* */ /** * Class security : contains all the functions to manage the groups security through session variables * * @author Claire Figueras * @license GPL * @package Maarch LetterBox 2.3 * @version 1.1 */ class security extends dbquery { /** * Loads the security parameters for a group in session variables. * * @param string $group_id group identifier */ public function load_security_group($group_id) { $this->connect(); $this->query("select * from ".$_SESSION['tablename']['security'] ." where group_id = '".$group_id."'"); if($this->nb_result() == 0) { $_SESSION['m_admin']['groups']['security'] = array(); } else { $securitytab=array(); $val=array(); $i=0; while($value = $this->fetch_array()) { $tmp =""; $tmp = str_replace("'", "\'",$value[2]); $val[$i]=array("GROUP_ID" => $value[0],"RES_TABLE" => $value[1], "WHERE_CLAUSE" => $tmp, "COMMENT" => $value[3] ,"CAN_INSERT" => $value[4] ,"CAN_UPDATE" => $value[5]); array_push($securitytab,$val[$i]); $i++; } $_SESSION['m_admin']['groups']['security'] = $securitytab; } $_SESSION['m_admin']['load_security'] = false; } /** * Inits the session variables related to the group administration. * */ public function init_session() { $_SESSION['m_admin']['groups'] = array(); $_SESSION['m_admin']['groups']['GroupId'] = ""; $_SESSION['m_admin']['groups']['desc'] = ""; $_SESSION['m_admin']['groups']['admin'] = ""; $_SESSION['m_admin']['groups']['security'] = array(); $_SESSION['m_admin']['groups']['consult_group'] = 'Y'; $_SESSION['services_choisis'] = array(); $_SESSION['m_admin']['init'] = false; $_SESSION['m_admin']['groups']['export'] = ""; } /** * Inits to ‘N’ (no) the rights in the session variables related to the group administration. * */ public function init_rights_session() { for($i=0; $i < count($_SESSION['m_admin']['groups']['security']); $i++) { $_SESSION['m_admin']['groups']['security'][$i]['CAN_INSERT'] = 'N'; $_SESSION['m_admin']['groups']['security'][$i]['CAN_UPDATE'] = 'N'; } } /** * Set the rights (insert or update, depending on the parameter) for the tables passed on parameters through an array. * * @param Array $tab table names array * @param string $where 'CAN_INSERT' or 'CAN_UPDATE' */ public function set_rights_session($tab, $where) { for($i=0; $i < count($_SESSION['m_admin']['groups']['security']); $i++) { if( in_array($_SESSION['m_admin']['groups']['security'][$i]['RES_TABLE'], $tab)) { $_SESSION['m_admin']['groups']['security'][$i][$where] = 'Y'; } } $tab = array(); } /** * Removes the security rights on the tables passed in parameters. * * @param Array $tab table names array */ public function remove_security($tab) { $tabtmp = array(); for($i=0; $i < count($_SESSION['m_admin']['groups']['security']); $i++) { if( !in_array($_SESSION['m_admin']['groups']['security'][$i]['RES_TABLE'], $tab)) { array_push($tabtmp, $_SESSION['m_admin']['groups']['security'][$i]); } } $_SESSION['m_admin']['groups']['security'] = array(); $_SESSION['m_admin']['groups']['security'] = $tabtmp; } /** * Adds security parameters of a group in the session variables related to the group administration. * * @param string $table table name * @param string $where where clause * @param string $comment comment on the table * @param string $insert insert right : Y/N * @param string $update update right : Y/N */ public function add_grouptmp_session($table, $where, $comment, $insert, $update) { $tab = array(); $tab[0] = array("GROUP_ID" => "" , "RES_TABLE" => $table, "WHERE_CLAUSE" => $where, "COMMENT" => $comment ,"CAN_INSERT" => $insert ,"CAN_UPDATE" => $update); if(count($_SESSION['m_admin']['groups']['security']) < 1) { $_SESSION['m_admin']['groups']['security'] = array(); } array_push($_SESSION['m_admin']['groups']['security'] , $tab[0]); $_SESSION['m_admin']['load_security'] = false; } /** * Updates the database with the groups security of the session variables. * */ public function load_db() { $this->connect(); $this->query("DELETE FROM ".$_SESSION['tablename']['security'] ." where GROUP_ID = '".$_SESSION['m_admin']['groups']['GroupId']."'"); for($i=0; $i < count($_SESSION['m_admin']['groups']['security'] ); $i++) { $this->query("INSERT INTO ".$_SESSION['tablename']['security']." VALUES ('".$_SESSION['m_admin']['groups']['GroupId']."', '".$_SESSION['m_admin']['groups']['security'][$i]['RES_TABLE']."', '".$_SESSION['m_admin']['groups']['security'][$i]['WHERE_CLAUSE']."', '', '".$_SESSION['m_admin']['groups']['security'][$i]['CAN_INSERT']."' , '".$_SESSION['m_admin']['groups']['security'][$i]['CAN_UPDATE']."')"); } } /** * Test the syntax of the where clauses of all tables for a group * */ public function where_test() { $_SESSION['error'] =""; $link = mysql_connect( $_SESSION['config']['databaseserver'],$_SESSION['config']['databaseuser'], $_SESSION['config']['databasepassword']); if(!$link) { } else { $db = mysql_select_db($_SESSION['config']['databasename'], $link); } $where = ""; $res2 = true; for($i=0; $i < count($_SESSION['m_admin']['groups']['security'] ); $i++) { if($_SESSION['m_admin']['groups']['security'][$i]['WHERE_CLAUSE'] == "") { $where = ""; } else { $where = " where ".$_SESSION['m_admin']['groups']['security'][$i]['WHERE_CLAUSE'] ; $where = str_replace("\\", "", $where); } $res = mysql_query("SELECT count(*) from ".$_SESSION['m_admin']['groups']['security'][$i]['RES_TABLE']." ".$where); if(!$res ) { $_SESSION['error'] .= " ".$_SESSION['m_admin']['groups']['security'][$i]['RES_TABLE']; $res2 = false; break; } } return $res2; } } ?>