<?php
// File: $Id: groups.php,v 1.11 2001/12/04 21:01:05 jgm Exp $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2001 by the Post-Nuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Jim McDonald
// Purpose of file: Group administration
// ----------------------------------------------------------------------
if (!eregi('admin.php', $PHP_SELF)) { die ('Access Denied'); }
$hlpfile = 'manual/groups.html';
modules_get_language();
/*
* viewGroups - view groups
* Takes no parameters
*
*/
function viewGroups()
{
global $hlpfile, $dbconn, $pntable;
$grouptable = $pntable['groups'];
$groupcolumn = &$pntable['groups_column'];
include("header.php");
GraphicAdmin($hlpfile);
// Heading
OpenTable();
echo "<CENTER><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT><BR>";
if (!authorised(0, 'Groups::', '::', ACCESS_EDIT)) {
echo _GROUPSNOAUTH;
include 'footer.php';
return;
}
// Options
if (authorised(0, 'Groups::', '::', ACCESS_ADD)) {
echo '<BR>
<TABLE BORDER="0" WIDTH="100%">
<TR>
<TD><A HREF="admin.php?op=secnewgroup">
<CENTER><font class="pn-title">'.
_ADDGROUP.
'</FONT></CENTER></A></TD>
</TR><BR>
</TABLE>
<BR>';
}
// Get and display current groups
$query = "SELECT $groupcolumn[gid],
$groupcolumn[name]
FROM $grouptable
ORDER BY $groupcolumn[name]";
$result = $dbconn->Execute($query);
// FTO Check EOF and databse error + do not use record count
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
if (!$result->EOF) {
echo "<FORM ACTION=\"admin.php\" METHOD=\"POST\">".
"<TABLE BORDER=\"5\">".
"<TR FONT=\"pn-title\">".
"<TD><CENTER>"._GROUPNAME."</CENTER></TD>".
"<TD> </TD>".
"</TR>";
while(!$result->EOF) {
list($gid, $name) = $result->fields;
echo '<TR>';
if (authorised(0, 'Groups::', "$name::$gid", ACCESS_EDIT)) {
echo "<TD><A HREF=\"admin.php?op=secviewgroup&gid=$gid\">$name</A></TD>";
if (authorised(0, 'Groups::', "$name::$gid", ACCESS_DELETE)) {
echo "<TD><A HREF=\"admin.php?op=secdeletegroup&gid=$gid\">"._DELETE."</A></TD>";
} else {
echo "<TD> </TD>";
}
echo "</TR>";
}
$result->MoveNext();
}
echo "</TABLE>";
}
CloseTable();
include("footer.php");
}
/*
* viewGroup - view a group
* Takes one parameter:
* - the gid
*/
function viewGroup($gid)
{
global $hlpfile, $dbconn, $pntable;
$grouptable = $pntable['groups'];
$groupcolumn = &$pntable['groups_column'];
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn = &$pntable['group_membership_column'];
$usertable = $pntable['users'];
$usercolumn = &$pntable['users_column'];
include("header.php");
GraphicAdmin($hlpfile);
// Get details on current group
$query = "SELECT $groupcolumn[name]
FROM $grouptable
WHERE $groupcolumn[gid]=$gid";
$result = $dbconn->Execute($query);
// FTO Check atabase error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
if ($result->EOF) {
die("No such group ID $gid");
}
list($gname) = $result->fields;
$result->Close();
// Heading
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A><font class=\"pn-title\"><B>: $gname</B></FONT></CENTER>";
if (!authorised(0, 'Groups::', "$gname::$gid", ACCESS_EDIT)) {
echo _GROUPSNOAUTH;
CloseTable();
include 'footer.php';
return;
}
// Group options
echo "<BR>".
"<TABLE BORDER=\"0\" WIDTH=\"100%\">".
"<TR>";
if (authorised(0, 'Groups::', "$gname::$gid", ACCESS_EDIT)) {
echo "<TD><A HREF=\"admin.php?op=secselectuserforgroup&gid=$gid\"><CENTER><font class=\"pn-title\">"._ADDUSERTOGROUP."</FONT></CENTER></A></TD>".
