Location: PHPKode > projects > WB News > admin/edit-usergroup.php
<?php

/*========================================================*\
||########################################################||
||#                                                      #||
||#     WB News v2.0.0                                   #||
||# ---------------------------------------------------- #||
||#     Copyright (c) 2004-2007                          #||
||#     Created: 7th May 2007                            #||
||#     Filename: edit-usergroup.php                     #||
||#                                                      #||
||########################################################||
/*========================================================*/

/**
 *  @author $Author: pmcilwaine $
 *	@version $Id: edit-usergroup.php,v 1.1.2.4.2.1 2008/07/14 11:02:37 pmcilwaine Exp $
 */

require_once( "global.php" );
require_once( INCDIR. "/bitperms.php" );
$auth->login_if( !$auth->has_perm( "usergroups" ) );

$myform = "edit-user";
if ( !isset($_SESSION["return_page"]) )
{
	$_SESSION["return_page"] = MAIN_SERVER . "/admin/user.php";
}

$page = new PageTemplateEngine( BuildPath("admin/main-page.ihtml") );
$tmpl->SetFilename( BuildPath("admin/edit-usergroup.ihtml") );

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => FALSE,
	"class_open" => "open",
	"links" => toolbarmenu()
	);
$toolbar = include( INCDIR . "/page-menu.php" );

$page->AddParam( "toolbar", $toolbar );
$page->AddParam( "userinfo", $userinfo );

$id = isset($_REQUEST["id"]) ? $DB->escape( $_REQUEST["id"] ) : NULL;

$formdata =& $tmpl->AddParam( "formdata", array() );
$options =& $tmpl->AddParam( "options", array() );

$cond = array();
$cond[] = "usergroupid='$id'";
$cond = join( " AND ", $cond );

$DB->query( "SELECT userid FROM " . TBL_USERS . " WHERE $cond" );
$deletable = !$DB->next_record();

$DB->query( "SELECT * FROM " . TBL_UGROUPS . " WHERE $cond" );
$is_new = !$DB->next_record();

$formdata["title"] = htmlspecialchars( $DB->field("title") );

if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["form"]) && $_POST["form"] == $myform )
{

	$err_msg = array();

	switch ( Submit() )
	{

	case "Create" :
	case "Ok" :
		
		$title = sanitize_post( "title" );
		
		if ( "" == $title )
		{
			$err_msg["title"] = "You must enter a title";
		}

		$group_bit = 0;
		if ( isset($_POST["perms"]) && is_array($_POST["perms"]) )
		{
			foreach ( $_POST["perms"] as $name )
			{
				if ( array_key_exists( $name, $permissions ) )
				{
					$group_bit += $permissions[$name];
				}
			}
		}

		if ( 0 == $group_bit )
		{
			$err_msg["perms"] = "You must have at least one permission";
		}
		
		if ( count($err_msg) > 0 )
		{
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"] = $err_msg;
			redirect( make_url() );
			exit;
		}
		
		$title = $DB->escape( $title );
		
		$query = array();
		if ( $is_new )
		{
			$new_id = $DB->NewID( SEQ_PREFIX . "seq_usergroups" );
			
			$userid = $userinfo["userid"];
			$query[] = "INSERT INTO " . TBL_UGROUPS;
			$query[] = "(usergroupid,title,group_bit)";
			$query[] = "VALUES($new_id,'$title',$group_bit)";
		}
		else
		{
			$query[] = "UPDATE " . TBL_UGROUPS . " SET";
			$query[] = "title='$title',";
			$query[] = "group_bit=$group_bit";
			$query[] = "WHERE usergroupid='$id'";
		}

		if ( !$DB->query( join( " ", $query ) ) )
		{
			Message( "Couldn't commit data" );
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			redirect( make_url() );
			exit;
		}

		switch ( Submit() )
		{
		case "Create":
			Message( "Created new usergroup" );
			break;
		case "Ok":
			Message( "Updated usergroup \"$title\"" );
			break;
		default:
			Message( "Unknown action" );
			break;
		}
		
		redirect( $_SESSION["return_page"] );
		exit;
	case "Delete" :
		$DB->query( "DELETE FROM " . TBL_USERS . " WHERE userid='$id'");
		redirect( $_SESSION["return_page"] );
		exit;
	case "Cancel" :
		if ( $is_new )
		{
			Message( "Cancelled creating news article" );
		}
		else
		{
			Message( "Cancelled updating \"" . htmlspecialchars( $_POST["title"] ) . "\"" );
		}
		redirect( $_SESSION["return_page"] );
		exit;
	}

}

$tmpl->AddParam( "caption", $DB->affectedrows() ? "Edit Usergroup" : "Create Usergroup" );

$formdata["hidden"] = array(
	"form" => $myform,
	"id" => $id
	);

$perms = $DB->field("group_bit");
$perms = NULL == $perms ? 0 : $perms;
$formdata["perms"] = array();
foreach ( $permissions as $name => $bit )
{
	$formdata["perms"][$name] = $bit & $perms ? TRUE : FALSE;
}

$options["perms"] = array();
foreach ( $labels as $value => $label )
{
	$options["perms"][htmlspecialchars($value)] = htmlspecialchars($label);
}

if ( $is_new )
{
	$tmpl->AddParam( "buttons", "Cancel,Create" );
}
else if ( !$deletable )
{
	$tmpl->AddParam( "buttons", "Cancel,Ok" );
}
else
{
	$tmpl->AddParam( "buttons", "Cancel,Delete,Ok" );
}

if ( isset($_SESSION["formdata"]) )
{
	if ( isset($_SESSION["err_msg"][$myform]) )
	{
		$tmpl->AddParam( "msg", $_SESSION["err_msg"][$myform] );
	}

	$formdata["username"] = sanitize_post_html( "username", NULL , $_SESSION["formdata"] );
	if ( isset($_SESSION["formdata"]["perms"]) )
	{
		foreach ( $_SESSION["formdata"]["perms"] as $perm )
		{
			$formdata["perms"][$perm] = TRUE;
		}
	}
	
	unset( $_SESSION["formdata"], $_SESSION["err_msg"][$myform] );
}

$pagemenu =& $tmpl->AddParam( "pagemenu", array() );
$page->BindParam( "pagemenu", $tmpl );

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => "\t<li>|</li>\n\t",
	"links" => buildmenu( $theme_info["pagemenu_build"] )
	);
$params = array_merge( $params, $theme_info["pagemenu"] );
$pagemenu = include( INCDIR . "/page-menu.php" );

$page->ParseContent( $tmpl->GetHTML() );
$page->ShowPage();

?>
Return current item: WB News