71
+ − 1
<?php
1
+ − 2
119
+ − 3
/* Poweradmin, a friendly web-based admin tool for PowerDNS.
47
+ − 4
* See <https://rejo.zenger.nl/poweradmin> for more details.
+ − 5
*
+ − 6
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl>
+ − 7
*
+ − 8
* This program is free software: you can redistribute it and/or modify
+ − 9
* it under the terms of the GNU General Public License as published by
+ − 10
* the Free Software Foundation, either version 3 of the License, or
+ − 11
* (at your option) any later version.
+ − 12
*
+ − 13
* This program is distributed in the hope that it will be useful,
+ − 14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
+ − 15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ − 16
* GNU General Public License for more details.
+ − 17
*
+ − 18
* You should have received a copy of the GNU General Public License
+ − 19
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ − 20
*/
1
+ − 21
58
+ − 22
require_once ( "inc/toolkit.inc.php" );
1
+ − 23
82
+ − 24
+ − 25
/*
+ − 26
* Function to see if user has right to do something. It will check if
+ − 27
* user has "ueberuser" bit set. If it isn't, it will check if the user has
+ − 28
* the specific permission. It returns "false" if the user doesn't have the
+ − 29
* right, and "true" if the user has.
+ − 30
*/
+ − 31
+ − 32
function verify_permission ( $permission ) {
+ − 33
+ − 34
global $db ;
+ − 35
+ − 36
if (( ! isset ( $_SESSION [ 'userid' ])) || ( ! is_object ( $db ))) {
+ − 37
return 0 ;
+ − 38
}
+ − 39
+ − 40
// Set current user ID.
+ − 41
$userid = $_SESSION [ 'userid' ];
+ − 42
113
+ − 43
$query = 'SELECT id FROM perm_items WHERE name=' . $db -> quote ( 'user_is_ueberuser' );
+ − 44
$ueberUserId = $db -> queryOne ( $query );
+ − 45
82
+ − 46
// Find the template ID that this user has been assigned.
+ − 47
$query = "SELECT perm_templ
+ − 48
FROM users
+ − 49
WHERE id = " . $db -> quote ( $userid ) ;
+ − 50
$templ_id = $db -> queryOne ( $query );
+ − 51
+ − 52
// Does this user have ueberuser rights?
+ − 53
$query = "SELECT id
+ − 54
FROM perm_templ_items
+ − 55
WHERE templ_id = " . $db -> quote ( $templ_id ) . "
113
+ − 56
AND perm_id = " . $ueberUserId ;
82
+ − 57
$result = $db -> query ( $query );
+ − 58
if ( $result -> numRows () > 0 ) {
+ − 59
return 1 ;
+ − 60
}
+ − 61
+ − 62
// Find the permission ID for the requested permission.
+ − 63
$query = "SELECT id
+ − 64
FROM perm_items
+ − 65
WHERE name = " . $db -> quote ( $permission ) ;
+ − 66
$perm_id = $db -> queryOne ( $query );
+ − 67
+ − 68
// Check if the permission ID is assigned to the template ID.
+ − 69
$query = "SELECT id
+ − 70
FROM perm_templ_items
+ − 71
WHERE templ_id = " . $db -> quote ( $templ_id ) . "
+ − 72
AND perm_id = " . $db -> quote ( $perm_id ) ;
+ − 73
$result = $db -> query ( $query );
+ − 74
if ( $result -> numRows () > 0 ) {
+ − 75
return 1 ;
+ − 76
} else {
+ − 77
return 0 ;
+ − 78
}
+ − 79
}
+ − 80
+ − 81
function list_permission_templates () {
+ − 82
global $db ;
+ − 83
$query = "SELECT * FROM perm_templ" ;
+ − 84
$result = $db -> query ( $query );
+ − 85
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 86
+ − 87
$template_list = array ();
+ − 88
while ( $template = $result -> fetchRow ()) {
+ − 89
$tempate_list [] = array (
+ − 90
"id" => $template [ 'id' ],
+ − 91
"name" => $template [ 'name' ],
+ − 92
"descr" => $template [ 'descr' ]
+ − 93
);
+ − 94
}
+ − 95
return $tempate_list ;
+ − 96
}
+ − 97
1
+ − 98
/*
+ − 99
* Retrieve all users.