"<TD><A HREF=\"admin.php?op=secmodifygroup&gid=$gid\"><CENTER><font class=\"pn-title\">"._MODIFYGROUP."</FONT></CENTER></A></TD>";
if (authorised(0, 'Groups::', "$gname::$gid", ACCESS_DELETE)) {
echo "<TD><A HREF=\"admin.php?op=secdeletegroup&gid=$gid\"><CENTER><font class=\"pn-title\">"._DELETEGROUP."</FONT></CENTER></A></TD>";
}
}
echo "</TR>".
"</TABLE>".
"<BR>";
// Get users in this group
$query = "SELECT $groupmembershipcolumn[uid]
FROM $groupmembershiptable
WHERE $groupmembershipcolumn[gid]=$gid";
$result = $dbconn->Execute($query);
// FTO Check EOF and databse error + do not use record count
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
if (!$result->EOF) {
//FTO Check EOF
while (!$result->EOF){
// for(;list($uid) = $result->fields;$result->MoveNext() ) {
list($uid) = $result->fields;
$uids[] = $uid;
$result->MoveNext();
}
$result->Close();
$uidlist=implode(",", $uids);
// Get names of users
$query = "SELECT $usercolumn[uname],
$usercolumn[uid]
FROM $usertable
WHERE $usercolumn[uid] IN ($uidlist)
ORDER BY $usercolumn[name]";
$result = $dbconn->Execute($query);
echo "<CENTER><B>"._USERSINGROUP."</B><BR>".
"<TABLE BORDER=\"1\">".
"<TR FONT=\"pn-title\">".
"<TD><CENTER>"._USERNAME."</CENTER></TD>".
"<TD> </TD>".
"</TR>";
// FTO Check EOF and databse error + do not use record count
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
while(!$result->EOF) {
list($uname, $uid) = $result->fields;
echo "<TR>".
"<TD>$uname</TD>";
if (authorised(0, 'Groups::', "$gname::$gid", ACCESS_DELETE)) {
echo "<TD><A HREF=\"admin.php?op=secdeleteuserfromgroup&uid=$uid&gid=$gid\">"._DELETE."</A></TD>";
} else {
echo "<TD> </TD>";
}
echo "</TR>";
$result->MoveNext();
}
$result->Close();
echo "</TABLE></CENTER><BR>";
} else {
echo "<CENTER><B>"._NOONEINGROUP."</B></CENTER>";
}
CloseTable();
include("footer.php");
}
/*
* newGroup - create a new group
* Takes no parameters
*/
function newGroup()
{
global $hlpfile;
include("header.php");
GraphicAdmin($hlpfile);
// Heading
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A></CENTER>";
echo "<BR>";
if (!authorised(0, 'Groups::', '::', ACCESS_ADD)) {
echo _GROUPSADDNOAUTH;
CloseTable();
include 'footer.php';
return;
}
echo "<FORM ACTION=\"admin.php\" METHOD=\"POST\">".
"<INPUT TYPE=\"HIDDEN\" NAME=\"op\" VALUE=\"secaddgroup\">".
_GROUPNAME. ": <INPUT TYPE=\"TEXT\" NAME=\"gname\"><P>".
"<INPUT TYPE=SUBMIT VALUE=\""._NEWGROUP."\">".
