Blame | Last modification | View Log | Download
<?php// +-----------------------------------------------------------------------+// | PhpWebGallery - a PHP based picture gallery |// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |// +-----------------------------------------------------------------------+// | branch : BSF (Best So Far)// | file : $RCSfile: group_list.php,v $// | last update : $Date: 2005/01/17 21:02:43 $// | last modifier : $Author: plg $// | revision : $Revision: 1.15 $// +-----------------------------------------------------------------------+// | This program is free software; you can redistribute it and/or modify |// | it under the terms of the GNU General Public License as published by |// | the Free Software Foundation |// | |// | This program is distributed in the hope that it will be useful, but |// | WITHOUT ANY WARRANTY; without even the implied warranty of |// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |// | General Public License for more details. |// | |// | You should have received a copy of the GNU General Public License |// | along with this program; if not, write to the Free Software |// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |// | USA. |// +-----------------------------------------------------------------------+if( !defined("PHPWG_ROOT_PATH") ){die ("Hacking attempt!");}include_once( PHPWG_ROOT_PATH.'admin/include/isadmin.inc.php' );//-------------------------------------------------------------- delete a group$error = array();if ( isset( $_POST['delete'] ) && isset( $_POST['confirm_delete'] ) ){// destruction of the access linked to the group$query = 'DELETE FROM '.GROUP_ACCESS_TABLE;$query.= ' WHERE group_id = '.$_POST['group_id'];$query.= ';';pwg_query( $query );// destruction of the users links for this group$query = 'DELETE FROM ' . USER_GROUP_TABLE;$query.= ' WHERE group_id = '.$_POST['group_id'];pwg_query( $query );// destruction of the group$query = 'DELETE FROM ' . GROUPS_TABLE;$query.= ' WHERE id = '.$_POST['group_id'];$query.= ';';pwg_query( $query );}//----------------------------------------------------------------- add a groupelseif ( isset( $_POST['new'] ) ){if ( empty($_POST['newgroup']) || preg_match( "/'/", $_POST['newgroup'] )or preg_match( '/"/', $_POST['newgroup'] ) ){array_push( $error, $lang['group_add_error1'] );}if ( count( $error ) == 0 ){// is the group not already existing ?$query = 'SELECT id FROM '.GROUPS_TABLE;$query.= " WHERE name = '".$_POST['newgroup']."'";$query.= ';';$result = pwg_query( $query );if ( mysql_num_rows( $result ) > 0 ){array_push( $error, $lang['group_add_error2'] );}}if ( count( $error ) == 0 ){// creating the group$query = ' INSERT INTO '.GROUPS_TABLE;$query.= " (name) VALUES ('".$_POST['newgroup']."')";$query.= ';';pwg_query( $query );}}//--------------------------------------------------------------- user managementelseif ( isset( $_POST['add'] ) ){$userdata = getuserdata($_POST['username']);if (!$userdata){array_push($error, $lang['user_err_unknown']);}else{// create a new association between the user and a group$query = 'INSERT INTO '.USER_GROUP_TABLE.'(user_id,group_id)VALUES('.$userdata['id'].','.$_POST['edit_group_id'].');';pwg_query($query);}}elseif (isset( $_POST['deny_user'] )){$sql_in = '';$members = $_POST['members'];for($i = 0; $i < count($members); $i++){$sql_in .= ( ( $sql_in != '' ) ? ', ' : '' ) . intval($members[$i]);}$query = 'DELETE FROM ' . USER_GROUP_TABLE;$query.= ' WHERE user_id IN ('.$sql_in;$query.= ') AND group_id = '.$_POST['edit_group_id'];pwg_query( $query );}//-------------------------------------------------------------- errors displayif ( sizeof( $error ) != 0 ){$template->assign_block_vars('errors',array());for ( $i = 0; $i < sizeof( $error ); $i++ ){$template->assign_block_vars('errors.error',array('ERROR'=>$error[$i]));}}//----------------------------------------------------------------- groups list$query = 'SELECT id,name FROM '.GROUPS_TABLE;$query.= ' ORDER BY id ASC;';$result = pwg_query( $query );$groups_display = '<select name="group_id">';$groups_nb=0;while ( $row = mysql_fetch_array( $result ) ){$groups_nb++;$selected = '';if (isset($_POST['group_id']) && $_POST['group_id']==$row['id'])$selected = 'selected';$groups_display .= '<option value="' . $row['id'] . '" '.$selected.'>' . $row['name'] . '</option>';}$groups_display .= '</select>';$action = PHPWG_ROOT_PATH.'admin.php?page=group_list';//----------------------------------------------------- template initialization$template->set_filenames( array('groups'=>'admin/group_list.tpl') );$template->assign_vars(array('S_GROUP_SELECT'=>$groups_display,'L_GROUP_SELECT'=>$lang['group_list_title'],'L_GROUP_CONFIRM'=>$lang['group_confirm_delete'],'L_LOOK_UP'=>$lang['edit'],'L_GROUP_DELETE'=>$lang['delete'],'L_CREATE_NEW_GROUP'=>$lang['group_add'],'L_GROUP_EDIT'=>$lang['group_edit'],'L_USER_NAME'=>$lang['login'],'L_USER_EMAIL'=>$lang['mail_address'],'L_USER_SELECT'=>$lang['Select'],'L_DENY_SELECTED'=>$lang['group_deny_user'],'L_ADD_MEMBER'=>$lang['group_add_user'],'L_FIND_USERNAME'=>$lang['Find_username'],'S_GROUP_ACTION'=>add_session_id($action),'U_SEARCH_USER' => add_session_id(PHPWG_ROOT_PATH.'admin/search.php')));if ($groups_nb){$template->assign_block_vars('select_box',array());}//----------------------------------------------------------------- add a groupif ( isset( $_POST['edit']) || isset( $_POST['add']) || isset( $_POST['deny_user'] )){// Retrieving the group name$query = 'SELECT id, name FROM '.GROUPS_TABLE;$query.= " WHERE id = '".$_POST['group_id']."'";$query.= ';';$result = mysql_fetch_array(pwg_query( $query ));$template->assign_block_vars('edit_group',array('GROUP_NAME'=>$result['name'],'GROUP_ID'=>$result['id']));// Retrieving all the users$query = 'SELECT id, username, mail_address';$query.= ' FROM ('.USERS_TABLE.' as u';$query.= ' LEFT JOIN '.USER_GROUP_TABLE.' as ug ON ug.user_id=u.id)';$query.= " WHERE ug.group_id = '".$_POST['group_id']."';";$result = pwg_query( $query );$i=0;while ( $row = mysql_fetch_array( $result ) ){$class = ($i % 2)? 'row1':'row2'; $i++;$template->assign_block_vars('edit_group.user',array('ID'=>$row['id'],'NAME'=>$row['username'],'EMAIL'=>$row['mail_address'],'T_CLASS'=>$class));}}//----------------------------------------------------------- sending html code$template->assign_var_from_handle('ADMIN_CONTENT', 'groups');?>