Go to most recent revision | Blame | Last modification | View Log | Download
<?php// +-----------------------------------------------------------------------+// | PhpWebGallery - a PHP based picture gallery |// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |// | Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net |// +-----------------------------------------------------------------------+// | branch : BSF (Best So Far)// | file : $RCSfile: cat_perm.php,v $// | last update : $Date: 2005/01/07 23:10:51 $// | last modifier : $Author: plg $// | revision : $Revision: 1.14 $// +-----------------------------------------------------------------------+// | This program is free software; you can redistribute it and/or modify |// | it under the terms of the GNU General Public License as published by |// | the Free Software Foundation |// | |// | This program is distributed in the hope that it will be useful, but |// | WITHOUT ANY WARRANTY; without even the implied warranty of |// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |// | General Public License for more details. |// | |// | You should have received a copy of the GNU General Public License |// | along with this program; if not, write to the Free Software |// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |// | USA. |// +-----------------------------------------------------------------------+include_once( './admin/include/isadmin.inc.php' );//----------------------------------------------------- template initialization$sub = $vtp->Open( './template/'.$user['template'].'/admin/cat_perm.vtp' );$error = array();$tpl = array( 'permuser_authorized','permuser_forbidden','menu_groups','submit','menu_users','permuser_parent_forbidden' );templatize_array( $tpl, 'lang', $sub );$vtp->setGlobalVar( $sub, 'user_template', $user['template'] );//-------------------------------------------------------------- category infosif ( isset( $_GET['cat_id'] ) ){check_cat_id( $_GET['cat_id'] );if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ){$result = get_cat_info( $page['cat'] );$page['cat_name'] = $result['name'];$page['id_uppercat'] = $result['id_uppercat'];}}//---------------------------------------------------------- permission updatesif ( isset( $_POST['submit'] ) ){// groups access update$query = 'DELETE';$query.= ' FROM '.PREFIX_TABLE.'group_access';$query.= ' WHERE cat_id = '.$page['cat'];$query.= ';';pwg_query( $query );$query = 'SELECT id';$query.= ' FROM '.PREFIX_TABLE.'groups';$query.= ';';$result = pwg_query( $query );while ( $row = mysql_fetch_array( $result ) ){$radioname = 'groupaccess-'.$row['id'];if ( $_POST[$radioname] == 0 ){$query = 'INSERT INTO '.PREFIX_TABLE.'group_access';$query.= ' (cat_id,group_id) VALUES';$query.= ' ('.$page['cat'].','.$row['id'].')';$query.= ';';pwg_query( $query );}}// users access update$query = 'DELETE';$query.= ' FROM '.PREFIX_TABLE.'user_access';$query.= ' WHERE cat_id = '.$page['cat'];$query.= ';';pwg_query( $query );$query = 'SELECT id';$query.= ' FROM '.USERS_TABLE;$query.= ';';$result = pwg_query( $query );while ( $row = mysql_fetch_array( $result ) ){$radioname = 'useraccess-'.$row['id'];if ( $_POST[$radioname] == 0 ){$query = 'INSERT INTO '.PREFIX_TABLE.'user_access';$query.= ' (cat_id,user_id) VALUES';$query.= ' ('.$page['cat'].','.$row['id'].')';$query.= ';';pwg_query( $query );}check_favorites( $row['id'] );}// resynchronize all userssynchronize_all_users();}//---------------------------------------------------------------------- groups$query = 'SELECT id,name';$query.= ' FROM '.PREFIX_TABLE.'groups';$query. ';';$result = pwg_query( $query );if ( mysql_num_rows( $result ) > 0 ){$vtp->addSession( $sub, 'groups' );// creating an array with all authorized groups for this category$query = 'SELECT group_id';$query.