* */ /** * Class usergroups: contains all the functions and forms to manage the usergroups * * @author Claire Figueras * @license GPL * @package Maarch PeopleBox 1.0 * @version 2.1 */ class usergroups extends dbquery { /** * Redefinition of the user object constructor : configure the SQL argument order by */ function __construct() { parent::__construct(); } /** * Form for the management of the groups. * * @param string $mode administrator mode (modification, suspension, authorization, delete) * @param string $id group identifier (empty by default) */ public function formgroups($mode,$id = "") { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_security.php"); $sec = new security(); $func = new functions(); $core_tools = new core_tools(); $state = true; $tab = array(); if($mode == "up") { $_SESSION['m_admin']['mode'] = "up"; if(empty($_SESSION['error'])) { $this->connect(); $this->query("select * from ".$_SESSION['tablename']['usergroups']." where group_id = '".$id."' and enabled = 'Y'"); if($this->nb_result() == 0) { $_SESSION['error'] = _GROUP.' '._UNKNOWN; $state = false; } else { $line = $this->fetch_object(); $_SESSION['m_admin']['groups']['GroupId'] = $line->group_id; $_SESSION['m_admin']['groups']['desc'] = $this->show_string($line->group_desc); $this->query("select * from ".$_SESSION['tablename']['security']." where group_id = '".$id."'"); $i=0; while($line = $this->fetch_object()) { $_SESSION['m_admin']['groups']['security'][$i]['COLL_ID'] = $this->show_string($line->coll_id); $_SESSION['m_admin']['groups']['security'][$i]['WHERE_CLAUSE'] = $this->show_string($line->where_clause); $i++; } } if (! isset($_SESSION['m_admin']['load_security']) || $_SESSION['m_admin']['load_security'] == true) { $sec->load_security_group($id); $_SESSION['m_admin']['load_security'] = false ; } if (! isset($_SESSION['m_admin']['load_services']) || $_SESSION['m_admin']['load_services'] == true) { $sec->load_services_group($id); $_SESSION['m_admin']['load_services'] = false ; } } } elseif($mode == "add") { $_SESSION['m_admin']['mode'] = "add"; if ($_SESSION['m_admin']['init']== true || !isset($_SESSION['m_admin']['init'] )) { $sec->init_session(); } } ?>

"._GROUP.' '._UNKNOWN."

"; } else { ?>

" >

:	show($_SESSION['m_admin']['groups']['GroupId']); } ?> hiddentext" id="GroupId" value="show($_SESSION['m_admin']['groups']['GroupId']); ?>" />
:

: show_array($_SESSION['enabled_services']); $enabled_services_sort_by_parent = array(); $j=0; for($i=0; $i $_SESSION['enabled_services'][$i - 1]['parent']) { $j=0; } $enabled_services_sort_by_parent[$_SESSION['enabled_services'][$i]['parent']][$j] = $_SESSION['enabled_services'][$i]; $j++; } } //$this->show_array($enabled_services_sort_by_parent); $_SESSION['cpt']=0; foreach(array_keys($enabled_services_sort_by_parent) as $value) { if($value == 'application') { $label = _APPS_COMMENT; } elseif($value == 'core') { $label = _CORE_COMMENT; } else { $label = $_SESSION['modules_loaded'][$value]['comment']; } //$this->show_array($enabled_services_sort_by_parent[$value]); //echo $_SESSION['cpt']."
"; if(count($enabled_services_sort_by_parent[$value]) > 0) { ?>

