Go to most recent revision | Blame | Last modification | View Log | Download
<?php
// +-----------------------------------------------------------------------+
// | PhpWebGallery - a PHP based picture gallery |
// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |
// +-----------------------------------------------------------------------+
// | branch : BSF (Best So Far)
// | file : $RCSfile: group_list.php,v $
// | last update : $Date: 2005/01/17 21:02:43 $
// | last modifier : $Author: plg $
// | revision : $Revision: 1.15 $
// +-----------------------------------------------------------------------+
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation |
// | |
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
if( !defined("PHPWG_ROOT_PATH") )
{
die ("Hacking attempt!");
}
include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );
//-------------------------------------------------------------- delete a group
$error = array();
if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) )
{
// destruction of the access linked to the group
$query = 'DELETE FROM '.GROUP_ACCESS_TABLE;
$query.= ' WHERE group_id = '.$_POST['group_id'];
$query.= ';';
pwg_query( $query );
// destruction of the users links for this group
$query = 'DELETE FROM ' . USER_GROUP_TABLE;
$query.= ' WHERE group_id = '.$_POST['group_id'];
pwg_query( $query );
// destruction of the group
$query = 'DELETE FROM ' . GROUPS_TABLE;
$query.= ' WHERE id = '.$_POST['group_id'];
$query.= ';';
pwg_query( $query );
}
//----------------------------------------------------------------- add a group
elseif ( isset( $_POST['new'] ) )
{
if ( empty($_POST['newgroup']) || preg_match( "/'/", $_POST['newgroup'] )
or preg_match( '/"/', $_POST['newgroup'] ) )
{
array_push( $error, $lang['group_add_error1'] );
}
if ( count( $error ) == 0 )
{
// is the group not already existing ?
$query = 'SELECT id FROM '.GROUPS_TABLE;
$query.= " WHERE name = '".$_POST['newgroup']."'";
$query.= ';';
$result = pwg_query( $query );
if ( mysql_num_rows( $result ) > 0 )
{
array_push( $error, $lang['group_add_error2'] );
}
}
if ( count( $error ) == 0 )
{
// creating the group
$query = ' INSERT INTO '.GROUPS_TABLE;
$query.= " (name) VALUES ('".$_POST['newgroup']."')";
$query.= ';';
pwg_query( $query );
}
}
//--------------------------------------------------------------- user management
elseif ( isset( $_POST['add'] ) )
{
$userdata = getuserdata($_POST['username']);
if (!$userdata)
{
array_push($error, $lang['user_err_unknown']);
}
else
{
// create a new association between the user and a group
$query = '
INSERT INTO '.USER_GROUP_TABLE.'
(user_id,group_id)
VALUES
('.$userdata['id'].','.$_POST['edit_group_id'].')
;';
pwg_query($query);
}
}
elseif (isset( $_POST['deny_user'] ))
{
$sql_in = '';
$members = $_POST['members'];
for($i = 0; $i < count($members); $i++)
{
$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);
}
$query = 'DELETE FROM ' . USER_GROUP_TABLE;
$query.= ' WHERE user_id IN ('.$sql_in;
$query.= ') AND group_id = '.$_POST['edit_group_id'];
pwg_query( $query );
}
//-------------------------------------------------------------- errors display
if ( sizeof( $error ) != 0 )
{
$template->assign_block_vars('errors',array());
for ( $i = 0; $i < sizeof( $error ); $i++ )
{
$template->assign_block_vars('errors.error',array('ERROR'=>$error[$i]));
}
}
//----------------------------------------------------------------- groups list
$query = 'SELECT id,name FROM '.GROUPS_TABLE;
$query.= ' ORDER BY id ASC;';
$result = pwg_query( $query );
$groups_display = '<select name="group_id">';
$groups_nb=0;
while ( $row = mysql_fetch_array( $result ) )
{
$groups_nb++;
$selected = '';
if (isset($_POST['group_id']) && $_POST['group_id']==$row['id'])
$selected = 'selected';
$groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>';
}
$groups_display .= '</select>';
$action = PHPWG_ROOT_PATH.'admin.php?page=group_list';
//----------------------------------------------------- template initialization
$template->set_filenames( array('groups'=>'admin/group_list.tpl') );
$template->assign_vars(array(
'S_GROUP_SELECT'=>$groups_display,
'L_GROUP_SELECT'=>$lang['group_list_title'],
'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'],
'L_LOOK_UP'=>$lang['edit'],
'L_GROUP_DELETE'=>$lang['delete'],
'L_CREATE_NEW_GROUP'=>$lang['group_add'],
'L_GROUP_EDIT'=>$lang['group_edit'],
'L_USER_NAME'=>$lang['login'],
'L_USER_EMAIL'=>$lang['mail_address'],
'L_USER_SELECT'=>$lang['Select'],
'L_DENY_SELECTED'=>$lang['group_deny_user'],
'L_ADD_MEMBER'=>$lang['group_add_user'],
'L_FIND_USERNAME'=>$lang['Find_username'],
'S_GROUP_ACTION'=>add_session_id($action),
'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')
));
if ($groups_nb)
{
$template->assign_block_vars('select_box',array());
}
//----------------------------------------------------------------- add a group
if ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] ))
{
// Retrieving the group name
$query = 'SELECT id, name FROM '.GROUPS_TABLE;
$query.= " WHERE id = '".$_POST['group_id']."'";
$query.= ';';
$result = mysql_fetch_array(pwg_query( $query ));
$template->assign_block_vars('edit_group',array(
'GROUP_NAME'=>$result['name'],
'GROUP_ID'=>$result['id']
));
// Retrieving all the users
$query = 'SELECT id, username, mail_address';
$query.= ' FROM ('.USERS_TABLE.' as u';
$query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)';
$query.= " WHERE ug.group_id = '".$_POST['group_id']."';";
$result = pwg_query( $query );
$i=0;
while ( $row = mysql_fetch_array( $result ) )
{
$class = ($i % 2)? 'row1':'row2'; $i++;
$template->assign_block_vars('edit_group.user',array(
'ID'=>$row['id'],
'NAME'=>$row['username'],
'EMAIL'=>$row['mail_address'],
'T_CLASS'=>$class
));
}
}
//----------------------------------------------------------- sending html code
$template->assign_var_from_handle('ADMIN_CONTENT', 'groups');
?>