+ − 100
* Its to show_users therefore the odd name. Has to be changed.
+ − 101
* return values: an array with all users in it.
+ − 102
*/
+ − 103
function show_users ( $id = '' , $rowstart = 0 , $rowamount = 9999999 )
+ − 104
{
+ − 105
global $db ;
65
+ − 106
$add = '' ;
1
+ − 107
if ( is_numeric ( $id ))
+ − 108
{
+ − 109
//When a user id is given, it is excluded from the userlist returned.
65
+ − 110
$add = " WHERE users.id!=" . $db -> quote ( $id );
1
+ − 111
}
+ − 112
+ − 113
// Make a huge query.
+ − 114
$sqlq = "SELECT users.id AS id,
+ − 115
users.username AS username,
+ − 116
users.fullname AS fullname,
+ − 117
users.email AS email,
+ − 118
users.description AS description,
+ − 119
users.active AS active,
82
+ − 120
users.perm_templ AS perm_templ,
1
+ − 121
count(zones.owner) AS aantal FROM users
+ − 122
LEFT JOIN zones ON users.id=zones.owner $add
+ − 123
GROUP BY
+ − 124
users.id,
+ − 125
users.username,
+ − 126
users.fullname,
+ − 127
users.email,
+ − 128
users.description,
82
+ − 129
users.perm_templ,
1
+ − 130
users.active
+ − 131
ORDER BY
65
+ − 132
users.fullname" ;
1
+ − 133
+ − 134
// Execute the huge query.
74
+ − 135
$db -> setLimit ( $rowamount , $rowstart );
1
+ − 136
$result = $db -> query ( $sqlq );
+ − 137
$ret = array ();
+ − 138
$retcount = 0 ;
+ − 139
while ( $r = $result -> fetchRow ())
+ − 140
{
+ − 141
$ret [] = array (
+ − 142
"id" => $r [ "id" ],
+ − 143
"username" => $r [ "username" ],
+ − 144
"fullname" => $r [ "fullname" ],
+ − 145
"email" => $r [ "email" ],
+ − 146
"description" => $r [ "description" ],
126
+ − 147
// "level" => $r["level"],
1
+ − 148
"active" => $r [ "active" ],
+ − 149
"numdomains" => $r [ "aantal" ]
+ − 150
);
+ − 151
}
+ − 152
return $ret ;
+ − 153
}
+ − 154
+ − 155
+ − 156
/*
+ − 157
* Check if the given $userid is connected to a valid user.
+ − 158
* return values: true if user exists, false if users doesnt exist.
+ − 159
*/
+ − 160
function is_valid_user ( $id )
+ − 161
{
+ − 162
global $db ;
+ − 163
if ( is_numeric ( $id ))
+ − 164
{
65
+ − 165
$result = $db -> query ( "SELECT id FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 166
if ( $result -> numRows () == 1 )
+ − 167
{
+ − 168
return true ;
+ − 169
}
+ − 170
else
+ − 171
{
+ − 172
return false ;
+ − 173
}
+ − 174
}
+ − 175
}
+ − 176
+ − 177
+ − 178
/*
+ − 179
* Checks if a given username exists in the database.
+ − 180
* return values: true if exists, false if not.
+ − 181
*/
+ − 182
function user_exists ( $user )
+ − 183
{
+ − 184
global $db ;
65
+ − 185
$result = $db -> query ( "SELECT id FROM users WHERE username=" . $db -> quote ( $user ));
1
+ − 186
if ( $result -> numRows () == 0 )
+ − 187
{
+ − 188
return false ;
+ − 189
}
+ − 190
elseif ( $result -> numRows () == 1 )
+ − 191
{
+ − 192
return true ;
+ − 193
}
+ − 194
else
+ − 195
{
4
+ − 196
error ( ERR_UNKNOWN );
1
+ − 197
}
+ − 198
}
+ − 199
+ − 200
+ − 201
+ − 202
/*
+ − 203
* Delete a user from the system
+ − 204
* return values: true if user doesnt exist.