wash($_POST['GroupId'], "alphanum", _THE_GROUP, 'yes', 0, 32); } if($mode == "up") { $_SESSION['m_admin']['groups']['GroupId'] = $func->wash($_POST['id'], "alphanum", _THE_GROUP, 'yes', 0, 32); } if (isset($_POST['desc']) && !empty($_POST['desc'])) { $_SESSION['m_admin']['groups']['desc'] = $func->wash($_POST['desc'], "no", _GROUP_DESC, 'yes', 0, 255); } if (count($_SESSION['m_admin']['groups']['security']) < 1 && count($_REQUEST['services']) < 1) { $func->add_error(_THE_GROUP.' '._NO_SECURITY_AND_NO_SERVICES, ""); } $_SESSION['m_admin']['groups']['order'] = $_REQUEST['order']; $_SESSION['m_admin']['groups']['order_field'] = $_REQUEST['order_field']; $_SESSION['m_admin']['groups']['what'] = $_REQUEST['what']; $_SESSION['m_admin']['groups']['start'] = $_REQUEST['start']; } /** * Add ou modify groups in the database * * @param string $mode up or add */ public function addupgroups($mode) { // add ou modify users in the database $this->groupsinfo($mode); $order = $_SESSION['m_admin']['groups']['order']; $order_field = $_SESSION['m_admin']['groups']['order_field']; $what = $_SESSION['m_admin']['groups']['what']; $start = $_SESSION['m_admin']['groups']['start']; if(!empty($_SESSION['error'])) { if($mode == "up") { if(!empty($_SESSION['m_admin']['groups']['GroupId'])) { header("location: ".$_SESSION['config']['businessappurl']."index.php?page=group_up&id=".$_SESSION['m_admin']['groups']['GroupId']."&admin=groups"); exit; } else { header("location: ".$_SESSION['config']['businessappurl']."index.php?page=groups&admin=groups&order=".$order."&order_field=".$order_field."&start=".$start."&what=".$what); exit; } } elseif($mode == "add") { $_SESSION['m_admin']['load_group'] = false; header("location: ".$_SESSION['config']['businessappurl']."index.php?page=group_add&admin=groups"); exit; } } else { $this->connect(); if($mode == "add") { $this->query("select group_id from ".$_SESSION['tablename']['usergroups']." where group_id= '".$_SESSION['m_admin']['groups']['GroupId']."'"); if($this->nb_result() > 0) { $_SESSION['error'] = $_SESSION['m_admin']['groups']['GroupId']." "._ALREADY_EXISTS."
"; header("location: ".$_SESSION['config']['businessappurl']."index.php?page=group_add&admin=groups"); exit(); } else { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_security.php"); $sec = new security(); $syntax = true; $syntax = $sec->where_test(); if($syntax <> true) { $_SESSION['error'] .= " : "._SYNTAX_ERROR_WHERE_CLAUSE."." ; header("location: ".$_SESSION['config']['businessappurl']."index.php?page=group_add&admin=groups"); exit(); } else { $tmp = $this->protect_string_db($_SESSION['m_admin']['groups']['desc']); $this->query("insert into ".$_SESSION['tablename']['usergroups']." (group_id , group_desc , enabled) values ('".$_SESSION['m_admin']['groups']['GroupId']."'," ." '".$tmp."','Y')"); $sec->load_db(); $sec->load_services_db($_REQUEST['services'],$_SESSION['m_admin']['groups']['GroupId']); if($_SESSION['history']['usergroupsadd'] == "true") { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['usergroups'], $_SESSION['m_admin']['groups']['GroupId'],"ADD",_GROUP_ADDED." : ".$_SESSION['m_admin']['groups']['GroupId'], $_SESSION['config']['databasetype']); } $this->cleargroupinfos(); $_SESSION['error'] = _GROUP_ADDED; header("location: ".$_SESSION['config']['businessappurl']."index.php?page=groups&admin=groups&order=".$order."&order_field=".$order_field."&start=".$start."&what=".$what); exit(); } } } elseif($mode == "up") { $this->query("UPDATE ".$_SESSION['tablename']['usergroups']." set group_desc = '".$this->protect_string_db($_SESSION['m_admin']['groups']['desc'])."' , administrator = '".$_SESSION['m_admin']['groups']['admin']."'," ." custom_right1 = '".$_SESSION['m_admin']['groups']['stagiaire']."', custom_right2 = '".$_SESSION['m_admin']['groups']['view']."', custom_right3 = '".$_SESSION['m_admin']['groups']['stats']."'" .", custom_right4 = '".$_SESSION['m_admin']['groups']['del']."' where group_id = '".$_SESSION['m_admin']['groups']['GroupId']."'"); $tmp = $this->protect_string_db($_SESSION['m_admin']['groups']['desc']); $this->query("UPDATE ".$_SESSION['tablename']['usergroups']." set group_desc = '".$this->protect_string_db($tmp)."' where group_id = '".$_SESSION['m_admin']['groups']['GroupId']."'"); require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_security.php"); $sec = new security(); if($sec->where_test() == false) { $_SESSION['error'] .= " : "._SYNTAX_ERROR_WHERE_CLAUSE."." ; header("location: ".$_SESSION['config']['businessappurl']."index.php?page=group_up&admin=groups&id=".$_SESSION['m_admin']['groups']['GroupId']); exit(); } else { $sec->load_db(); $sec->load_services_db($_REQUEST['services'],$_SESSION['m_admin']['groups']['GroupId']); if($_SESSION['history']['usergroupsup'] == "true") { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['usergroups'], $_SESSION['m_admin']['groups']['GroupId'],"UP",_GROUP_UPDATE." : ".$_SESSION['m_admin']['groups']['GroupId'], $_SESSION['config']['databasetype']); } if($this->in_group($_SESSION['user']['UserId'], $_SESSION['m_admin']['groups']['GroupId']) ) { $_SESSION['user']['groups'] = array(); $_SESSION['user']['security'] = array(); //$sec->load_groups($_SESSION['user']['UserId']); $tmp = $sec->load_groups($_SESSION['user']['UserId']); $_SESSION['user']['groups'] = $tmp['groups']; $_SESSION['user']['primarygroup'] = $tmp['primarygroup']; $tmp = $sec->load_security($_SESSION['user']['UserId']); $_SESSION['user']['collections'] = $tmp['collections']; $_SESSION['user']['security'] = $tmp['security']; // $sec->load_security(); $_SESSION['user']['services'] = $sec->load_user_services($_SESSION['user']['UserId']); } $this->cleargroupinfos(); $_SESSION['error'] = _GROUP_UPDATED; header("location: ".