       $message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_par", $defined['error'], $errors['val_par'] . $list, '600', '600' );
						}

					} else {
						// figure out which ones are missing and generate a friendly error message
						$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_empty", "#val_empty", '600', '600' );
      $list = "<ul>";
       if( empty( $formData['editAppName'] ) ) { $list .= "<li>Application name field is empty</li>"; $editAppName_err = $erlink; }
       if( empty( $formData['editAppURL'] ) ) { $list .= "<li>Application URL field is empty</li>"; $editAppURL_err = $erlink; }
       if( empty( $formData['editAppDescription'] ) ) { $list .= "<li>Applicaiton description field is empty</li>"; $editAppDescription_err = $erlink; }
       if( empty( $formData['editAppAdmin'] ) ) { $list .= "<li>Application admin field is empty</li>"; $editAppAdmin_err = $erlink; }
       if( empty( $formData['editAppEmail'] ) ) { $list .= "<li>Application email field is empty</li>"; $editAppEmail_err = $erlink; }
      $list .= "</ul>";
      $message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_missing", $defined['error'], $errors['val_missing'] . $list, '600', '600' );
					}

				}

    // deleting existing application
				if( !empty( $formData['DelApp'] ) ) {

					// check for required fields
					if( ( !empty( $formData['delAppName'] ) ) && ( !empty( $formData['delAppURL'] ) ) && ( !empty( $formData['delAppDescription'] ) ) && ( !empty( $formData['delAppAdmin'] ) ) && ( !empty( $formData['delAppEmail'] ) ) ) {

      if(( $handles['val']->ValidateAlphaChar($formData['delAppName']) !== -1 ) && ( $handles['val']->ValidateURI($formData['delAppURL']) !== -1 ) && ( $handles['val']->ValidateParagraph($formData['delAppDescription']) !== -1 ) && ( $handles['val']->ValidateParagraph($formData['delAppAdmin']) !== -1 ) && ( $handles['val']->ValidateEmail($formData['delAppEmail']) !== -1 )) {

       // well everything passed validation proceed to remove object and associated permissions
							$sql[0] = "DELETE FROM `auth_applications` WHERE `id` = \"" . $formData['editAppID'] . "\" LIMIT 1";
       $sql[1] = "DELETE FROM `resources` WHERE `resource` = \"" . md5( $formData['delAppName'] ) . "\"";
       $sql[2] = "DELETE FROM `resources_groups` WHERE `resource` = \"" . md5( $formData['delAppName'] ) . "\"";
       $sql[3] = "DELETE FROM `resources_users` WHERE `resource` = \"" . md5( $formData['delAppName'] ) . "\"";

       foreach( $sql as $key => $value ) {
        if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
         $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_del_err'], '600', '600' );
 								if( eregi( "duplicate", $db->dbCatchError() ) ) {
          $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_del_err'], '600', '600' );
         }
        } else {
         $message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_del'], '600', '600' );
        }
       }

						} else {
							// since something failed a validate check figure it out
							$erlink = $handerr->GenerateErrorImg( $defined['error'], "help/help.html#val_par", "#val_par", '600', '600' );
       $list = "<ul>";
       if( $handles['val']->ValidateAlphaChar( $formData['delAppName'] ) === -1 ) { $list .= "<li>Application name field is invalid</li>"; $delAppName_err = $erlink; }
       if( $handles['val']->ValidateURI( $formData['delAppURL'] ) === -1 ) { $list .= "<li>Application URL field is invalid</li>"; $delAppURL_err = $erlink; }
       if( $handles['val']->ValidateParagraph( $formData['delAppDescription'] ) === -1 ) { $list .= "<li>Applicaiton description field is invalid</li>"; $delAppDescription_err = $erlink; }
       if( $handles['val']->ValidateParagraph( $formData['delAppAdmin'] ) === -1 ) { $list .= "<li>Application admin field is invalid</li>"; $delAppAdmin_err = $erlink; }
       if( $handles['val']->ValidateEmail( $formData['delAppEmail'] ) === -1 ) { $list .= "<li>Application email field is invalid</li>"; $delAppEmail_err = $erlink; }
       $list .= "</ul>";
       $message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_par", $defined['error'], $errors['val_par'] . $list, '600', '600' );
						}