"</FORM>";
CloseTable();
include("footer.php");
}
/*
* addGroup - add a group
* Takes one parameter:
* - the group name
*/
function addGroup($gname)
{
global $hlpfile, $dbconn, $pntable;
csrfcheck();
if (!authorised(0, 'Groups::', "$gname::", ACCESS_ADD)) {
include 'header.php';
GraphicAdmin($hlpfile);
OpenTable();
echo _GROUPSADDNOAUTH;
CloseTable();
include 'footer.php';
return;
}
$grouptable = $pntable['groups'];
$groupcolumn = &$pntable['groups_column'];
// Confirm that this group does not already exist
//FTO Use single quote for where
$query = "SELECT COUNT(*) FROM $grouptable
WHERE $groupcolumn[name] = '$gname'";
$result = $dbconn->Execute($query);
list($count) = $result->fields;
//FTO Avoid error if not $result
if ($result) $result->Close();
if ($count == 1) {
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A>: $gname</CENTER>";
echo "<BR>";
echo _GROUPALREADYEXISTS;
} else {
// FTO : Add SEQ suffix to avoid conflict name with ORACLE
$nextId = $dbconn->GenId("{$grouptable}_SEQ");
//FTO Use single quote for values
$query = "INSERT INTO $grouptable
VALUES ($nextId, '$gname')";
$dbconn->Execute($query);
pnRedirect('/admin.php?op=secviewgroups');
}
}
/*
* deleteGroup - delete a group
* Takes two parameters:
* - the group ID
* - confirmation
*/
function deleteGroup($gid, $ok)
{
global $hlpfile, $dbconn, $pntable;
csrfcheck();
$groupstable = $pntable['groups'];
$groupscolumn = &$pntable['groups_column'];
// Get details on current group
$query = "SELECT $groupscolumn[name]
FROM $groupstable
WHERE $groupscolumn[gid]=$gid";
$result = $dbconn->Execute($query);
if ($result->EOF) {
die("No such group ID $gid");
}
list($gname) = $result->fields;
$result->Close();
if (!authorised(0, 'Groups::', "$gname::$gid", ACCESS_DELETE)) {
include 'header.php';
GraphicAdmin($hlpfile);
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A>: $gname</CENTER>";
CloseTable();
echo _GROUPSDELNOAUTH;
include 'footer.php';
return;
}
if (!$ok) {
include("header.php");
GraphicAdmin($hlpfile);
// Heading
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A>: $gname</CENTER>";
echo "<BR>
<CENTER>".
_DELETEGROUPSURE.
"<FORM ACTION=\"admin.php\" METHOD=\"POST\">
<INPUT TYPE=\"HIDDEN\" NAME=\"op\" VALUE=\"secdeletegroup\">
<INPUT TYPE=\"HIDDEN\" NAME=\"ok\" VALUE=\"1\">
<INPUT TYPE=\"HIDDEN\" NAME=\"gid\" VALUE=\"$gid\">
<INPUT TYPE=\"SUBMIT\" VALUE=\"".
_YES.
"\">
</FORM>
<BR>
<A HREF=\"admin.php?op=secviewgroups\">".
_NO.
"</A>
</CENTER>";
CloseTable();
include("footer.php");
} else {
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn = &$pntable['group_membership_column'];
$grouppermstable = $pntable['group_perms'];
$grouppermscolumn = &$pntable['group_perms_column'];
$groupstable = $pntable['groups'];
$groupscolumn = &$pntable['groups_column'];
// Delete permissions for the group
$query = "DELETE FROM $grouppermstable
WHERE $grouppermscolumn[gid]=$gid";
$dbconn->Execute($query);
// Delete membership of the group
$query = "DELETE FROM $groupmembershiptable
WHERE $groupmembershipcolumn[gid]=$gid";
$dbconn->Execute($query);
// Delete the group itself
$query = "DELETE FROM $groupstable
WHERE $groupscolumn[gid]=$gid";
$dbconn->Execute($query);
pnRedirect('admin.php?op=secviewgroups');
}
}
/*
* selectUserForGroup - select a user to add to
* a group
* Takes one parameter:
* - the group ID
*/
function selectUserForGroup($gid)
{
global $hlpfile, $dbconn, $pntable;
$grouptable = $pntable['groups'];
$groupcolumn = &$pntable['groups_column'];
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn = &$pntable['group_membership_column'];
$usertable = $pntable['users'];
$usercolumn = &$pntable['users_column'];
include("header.php");
GraphicAdmin($hlpfile);
// Get details on current group
$query = "SELECT $groupcolumn[name]
FROM $grouptable
WHERE $groupcolumn[gid]=$gid";
$result = $dbconn->Execute($query);
if ($result->EOF) {
die("No such group ID $gid");
}
list($gname) = $result->fields;
$result->Close();
// Heading
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A><font class=\"pn-title\"><B>: $gname</B></FONT></CENTER>";
echo "<BR>";
if (!authorised(0, 'Groups::', "$gname::$gid", ACCESS_EDIT)) {
CloseTable();
echo _GROUPSEDITNOAUTH;
include 'footer.php';
return;
}
// Get list of users already in this group
$query = "SELECT $groupmembershipcolumn[uid]
FROM $groupmembershiptable
WHERE $groupmembershipcolumn[gid]=$gid";
$result = $dbconn->Execute($query);
$uids = array();
// FTO Check EOF and databse error + do not use record count
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
while(!$result->EOF) {
list($uid) = $result->fields;
$uids[] = $uid;
$result->MoveNext();
}
$uidlist = implode(",", $uids);
$result->Close();
// Get list of eligible users
$query = "SELECT $usercolumn[uid],
$usercolumn[uname]
FROM $usertable";
if (!empty($uidlist)) {
$query .= " WHERE $usercolumn[uid] NOT IN ($uidlist)";
}
$query .= " ORDER BY $usercolumn[uname]";
$result = $dbconn->Execute($query);
if (!$result->EOF) {
echo "<BR>".