= ' FROM '.PREFIX_TABLE.'group_access';$query.= ' WHERE cat_id = '.$_GET['cat_id'];$query.= ';';$subresult = pwg_query( $query );$authorized_groups = array();while ( $subrow = mysql_fetch_array( $subresult ) ){array_push( $authorized_groups, $subrow['group_id'] );}// displaying each groupwhile( $row = mysql_fetch_array( $result ) ){$vtp->addSession( $sub, 'group' );if ( in_array( $row['id'], $authorized_groups ) ){$vtp->setVar( $sub, 'group.color', 'green' );$vtp->setVar( $sub, 'group.authorized_checked', ' checked="checked"' );}else{$vtp->setVar( $sub, 'group.color', 'red' );$vtp->setVar( $sub, 'group.forbidden_checked', ' checked="checked"' );}$vtp->setVar( $sub, 'group.groupname', $row['name'] );$vtp->setVar( $sub, 'group.id', $row['id'] );$url = './admin.php?page=group_perm&group_id='.$row['id'];$vtp->setVar( $sub, 'group.group_perm_link', add_session_id( $url ) );$vtp->closeSession( $sub, 'group' );}$vtp->closeSession( $sub, 'groups' );}//----------------------------------------------------------------------- users$query = 'SELECT id,username,status';$query.= ' FROM '.USERS_TABLE;// only the webmaster can modify webmaster's permissionsif ( $user['username'] != $conf['webmaster'] ){$query.= " WHERE username != '".$conf['webmaster']."'";}$query.= ';';$result = pwg_query( $query );while ( $row = mysql_fetch_array( $result ) ){$vtp->addSession( $sub, 'user' );$vtp->setVar( $sub, 'user.id', $row['id'] );$url = add_session_id( './admin.php?page=user_perm&user_id='.$row['id']);$vtp->setVar( $sub, 'user.user_perm_link', $url);if ( $row['username'] == 'guest' ){$row['username'] = $lang['guest'];}$vtp->setVar( $sub, 'user.username', $row['username'] );// for color of user : (red means access forbidden, green authorized) we// ask all forbidden categories, including the groups rights$restrictions = get_user_restrictions( $row['id'], $row['status'], false );$is_user_allowed = is_user_allowed( $page['cat'], $restrictions );if ( $is_user_allowed == 0 ){$vtp->setVar( $sub, 'user.color', 'green' );}else{$vtp->setVar( $sub, 'user.color', 'red' );}// for permission update button, we only ask forbidden categories for the// user, not taking into account the groups the user belongs to$restrictions = get_user_restrictions($row['id'],$row['status'],false,false);$is_user_allowed = is_user_allowed( $page['cat'], $restrictions );if ( $is_user_allowed == 2 ){$vtp->addSession( $sub, 'parent_forbidden' );$url = './admin.php?page=cat_perm&cat_id='.$page['id_uppercat'];$vtp->setVar( $sub, 'parent_forbidden.url', add_session_id( $url ) );$vtp->closeSession( $sub, 'parent_forbidden' );}if ( $is_user_allowed == 0 ){$vtp->setVar( $sub, 'user.authorized_checked', ' checked="checked"' );}else{$vtp->setVar( $sub, 'user.forbidden_checked', ' checked="checked"' );}// user's group(s)$query = 'SELECT g.name as groupname, g.id as groupid';$query.= ' FROM '.PREFIX_TABLE.'groups as g';$query.= ', '.PREFIX_TABLE.'user_group as ug';$query.= ' WHERE ug.group_id = g.id';$query.= ' AND ug.user_id = '.$row['id'];$query.= ';';$subresult = pwg_query( $query );if ( mysql_num_rows( $subresult ) > 0 ){$vtp->addSession( $sub, 'usergroups' );$i = 0;while( $subrow = mysql_fetch_array( $subresult ) ){$vtp->addSession( $sub, 'usergroup' );if ( in_array( $subrow['groupid'], $authorized_groups ) ){$vtp->setVar( $sub, 'usergroup.color', 'green' );}else{$vtp->setVar( $sub, 'usergroup.color', 'red' );}$vtp->setVar( $sub, 'usergroup.name', $subrow['groupname'] );if ( $i < mysql_num_rows( $subresult ) - 1 ){$vtp->setVar( $sub, 'usergroup.separation', ',' );}$vtp->closeSession( $sub, 'usergroup' );$i++;}$vtp->closeSession( $sub, 'usergroups' );}$vtp->closeSession( $sub, 'user' );}//----------------------------------------------------------- sending html code$vtp->Parse( $handle , 'sub', $sub );?>