					} else {
						// figure out which ones are missing and generate a friendly error message
						$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_empty", "#val_empty", '600', '600' );
      $list = "<ul>";
       if( empty( $formData['delAppName'] ) ) { $list .= "<li>Application name field is empty</li>"; $delAppName_err = $erlink; }
       if( empty( $formData['delAppURL'] ) ) { $list .= "<li>Application URL field is empty</li>"; $delAppURL_err = $erlink; }
       if( empty( $formData['delAppDescription'] ) ) { $list .= "<li>Applicaiton description field is empty</li>"; $delAppDescription_err = $erlink; }
       if( empty( $formData['delAppAdmin'] ) ) { $list .= "<li>Application admin field is empty</li>"; $delAppAdmin_err = $erlink; }
       if( empty( $formData['delAppEmail'] ) ) { $list .= "<li>Application email field is empty</li>"; $delAppEmail_err = $erlink; }
      $list .= "</ul>";
      $message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_missing", $defined['error'], $errors['val_missing'] . $list, '600', '600' );
					}
				}

			}

   // Process application permissions
   if( !empty( $formData['resPermApp'] ) ) {

				// check for required fields
				if( ( !empty( $formData['resPermAppName'] ) ) && ( !empty( $formData['resPermAppURL'] ) ) && ( !empty( $formData['resPermAppDescription'] ) ) && ( !empty( $formData['resPermAppAdmin'] ) ) && ( !empty( $formData['resPermAppEmail'] ) ) ) {

     if(( $handles['val']->ValidateAlphaChar($formData['resPermAppName']) !== -1 ) && ( $handles['val']->ValidateURI($formData['resPermAppURL']) !== -1 ) && ( $handles['val']->ValidateParagraph($formData['resPermAppDescription']) !== -1 ) && ( $handles['val']->ValidateParagraph($formData['resPermAppAdmin']) !== -1 ) && ( $handles['val']->ValidateEmail($formData['resPermAppEmail']) !== -1 )) {

      // we will use this to ensure valid data
      $sql_err = 0;

      // generate an array of sql statements for permissions to add first
      if( count( $formData['permissions'] ) > 0 ) {
							foreach( $formData['permissions'] as $key => $value ) {
								// ok for each object create sql for each group found
								if( ( $value['group'][0] !== "---------------" ) && ( !empty( $value['group']['read'] ) ) || ( !empty( $value['group']['write'] ) ) ) {
         if( ( $handles['val']->ValidateAlphaChar( $value['group'][0] ) === 0 ) && ( $handles['val']->ValidateInteger( $value['group']['read'] ) === 0 ) && ( $handles['val']->ValidateInteger( $value['group']['write'] ) === 0 ) ) {
          $sql[$key]['groups'] = "INSERT INTO `resources_groups` ( `resource`, `group`, `read`, `write` ) VALUES ( \"" . $key . "\", \"" . $value['group'][0] . "\", \"" . $value['group']['read'] . "\", \"" . $value['group']['write'] . "\")";
 								} else {
          $sql_err = 1;
         }
        }
 							if( ( $value['user']['name'] !== "---------------" ) && ( !empty( $value['user']['read'] ) ) || ( !empty( $value['user']['write'] ) ) ) {
  						 if( ( $handles['val']->ValidateAlphaChar( $value['user']['name'] ) === 0 ) && ( $handles['val']->ValidateInteger( $value['user']['read'] ) === 0 ) && ( $handles['val']->ValidateInteger( $value['user']['write'] ) === 0 ) ) {
        		$sql[$key]['users'] = "INSERT INTO `resources_users` ( `resource`, `user`, `read`, `write` ) VALUES ( \"" . $key . "\", \"" . $value['user']['name'] . "\", \"" . $value['user']['read'] . "\", \"" . $value['user']['write'] . "\")";
 								} else {
          $sql_err = 2;
         }
        }
        // update or delete existing permission for groups?
        if( count( $value['existing']['group'] ) > 0 ) {
         foreach( $value['existing']['group'] as $id => $cat ) {
          if( !empty( $cat['delete'] ) ) {
           if( ( $handles['val']->ValidateAlphaChar( $id ) === 0 ) && ( $handles['val']->ValidateAlphaChar( $key ) === 0 ) ) {
            $sql[$key]['existing']['groups'][$id] = "DELETE FROM `resources_groups` WHERE `group` = \"" . $id . "\" AND `resource` = \"" . $key . "\" LIMIT 1";
           } else {
            $sql_err = 3;
           }
          } else {
           if( ( $handles['val']->ValidateAlphaChar( $id ) === 0 ) && ( $handles['val']->ValidateAlphaChar( $key ) === 0 ) && ( $handles['val']->ValidateInteger( $cat['read'] ) === 0 ) && ( $handles['val']->ValidateInteger( $cat['write'] ) === 0 ) ) {
            $sql[$key]['existing']['groups'][$id] = "UPDATE `resources_groups` SET `read` = \"" . $cat['read'] . "\", `write` = \"" . $cat['write'] . "\" WHERE `resource` = \"" . $key . "\" AND `group` = \"" . $id . "\" LIMIT 1";
           } else {
            $sql_err = 4;
           }
          }
         }
        }