$_SESSION['config']['businessappurl']."index.php?page=groups&admin=groups&order=".$order."&order_field=".$order_field."&start=".$start."&what=".$what); exit(); } } } } /** * Tests if the user belong to the group * * @param string $user user identifier * @param string $group group identifier */ public function in_group($user, $group) { $this->connect(); $this->query("select user_id from ".$_SESSION['tablename']['usergroup_content']." where user_id ='".$user."' and group_id = '".$group."'"); if($this->nb_result() > 0) { return true; } else { return false; } } /** * Clear the $_SESSION['m_admin']['groups'] variable * */ private function cleargroupinfos() { // clear the users add or modification vars unset($_SESSION['m_admin']); } /** * Add ou modify groups in the database * * @param string $id group identifier * @param string $mode up or add */ public function admingroup($id,$mode) { $order = $_REQUEST['order']; $order_field = $_REQUEST['order_field']; $start = $_REQUEST['start']; $what = $_REQUEST['what']; if(!empty($_SESSION['error'])) { header("location: ".$_SESSION['config']['businessappurl']."index.php?page=groups&admin=groups&order=".$order."&order_field=".$order_field."&start=".$start."&what=".$what); exit(); } else { $this->connect(); $this->query("select group_id from ".$_SESSION['tablename']['usergroups']." where group_id = '".$id."'"); if($this->nb_result() == 0) { $_SESSION['error'] = _GROUP.' '._UNKNWON; header("location: ".$_SESSION['config']['businessappurl']."index.php?page=groups&admin=groups&order=".$order."&order_field=".$order_field."&start=".$start."&what=".$what); exit(); } else { if($mode == "allow") { $this->query("Update ".$_SESSION['tablename']['usergroups']." set enabled = 'Y' where group_id = '".$id."'"); if($_SESSION['history']['usergroupsval'] == "true") { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['usergroups'], $id,"VAL",_GROUP_AUTORIZATION." : ".$id, $_SESSION['config']['databasetype']); } $_SESSION['error'] = _AUTORIZED_GROUP; if($this->in_group($_SESSION['user']['UserId'], $id)) { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_security.php"); $_SESSION['user']['groups'] = array(); $_SESSION['user']['security'] = array(); $sec = new security(); $tmp = $sec->load_groups($_SESSION['user']['UserId']); $_SESSION['user']['groups'] = $tmp['groups']; $_SESSION['user']['primarygroup'] = $tmp['primarygroup']; $tmp = $sec->load_security($_SESSION['user']['UserId']); $_SESSION['user']['collections'] = $tmp['collections']; $_SESSION['user']['security'] = $tmp['security']; } } elseif($mode == "ban") { $this->query("Update ".$_SESSION['tablename']['usergroups']." set enabled = 'N' where group_id = '".$id."'"); if($_SESSION['history']['usergroupsban'] == "true") { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['usergroups'], $id,"BAN",_GROUP_SUSPENSION." : ".$id, $_SESSION['config']['databasetype']); } $_SESSION['error'] = _SUSPENDED_GROUP; if($this->in_group($_SESSION['user']['UserId'], $id)) { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_security.php"); $_SESSION['user']['groups'] = array(); $_SESSION['user']['security'] = array(); $sec = new security(); $tmp = $sec->load_groups($_SESSION['user']['UserId']); $_SESSION['user']['groups'] = $tmp['groups']; $_SESSION['user']['primarygroup'] = $tmp['primarygroup']; $tmp = $sec->load_security($_SESSION['user']['UserId']); $_SESSION['user']['collections'] = $tmp['collections']; $_SESSION['user']['security'] = $tmp['security']; } } elseif($mode == "del" ) { $this->query("delete from ".$_SESSION['tablename']['usergroups']." where group_id = '".$id."'"); $this->query("delete from ".$_SESSION['tablename']['usergroup_content']." where group_id = '".$id."'"); $this->query("delete from ".$_SESSION['tablename']['security']." where group_id = '".$id."'"); $this->query("delete from ".$_SESSION['tablename']['usergroup_services']." where group_id = '".$id."'"); if($_SESSION['history']['usergroupsdel'] == "true") { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_history.php"); $users = new history(); $users->add($_SESSION['tablename']['usergroups'], $id,"DEL",_GROUP_DELETION." : ".$id, $_SESSION['config']['databasetype']); } $_SESSION['error'] = _DELETED_GROUP; if($this->in_group($_SESSION['user']['UserId'], $id)) { require_once("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_security.php"); $_SESSION['user']['groups'] = array(); $_SESSION['user']['security'] = array(); $sec = new security(); $tmp = $sec->load_groups($_SESSION['user']['UserId']); $_SESSION['user']['groups'] = $tmp['groups']; $_SESSION['user']['primarygroup'] = $tmp['primarygroup']; $tmp = $sec->load_security($_SESSION['user']['UserId']); $_SESSION['user']['collections'] = $tmp['collections']; $_SESSION['user']['security'] = $tmp['security']; } } header("location: ".$_SESSION['config']['businessappurl']."index.php?page=groups&admin=groups&order=".$order."&order_field=".$order_field."&start=".$start."&what=".$what); exit(); } } } } ?>