"<FORM ACTION=\"admin.php\" METHOD=\"POST\">".
_USERTOADD.": ".
"<INPUT TYPE=\"HIDDEN\" NAME=\"op\" VALUE=\"secaddusertogroup\">".
"<INPUT TYPE=\"HIDDEN\" NAME=\"gid\" VALUE=\"$gid\">".
"<SELECT NAME=\"uid\">";
// FTO Check EOF and databse error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
while(!$result->EOF) {
list($uid, $uname) = $result->fields;
echo "<OPTION VALUE=\"$uid\">$uname</OPTION>";
$result->MoveNext();
}
echo "</SELECT>".
" <INPUT TYPE=\"SUBMIT\" VALUE=\""._CONFIRM."\">".
"</FORM>";
} else {
echo "<B>All users are currently in this group</B>";
}
$result->Close();
CloseTable();
include("footer.php");
}
/*
* addUserToGroup - add a user to a group
* Takes two parameters:
* - the user ID
* - the group ID
*/
function addUserToGroup($uid, $gid)
{
global $hlpfile, $dbconn, $pntable;
csrfcheck();
// Get details on current group
$groupstable = $pntable['groups'];
$groupscolumn = &$pntable['groups_column'];
$query = "SELECT $groupscolumn[name]
FROM $groupstable
WHERE $groupscolumn[gid]=$gid";
$result = $dbconn->Execute($query);
if ($result->EOF) {
die("No such group ID $gid");
}
list($gname) = $result->fields;
$result->Close();
if (!authorised(0, 'Groups::', "$gname::$gid", ACCESS_EDIT)) {
include 'header.php';
GraphicAdmin($hlpfile);
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A>: $gname</CENTER>";
CloseTable();
echo _GROUPSEDITNOAUTH;
include 'footer.php';
return;
}
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn = &$pntable['group_membership_column'];
$query = "INSERT INTO $groupmembershiptable
($groupmembershipcolumn[uid],
$groupmembershipcolumn[gid])
VALUES ($uid, $gid)";
$dbconn->Execute($query);
Header("Location: admin.php?op=secviewgroup&gid=".$gid);
}
/*
* deleteUserFromGroup - delete a user from a group
* Takes two parameters:
* - the user ID
* - the group ID
*/
function deleteUserFromGroup($uid, $gid)
{
global $hlpfile, $dbconn, $pntable;
csrfcheck();
// Get details on current group
$groupstable = $pntable['groups'];
$groupscolumn = &$pntable['groups_column'];
$query = "SELECT $groupscolumn[name]
FROM $groupstable
WHERE $groupscolumn[gid]=$gid";
$result = $dbconn->Execute($query);
if ($result->EOF) {
die("No such group ID $gid");
}
list($gname) = $result->fields;
$result->Close();
if (!authorised(0, 'Groups::', "$gname::$gid", ACCESS_EDIT)) {
include 'header.php';
GraphicAdmin($hlpfile);
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A>: $gname</CENTER>";
CloseTable();
echo _GROUPSEDITNOAUTH;
include 'footer.php';
return;
}
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn = &$pntable['group_membership_column'];
$query = "DELETE FROM $groupmembershiptable
WHERE $groupmembershipcolumn[uid]=$uid
AND $groupmembershipcolumn[gid]=$gid";
$dbconn->Execute($query);
pnRedirect('admin.php?op=secviewgroup&gid='.$gid);
}
/*
* modifyGroup - modify group details
* Takes one parameter:
* - the group ID
*/
function modifyGroup($gid)
{
global $hlpfile, $dbconn, $pntable;
