<?php
/*========================================================*\
||########################################################||
||# #||
||# WB News v2.0.0 #||
||# ---------------------------------------------------- #||
||# Copyright (c) 2004-2007 #||
||# Created: 7th May 2007 #||
||# Filename: edit-usergroup.php #||
||# #||
||########################################################||
/*========================================================*/
/**
* @author $Author: pmcilwaine $
* @version $Id: edit-usergroup.php,v 1.1.2.4.2.1 2008/07/14 11:02:37 pmcilwaine Exp $
*/
require_once( "global.php" );
require_once( INCDIR. "/bitperms.php" );
$auth->login_if( !$auth->has_perm( "usergroups" ) );
$myform = "edit-user";
if ( !isset($_SESSION["return_page"]) )
{
$_SESSION["return_page"] = MAIN_SERVER . "/admin/user.php";
}
$page = new PageTemplateEngine( BuildPath("admin/main-page.ihtml") );
$tmpl->SetFilename( BuildPath("admin/edit-usergroup.ihtml") );
$params = array(
"entry" => "\t<li>%s</li>\n\t",
"separator" => FALSE,
"class_open" => "open",
"links" => toolbarmenu()
);
$toolbar = include( INCDIR . "/page-menu.php" );
$page->AddParam( "toolbar", $toolbar );
$page->AddParam( "userinfo", $userinfo );
$id = isset($_REQUEST["id"]) ? $DB->escape( $_REQUEST["id"] ) : NULL;
$formdata =& $tmpl->AddParam( "formdata", array() );
$options =& $tmpl->AddParam( "options", array() );
$cond = array();
$cond[] = "usergroupid='$id'";
$cond = join( " AND ", $cond );
$DB->query( "SELECT userid FROM " . TBL_USERS . " WHERE $cond" );
$deletable = !$DB->next_record();
$DB->query( "SELECT * FROM " . TBL_UGROUPS . " WHERE $cond" );
$is_new = !$DB->next_record();
$formdata["title"] = htmlspecialchars( $DB->field("title") );
if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["form"]) && $_POST["form"] == $myform )
{
$err_msg = array();
switch ( Submit() )
{
case "Create" :
case "Ok" :
$title = sanitize_post( "title" );
if ( "" == $title )
{
$err_msg["title"] = "You must enter a title";
}
$group_bit = 0;
if ( isset($_POST["perms"]) && is_array($_POST["perms"]) )
{
foreach ( $_POST["perms"] as $name )
{
if ( array_key_exists( $name, $permissions ) )
{
$group_bit += $permissions[$name];
}
}
}
if ( 0 == $group_bit )
{
$err_msg["perms"] = "You must have at least one permission";
}
if ( count($err_msg) > 0 )
{
$_SESSION["formdata"] = $_POST;
$_SESSION["err_msg"] = $err_msg;
redirect( make_url() );
exit;
}
$title = $DB->escape( $title );
$query = array();
if ( $is_new )
{
$new_id = $DB->NewID( SEQ_PREFIX . "seq_usergroups" );
$userid = $userinfo["userid"];
$query[] = "INSERT INTO " . TBL_UGROUPS;
$query[] = "(usergroupid,title,group_bit)";
$query[] = "VALUES($new_id,'$title',$group_bit)";
}
else
{
$query[] = "UPDATE " . TBL_UGROUPS . " SET";
$query[] = "title='$title',";
$query[] = "group_bit=$group_bit";
$query[] = "WHERE usergroupid='$id'";
}
if ( !$DB->query( join( " ", $query ) ) )
{
Message( "Couldn't commit data" );
$_SESSION["formdata"] = $_POST;
$_SESSION["err_msg"][$myform] = $err_msg;
redirect( make_url() );
exit;
}
switch ( Submit() )
{
case "Create":
Message( "Created new usergroup" );
break;
case "Ok":
Message( "Updated usergroup \"$title\"" );
break;
default:
Message( "Unknown action" );
break;
}
redirect( $_SESSION["return_page"] );
exit;
case "Delete" :
$DB->query( "DELETE FROM " . TBL_USERS . " WHERE userid='$id'");
redirect( $_SESSION["return_page"] );
exit;
case "Cancel" :
if ( $is_new )
{
Message( "Cancelled creating news article" );
}
else
{
Message( "Cancelled updating \"" . htmlspecialchars( $_POST["title"] ) . "\"" );
}
redirect( $_SESSION["return_page"] );
exit;
}
}
$tmpl->AddParam( "caption", $DB->affectedrows() ? "Edit Usergroup" : "Create Usergroup" );
$formdata["hidden"] = array(
"form" => $myform,
"id" => $id
);
$perms = $DB->field("group_bit");
$perms = NULL == $perms ? 0 : $perms;
$formdata["perms"] = array();
foreach ( $permissions as $name => $bit )
{
$formdata["perms"][$name] = $bit & $perms ? TRUE : FALSE;
}
$options["perms"] = array();
foreach ( $labels as $value => $label )
{
$options["perms"][htmlspecialchars($value)] = htmlspecialchars($label);
}
if ( $is_new )
{
$tmpl->AddParam( "buttons", "Cancel,Create" );
}
else if ( !$deletable )
{
$tmpl->AddParam( "buttons", "Cancel,Ok" );
}
else
{
$tmpl->AddParam( "buttons", "Cancel,Delete,Ok" );
}
if ( isset($_SESSION["formdata"]) )
{
if ( isset($_SESSION["err_msg"][$myform]) )
{
$tmpl->AddParam( "msg", $_SESSION["err_msg"][$myform] );
}
$formdata["username"] = sanitize_post_html( "username", NULL , $_SESSION["formdata"] );
if ( isset($_SESSION["formdata"]["perms"]) )
{
foreach ( $_SESSION["formdata"]["perms"] as $perm )
{
$formdata["perms"][$perm] = TRUE;
}
}
unset( $_SESSION["formdata"], $_SESSION["err_msg"][$myform] );
}
$pagemenu =& $tmpl->AddParam( "pagemenu", array() );
$page->BindParam( "pagemenu", $tmpl );
$params = array(
"entry" => "\t<li>%s</li>\n\t",
"separator" => "\t<li>|</li>\n\t",
"links" => buildmenu( $theme_info["pagemenu_build"] )
);
$params = array_merge( $params, $theme_info["pagemenu"] );
$pagemenu = include( INCDIR . "/page-menu.php" );
$page->ParseContent( $tmpl->GetHTML() );
$page->ShowPage();
?>