        // update or delete existing permission for users?
        if( count( $value['existing']['user'] ) > 0 ) {
         foreach( $value['existing']['user'] as $id => $cat ) {
          if( !empty( $cat['delete'] ) ) {
           if( ( $handles['val']->ValidateAlphaChar( $id ) === 0 ) && ( $handles['val']->ValidateAlphaChar( $key ) === 0 ) ) {
            $sql[$key]['existing']['users'][$id] = "DELETE FROM `resources_users` WHERE `user` = \"" . $id . "\" AND `resource` = \"" . $key . "\" LIMIT 1";
           } else {
            $sql_err = 5;
           }
          } else {
           if( ( $handles['val']->ValidateAlphaChar( $id ) === 0 ) && ( $handles['val']->ValidateAlphaChar( $key ) === 0 ) && ( $handles['val']->ValidateInteger( $cat['read'] ) === 0 ) && ( $handles['val']->ValidateInteger( $cat['write'] ) === 0 ) ) {
            $sql[$key]['existing']['users'][$id] = "UPDATE `resources_users` SET `read` = \"" . $cat['read'] . "\", `write` = \"" . $cat['write'] . "\" WHERE `resource` = \"" . $key . "\" AND `user` = \"" . $id . "\" LIMIT 1";
           } else {
            $sql_err = 6;
           }
          }
         }
 							}
 						}
      }

      if( $sql_err === 0 ) {
       // execute the statements adding our users and groups to the resource object
       foreach( $sql as $key => $value ) {
 							foreach( $value as $x => $sql ) {
         if( !is_array( $sql ) ) {
          if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $sql, $dbconn ), $dbconn ) ) === -1 ) {
           $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_insert_err'], '600', '600' );
          } else {
           $message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_insert'], '600', '600' );
          }
         } else {
          foreach( $sql as $y => $z ) {
           foreach( $z as $i => $query ) {
            if( ( $sql_res = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $query, $dbconn ), $dbconn ) ) === -1 ) {
             $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], $errors['db_insert_err'], '600', '600' );
            } else {
             $message = $handles['err']->GenerateErrorLink( "help/help.php", "#db_insert", $defined['good'], $errors['db_insert'], '600', '600' );
            }
           }
          }
         }
 							}
       }
      } else {
       // may want to add some better message information based on return codes
       
       $message = $handles['err']->GenerateErrorLink( "help/help.php", "#sql_error", $defined['error'], "It seems that at least one piece of data contains an invalid integer or alpha numeric string.", '600', '600' );
      }

					} else {
						// since something failed a validate check figure it out
						$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_par", "#val_par", '600', '600' );
      $list = "<ul>";
      if( $handles['val']->ValidateAlphaChar( $formData['resPermAppName'] ) === -1 ) { $list .= "<li>Name field is invalid</li>"; $resPermAppName_err = $erlink; }
      if( $handles['val']->ValidatePhone( $formData['resPermAppPhone'] ) === -1 ) { $list .= "<li>Contact field is invalid, phone number expected xxx-xxx-xxxx</li>"; $resPermAppContact_err = $erlink; }
      if( $handles['val']->ValidateParagraph( $formData['resPermAppDescription'] ) === -1 ) { $list .= "<li>Description field is invalid</li>"; $resPermAppDescription_err = $erlink; }
      if( $handles['val']->ValidateParagraph( $formData['resPermAppManager'] ) === -1 ) { $list .= "<li>Manager field is invalid</li>"; $resPermAppManager_err = $erlink; }
      $list .= "</ul>";
      $message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_par", $defined['error'], $errors['val_par'] . $list, '600', '600' );
					}

				} else {
					// figure out which ones are missing and generate a friendly error message
					$erlink = $handles['err']->GenerateErrorImg( $defined['error'], "help/help.html#val_empty", "#val_empty", '600', '600' );
     $list = "<ul>";
     if( empty( $formData['resPermAppName'] ) ) { $list .= "<li>Name field is missing data</li>"; $resPermAppName_err = $erlink; }
     if( empty( $formData['resPermAppContact'] ) ) { $list .= "<li>Contact field is missing data</li>"; $resPermAppContact_err = $erlink; }
     if( empty( $formData['resPermAppDescription'] ) ) { $list .= "<li>Description field is missing data</li>"; $resPermAppDescription_err = $erlink; }
     if( empty( $formData['resPermAppManager'] ) ) { $list .= "<li>Manager field is missing data</li>"; $resPermAppManager_err = $erlink; }
     $list .= "</ul>";
     $message = $handles['err']->GenerateErrorLink( "help/help.php", "#val_missing", $defined['error'], $errors['val_missing'] . $list, '600', '600' );
				}
			}

