Location: PHPKode > projects > wawp > wawp/administration/groups.members.php
<?php
/********************** WEB AUTHENTICATION with PHP **************************
This package provide a set of tools for web authentication with php and mysql.


GNU GENERAL PUBLIC LICENSE
Version 2, June 1991

WEB AUTHENTICATION with PHP

Copyright (C) 2005-2006  Naldi Stefano

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA


CONTACT

Please send any question, bug or communication to the author:


Naldi Stefano


ITALY

e-mail: hide@address.com

*****************************************************************************/

$infi = str_replace ("\\", "/", get_included_files());
if(!in_array(stripslashes(dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/admin.php"), $infi)
   || !in_array(stripslashes(dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/config.php"), $infi))
  {
    require (dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/php_pages_header.php");
  }

if ( ((isset($_POST['un'])) && ($_POST['un'] != "")) && ((isset($_POST['assigned'])) && ($_POST['assigned'] != ""))) {
  $deleteSQL = sprintf("DELETE FROM groups_members WHERE groupname=%s AND membername=%s",
                       GetSQLValueString($_POST['un'], "text"),
					   GetSQLValueString($_POST['assigned'], "text"));

  mysql_select_db($mydbname, $mylink);
  $Result1 = mysql_query($deleteSQL, $mylink) or die(mysql_error());

}

if ( ((isset($_POST['un'])) && ($_POST['un'] != "")) && ((isset($_POST['notassigned'])) && ($_POST['notassigned'] != ""))) {

$insertSQL = sprintf("INSERT INTO groups_members (groupname, membername) VALUES (%s, %s)",
                       GetSQLValueString($_POST['un'], "text"),
                       GetSQLValueString($_POST['notassigned'], "text"));

  mysql_select_db($mydbname, $mylink);
  $Result2 = mysql_query($insertSQL, $mylink) or die(mysql_error());

}

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$colname_Recordset1 = "1";
if (isset($_POST['un'])) {
  $colname_Recordset1 = (get_magic_quotes_gpc()) ? $_POST['un'] : addslashes($_POST['un']);
}
mysql_select_db($mydbname, $mylink);
$query_Recordset1 = sprintf("SELECT * FROM groups_members WHERE groupname = '%s'", $colname_Recordset1);
$Recordset1 = mysql_query($query_Recordset1, $mylink) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

$colname_Recordset2 = "1";
if (isset($_POST['un'])) {
  $colname_Recordset2 = (get_magic_quotes_gpc()) ? $_POST['un'] : addslashes($_POST['un']);
}
mysql_select_db($mydbname, $mylink);
$query_Recordset2 = sprintf("SELECT users_and_groups.* FROM users_and_groups LEFT JOIN groups_members ON (users_and_groups.name=groups_members.membername AND groups_members.groupname='%s') WHERE groups_members.membername IS NULL AND users_and_groups.name<>'%s' ORDER BY ntype, name ASC", $colname_Recordset2, $_POST['un']);
$Recordset2 = mysql_query($query_Recordset2, $mylink) or die(mysql_error());
$row_Recordset2 = mysql_fetch_assoc($Recordset2);
$totalRows_Recordset2 = mysql_num_rows($Recordset2);
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Web Authentication with PHP</title>
<style type="text/css">
<!--
.style4 {
	color: #FFFF00;
	font-weight: bold;
}
.style5 {color: #FF0000}
-->
</style>
</head>

<body>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <!--DWLayoutTable-->
  <tr>
    <td width="100%" height="50" align="center" valign="middle" bgcolor="#0000FF"><div align="center" class="style4">Web Authentication with PHP  &nbsp;    v. 1.1<br>
    <small><small style="font-style: italic;">
	<span style="color: rgb(255, 255, 0);">Released under the GNU General Public License</span></small></small><br>
      </div></td>
  </tr>
  <tr>
    <td height="50" align="center" valign="middle" bgcolor="#FFCC33"><div align="center" class="style5">
      <table width="80%" cellspacing="1" bgcolor="#0000FF">
        <tr align="center" bgcolor="#FFCC33">
          <td width="20%" bgcolor="#FFCC33"><a href="../index.php">Administration</a></td>
          <td width="20%"><a href="../setup/setup.php">Setup</a></td>
          <td width="20%"><a href="users.php">Users</a></td>
          <td width="20%" bgcolor="#FFFFFF"><a href="groups.php">Groups</a></td>
          <td width="20%"><a href="locations.php">Locations</a></td>
        </tr>
      </table>
    </div></td>
  </tr>
  <tr>
    <td height="350" align="center" valign="top"><br>
      <br>
      <form name="form1" method="post" action="groups.members.php">
        <table width="80%" cellspacing="1" bgcolor="#0000FF" >
          <tr bgcolor="#FFFFFF">
            <td colspan="3">Group&nbsp;&nbsp;&nbsp;              <input name="un" type="text" id="un" value="<?php echo $_POST['un']; ?>" size="50" readonly="true"></td>
          </tr>
          <tr bgcolor="#FFFFFF">
            <td colspan="3">&nbsp;</td>
          </tr>
          <tr bgcolor="#FFFFFF">
            <td width="40%"><div align="center">assigned</div></td>
            <td width="20%"><div align="center">move</div></td>
            <td width="40%"><div align="center">not assigned </div></td>
          </tr>
          <tr bgcolor="#FFFFFF">
            <td width="40%"><div align="center">
              <select name="assigned" size="10" id="assigned">
                <?php
do {
?>
                <option value="<?php echo $row_Recordset1['membername']?>"><?php echo $row_Recordset1['membername']?></option>
                <?php
} while ($row_Recordset1 = mysql_fetch_assoc($Recordset1));
  $rows = mysql_num_rows($Recordset1);
  if($rows > 0) {
      mysql_data_seek($Recordset1, 0);
	  $row_Recordset1 = mysql_fetch_assoc($Recordset1);
  }
?>
              </select>
            </div></td>
            <td width="20%"><div align="center">
              <input type="submit" name="Submit" value="<<->>">
            </div></td>
            <td width="40%"><div align="center">
              <select name="notassigned" size="10" id="notassigned">
                <?php
do {
?>
                <option value="<?php echo $row_Recordset2['name']?>"><?php echo $row_Recordset2['name']?></option>
                <?php
} while ($row_Recordset2 = mysql_fetch_assoc($Recordset2));
  $rows = mysql_num_rows($Recordset2);
  if($rows > 0) {
      mysql_data_seek($Recordset2, 0);
	  $row_Recordset2 = mysql_fetch_assoc($Recordset2);
  }
?>
              </select>
            </div></td>
          </tr>
        </table>
      </form>      <p>&nbsp;</p></td>
  </tr>
</table>
</body>
</html>
<?php
mysql_free_result($Recordset1);

mysql_free_result($Recordset2);
?>

Return current item: wawp