$groupstable = $pntable['groups'];
$groupscolumn = &$pntable['groups_column'];
include("header.php");
GraphicAdmin($hlpfile);
$query = "SELECT $groupscolumn[name]
FROM $groupstable
WHERE $groupscolumn[gid]=$gid";
$result = $dbconn->Execute($query);
// FTO Check database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
if ($result->EOF) {
die("No such group ID $gid");
}
list($gname) = $result->fields;
$result->Close();
// Heading
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A>: $gname</CENTER>";
echo "<br>";
if (!authorised(0, 'Groups::', "$gname::$gid", ACCESS_EDIT)) {
CloseTable();
echo _GROUPSEDITNOAUTH;
include 'footer.php';
return;
}
echo "<form action=\"admin.php\" method=\"post\">".
"<input type=\"hidden\" name=\"op\" value=\"secrenamegroup\">".
"<input type=\"hidden\" name=\"gid\" value=\"$gid\">".
_GROUPNAME. ": <input type=\"text\" name=\"gname\" value=\"$gname\"><P>".
"<input type=submit value=\""._RENAMEGROUP."\">".
"</form>";
CloseTable();
include("footer.php");
}
/*
* renameGroup - rename group
* Takes two parameters:
* - the group ID
* - the new group name
*/
function renameGroup($gid, $gname)
{
global $hlpfile, $dbconn, $pntable;
csrfcheck();
$groupstable = $pntable['groups'];
$groupscolumn = &$pntable['groups_column'];
// Get details on current group
$query = "SELECT $groupscolumn[name]
FROM $groupstable
WHERE $groupscolumn[gid]=$gid";
$result = $dbconn->Execute($query);
// FTO Check database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
if ($result->EOF) {
die("No such group ID $gid");
}
list($oldgname) = $result->fields;
$result->Close();
if (!authorised(0, 'Groups::', "$oldgname::$gid", ACCESS_EDIT)) {
include 'header.php';
GraphicAdmin($hlpfile);
OpenTable();
echo "<CENTER><A HREF=\"admin.php?op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>"._GROUPADMIN."</B></FONT></A>: $gname</CENTER>";
CloseTable();
echo _GROUPSEDITNOAUTH;
include 'footer.php';
return;
}
//FTO Use single quote for values
$query = "UPDATE $groupstable
SET $groupscolumn[name]='$gname' WHERE $groupscolumn[gid]=$gid";
$result=$dbconn->Execute($query);
// FTO Check database error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
pnRedirect('admin.php?op=secviewgroup&gid='.$gid);
}
//FTO Remove warning
if (!isset($ok)) $ok=0;
// Main function
if (!authorised(0, 'Groups::', '::', ACCESS_EDIT)) {
include 'header.php';
echo _GROUPSNOAUTH;
include 'footer.php';
} else {
switch($op) {
case "secviewgroups";
viewGroups();
break;
case "secviewgroup";
viewGroup($gid);
break;
case "secnewgroup";
newGroup();
break;
case "secaddgroup";
addGroup($gname);
break;
case "secdeletegroup";
deleteGroup($gid, $ok);
break;
case "secselectuserforgroup";
selectUserForGroup($gid);
break;
case "secaddusertogroup";
addUserToGroup($uid, $gid);
break;
case "secdeleteuserfromgroup";
deleteUserFromGroup($uid, $gid);
break;
case "secmodifygroup";
modifyGroup($gid);
break;
case "secrenamegroup";
renameGroup($gid, $gname);
break;
}
}
?>