+ − 205
*/
82
+ − 206
function delete_user ( $uid , $zones )
1
+ − 207
{
+ − 208
global $db ;
+ − 209
126
+ − 210
if (( $uid != $_SESSION [ 'userid' ] && ! verify_permission ( 'user_edit_others' )) || ( $uid == $_SESSION [ 'userid' ] && ! verify_permission ( 'user_edit_own' ))) {
82
+ − 211
error ( ERR_PERM_DEL_USER );
+ − 212
return false ;
+ − 213
} else {
1
+ − 214
82
+ − 215
if ( is_array ( $zones )) {
+ − 216
foreach ( $zones as $zone ) {
+ − 217
if ( $zone [ 'target' ] == "delete" ) {
+ − 218
delete_domain ( $zone [ 'zid' ]);
+ − 219
} elseif ( $zone [ 'target' ] == "new_owner" ) {
+ − 220
add_owner_to_zone ( $zone [ 'zid' ], $zone [ 'newowner' ]);
+ − 221
}
+ − 222
}
+ − 223
}
+ − 224
+ − 225
$query = "DELETE FROM zones WHERE owner = " . $db -> quote ( $uid ) ;
+ − 226
$result = $db -> query ( $query );
+ − 227
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 228
+ − 229
$query = "DELETE FROM users WHERE id = " . $db -> quote ( $uid ) ;
+ − 230
$result = $db -> query ( $query );
+ − 231
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 232
}
82
+ − 233
return true ;
1
+ − 234
}
+ − 235
89
+ − 236
function delete_perm_templ ( $ptid ) {
+ − 237
+ − 238
global $db ;
126
+ − 239
if ( ! ( verify_permission ( 'user_edit_templ_perm' ))) {
89
+ − 240
error ( ERR_PERM_DEL_PERM_TEMPL );
+ − 241
} else {
+ − 242
$query = "SELECT id FROM users WHERE perm_templ = " . $ptid ;
+ − 243
$result = $db -> query ( $query );
+ − 244
if ( PEAR :: isError ( $result )) { error ( $response -> getMessage ()); return false ; }
+ − 245
+ − 246
if ( $result -> numRows () > 0 ) {
+ − 247
error ( ERR_PERM_TEMPL_ASSIGNED );
+ − 248
return false ;
+ − 249
} else {
+ − 250
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $ptid ;
+ − 251
$result = $db -> query ( $query );
+ − 252
if ( PEAR :: isError ( $result )) { error ( $response -> getMessage ()); return false ; }
+ − 253
+ − 254
$query = "DELETE FROM perm_templ WHERE id = " . $ptid ;
+ − 255
$result = $db -> query ( $query );
+ − 256
if ( PEAR :: isError ( $result )) { error ( $response -> getMessage ()); return false ; }
+ − 257
+ − 258
return true ;
+ − 259
}
+ − 260
}
+ − 261
}
1
+ − 262
+ − 263
/*
+ − 264
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :)
+ − 265
* return values: true if succesful
+ − 266
*/
82
+ − 267
function edit_user ( $id , $user , $fullname , $email , $perm_templ , $description , $active , $password )
1
+ − 268
{
+ − 269
global $db ;
82
+ − 270
126
+ − 271
verify_permission ( 'user_edit_own' ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 272
verify_permission ( 'user_edit_others' ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
82
+ − 273
+ − 274
if (( $id == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) || ( $id != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 275
+ − 276
if ( ! is_valid_email ( $email )) {
+ − 277
error ( ERR_INV_EMAIL );
+ − 278
return false ;
+ − 279
}
1
+ − 280
82
+ − 281
if ( $active != 1 ) {
+ − 282
$active = 0 ;
+ − 283
}
+ − 284
+ − 285
// Before updating the database we need to check whether the user wants to
+ − 286
// change the username. If the user wants to change the username, we need
+ − 287
// to make sure it doesn't already exists.
+ − 288
//
+ − 289
// First find the current username of the user ID we want to change. If the
+ − 290
// current username is not the same as the username that was given by the
+ − 291
// user, the username should apparantly changed. If so, check if the "new"
+ − 292
// username already exists.