   // get a list of current applications
   if( count( $app_list ) === 0 ) {
    $app_query = "SELECT * FROM `auth_applications` ORDER BY `app-name` ASC";
  	 if( ( $current = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $app_query, $dbconn ), $dbconn ) ) !== -1 ) {
     $app_list = $handles['db']->dbArrayResultsAssoc( $current );
  	 }
  		$appList = $handles['applications']->GenJumpMenuBoxApplications( $app_list, 'addList', $get['skin'] );
   }

   // get a list of current groups
   if( count( $user_list ) === 0 ) {
			 if( $groupmem === "admin" ) {
     $user_query = "SELECT * FROM `users` ORDER BY `group` ASC";
				} else {
				 $user_query = "SELECT * FROM `users` WHERE `owner` = \"" . $groupmem . "\" ORDER BY `group` ASC";
				}
 		 if( ( $current = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $user_query, $dbconn ), $dbconn ) ) !== -1 ) {
     $user_list = $handles['db']->dbArrayResultsAssoc( $current );
 		 }
    $UserList = $handles['users']->GenDropMenuWSelectedUsers( $user_list, $formData['AddUser'], "permissions[" . $formData['resPermAppHash'] . "][user][name]" );
   }

   // Generate a list of user groups to select from (limit by group)
   if( $groupmem === "admin" ) {
    $grp = "SELECT `group` FROM `groups` ORDER BY `group` ASC";
   } else {
    $grp = "SELECT `group` FROM `groups` WHERE `group` = \"" . $groupmem . "\" ORDER BY `group` ASC";
   }
		 if( ( $return = $handles['db']->dbQuery( $handles['val']->ValidateSQL( $grp, $dbconn ), $dbconn ) ) !== -1 ) {
    $grps = $handles['db']->dbArrayResultsAssoc( $return );
		 }
   if( count( $grps ) === 0 ) {
			 $GroupsList = "No Groups defined";
   } else {
    $GroupList = $handles['groups']->GenDropMenuWSelectedGroups( $grps, $formData['editUsrGroup'], "permissions[" . $formData['resPermAppHash'] . "][group][]" );
   }

   // give a message for the editing of permissions area
   if( empty( $get['id'] ) ) {
    $editPermissionsMsg = "Please select an application from the list of configured applications on the right first...";
   } else {
    $editPermissionsMsg = "Add new user(s) and/or group(s) to <i>'" . $formData['resPermAppName'] . "'</i>...";
   }

   // Do some cleaning before leaving
			$handles['misc']->CleanUpVars( $formData, NULL );

			// Perform analyze, repair and optimize on used tables
   $handles['db']->dbFixTable( "auth_applications", $dbconn );
   $handles['db']->dbFixTable( "resources", $dbconn );
   $handles['db']->dbFixTable( "resources_groups", $dbconn );
   $handles['db']->dbFixTable( "resources_users", $dbconn );
   $handles['db']->dbFixTable( "sessions", $dbconn );

			// Free db handle and close connection(s)
   $handles['db']->dbFreeData( $dbconn );
   $handles['db']->dbCloseConn( $dbconn );

   $handles['tpl']->assign( 'page', $page, NULL, NULL );
   $handles['tpl']->assign( 'message', $message, NULL, NULL );
   $handles['tpl']->assign( 'editPermissionsMsg', $editPermissionsMsg, NULL, NULL );
			$handles['tpl']->assign( 'appList', $appList, NULL, NULL );
   $handles['tpl']->assign( 'editAppID', $editAppID, NULL, NULL);
   $handles['tpl']->assign( 'resAppPermHash', $formData['resPermAppHash'], NULL, NULL);

   $handles['tpl']->assign( 'UserList', $UserList, NULL, NULL );
   $handles['tpl']->assign( 'usrList_err', $usrList_err, NULL, NULL );
   $handles['tpl']->assign( 'GroupList', $GroupList, NULL, NULL );
   $handles['tpl']->assign( 'grpList_err', $grpList_err, NULL, NULL );

   $handles['tpl']->assign( 'addAppName', $formData['addAppName'], NULL, NULL);
			$handles['tpl']->assign( 'addAppURL', $formData['addAppURL'], NULL, NULL);
			$handles['tpl']->assign( 'addAppDescription', $formData['addAppDescription'], NULL, NULL);
			$handles['tpl']->assign( 'addAppAdmin', $formData['addAppAdmin'], NULL, NULL);
   $handles['tpl']->assign( 'addAppEmail', $formData['addAppEmail'], NULL, NULL);

   $handles['tpl']->assign( 'addAppName_err', $addAppName_err, NULL, NULL);
			$handles['tpl']->assign( 'addAppURL_err', $addAppURL_err, NULL, NULL);
			$handles['tpl']->assign( 'addAppDescription_err', $addAppDescription_err, NULL, NULL);
			$handles['tpl']->assign( 'addAppAdmin_err', $addAppAdmin_err, NULL, NULL);
   $handles['tpl']->assign( 'addAppEmail_err', $addAppEmail_err, NULL, NULL);

   $handles['tpl']->assign( 'editAppName', $formData['editAppName'], NULL, NULL);
			$handles['tpl']->assign( 'editAppURL', $formData['editAppURL'], NULL, NULL);
			$handles['tpl']->assign( 'editAppDescription', $formData['editAppDescription'], NULL, NULL);
			$handles['tpl']->assign( 'editAppAdmin', $formData['editAppAdmin'], NULL, NULL);
   $handles['tpl']->assign( 'editAppEmail', $formData['editAppEmail'], NULL, NULL);

   $handles['tpl']->assign( 'editAppName_err', $editAppName_err, NULL, NULL);
			$handles['tpl']->assign( 'editAppURL_err', $editAppURL_err, NULL, NULL);
			$handles['tpl']->assign( 'editAppDescription_err', $editAppDescription_err, NULL, NULL);
			$handles['tpl']->assign( 'editAppAdmin_err', $editAppAdmin_err, NULL, NULL);
   $handles['tpl']->assign( 'editAppEmail_err', $editAppEmail_err, NULL, NULL);

   $handles['tpl']->assign( 'delAppName', $formData['delAppName'], NULL, NULL);
			$handles['tpl']->assign( 'delAppURL', $formData['delAppURL'], NULL, NULL);
			$handles['tpl']->assign( 'delAppDescription', $formData['delAppDescription'], NULL, NULL);
			$handles['tpl']->assign( 'delAppAdmin', $formData['delAppAdmin'], NULL, NULL);
   $handles['tpl']->assign( 'delAppEmail', $formData['delAppEmail'], NULL, NULL);

   $handles['tpl']->assign( 'delAppName_err', $delAppName_err, NULL, NULL);
			$handles['tpl']->assign( 'delAppURL_err', $delAppURL_err, NULL, NULL);
			$handles['tpl']->assign( 'delAppDescription_err', $delAppDescription_err, NULL, NULL);
			$handles['tpl']->assign( 'delAppAdmin_err', $delAppAdmin_err, NULL, NULL);
   $handles['tpl']->assign( 'delAppEmail_err', $delAppEmail_err, NULL, NULL);

   $handles['tpl']->assign( 'objGrpPerms', $objGrpPerms, NULL, NULL );
   $handles['tpl']->assign( 'objUsrPerms', $objUsrPerms, NULL, NULL );
   $handles['tpl']->assign( 'resPermAppName', $formData['resPermAppName'], NULL, NULL);
			$handles['tpl']->assign( 'resPermAppURL', $formData['resPermAppURL'], NULL, NULL);
			$handles['tpl']->assign( 'resPermAppDescription', $formData['resPermAppDescription'], NULL, NULL);
			$handles['tpl']->assign( 'resPermAppAdmin', $formData['resPermAppAdmin'], NULL, NULL);
   $handles['tpl']->assign( 'resPermAppEmail', $formData['resPermAppEmail'], NULL, NULL);

   $handles['tpl']->assign( 'resPermAppName_err', $resPermAppName_err, NULL, NULL);
			$handles['tpl']->assign( 'resPermAppURL_err', $resPermAppURL_err, NULL, NULL);
			$handles['tpl']->assign( 'resPermAppDescription_err', $resPermAppDescription_err, NULL, NULL);
			$handles['tpl']->assign( 'resPermAppAdmin_err', $resPermAppAdmin_err, NULL, NULL);
   $handles['tpl']->assign( 'resPermAppEmail_err', $resPermAppEmail_err, NULL, NULL);

   $handles['tpl']->assign( 'importLDAPGrps', $importLDAPGrps, NULL, NULL );
			$handles['tpl']->assign( 'importLDAPGrps_err', $importLDAPGrps_err, NULL, NULL );

  } else {
   $FILE = "notauthorized.tpl";
  }
  return $FILE;
 }
}
?>
Return current item: phpMyOrdering