1
+ − 293
82
+ − 294
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $id );
+ − 295
$result = $db -> query ( $query );
+ − 296
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 297
82
+ − 298
$usercheck = array ();
+ − 299
$usercheck = $result -> fetchRow ();
1
+ − 300
82
+ − 301
if ( $usercheck [ 'username' ] != $user ) {
+ − 302
+ − 303
// Username of user ID in the database is different from the name
+ − 304
// we have been given. User wants a change of username. Now, make
+ − 305
// sure it doesn't already exist.
+ − 306
83
+ − 307
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $user );
82
+ − 308
$result = $db -> query ( $query );
+ − 309
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 310
82
+ − 311
if ( $result -> numRows () > 0 ) {
+ − 312
error ( ERR_USER_EXIST );
+ − 313
return false ;
+ − 314
}
+ − 315
}
1
+ − 316
82
+ − 317
// So, user doesn't want to change username or, if he wants, there is not
+ − 318
// another user that goes by the wanted username. So, go ahead!
1
+ − 319
82
+ − 320
$query = "UPDATE users SET
+ − 321
username = " . $db -> quote ( $user ) . ",
+ − 322
fullname = " . $db -> quote ( $fullname ) . ",
+ − 323
email = " . $db -> quote ( $email ) . ",
+ − 324
perm_templ = " . $db -> quote ( $perm_templ ) . ",
+ − 325
description = " . $db -> quote ( $description ) . ",
+ − 326
active = " . $db -> quote ( $active ) ;
1
+ − 327
82
+ − 328
if ( $password != "" ) {
+ − 329
$query .= ", password = " . $db -> quote ( md5 ( $password )) ;
+ − 330
}
+ − 331
+ − 332
$query .= " WHERE id = " . $db -> quote ( $id ) ;
+ − 333
+ − 334
$result = $db -> query ( $query );
+ − 335
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 336
+ − 337
} else {
+ − 338
error ( ERR_PERM_EDIT_USER );
+ − 339
return false ;
1
+ − 340
}
82
+ − 341
return true ;
1
+ − 342
}
+ − 343
+ − 344
/*
+ − 345
* Change the pass of the user.
+ − 346
* The user is automatically logged out after the pass change.
+ − 347
* return values: none.
+ − 348
*/
82
+ − 349
function change_user_pass ( $details ) {
1
+ − 350
global $db ;
82
+ − 351
+ − 352
if ( $details [ 'newpass' ] != $details [ 'newpass2' ]) {
1
+ − 353
error ( ERR_USER_MATCH_NEW_PASS );
82
+ − 354
return false ;
1
+ − 355
}
+ − 356
82
+ − 357
$query = "SELECT id, password FROM users WHERE username = " . $db -> quote ( $_SESSION [ "userlogin" ]);
+ − 358
$result = $db -> query ( $query );
+ − 359
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 360
1
+ − 361
$rinfo = $result -> fetchRow ();
+ − 362
82
+ − 363
if ( md5 ( $details [ 'currentpass' ]) == $rinfo [ 'password' ]) {
+ − 364
$query = "UPDATE users SET password = " . $db -> quote ( md5 ( $details [ 'newpass' ])) . " WHERE id = " . $db -> quote ( $rinfo [ 'id' ]) ;
+ − 365
$result = $db -> query ( $query );
+ − 366
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 367
82
+ − 368
logout ( _ ( 'Password has been changed, please login.' ));
+ − 369
} else {
1
+ − 370
error ( ERR_USER_WRONG_CURRENT_PASS );
82
+ − 371
return false ;
1
+ − 372
}
+ − 373
}
+ − 374
+ − 375
+ − 376
/*
+ − 377
* Get a fullname when you have a userid.
+ − 378
* return values: gives the fullname from a userid.
+ − 379
*/
82
+ − 380
function get_fullname_from_userid ( $id ) {
1
+ − 381
global $db ;
82
+ − 382
if ( is_numeric ( $id )) {
65
+ − 383
$result = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 384
$r = $result -> fetchRow ();
+ − 385
return $r [ "fullname" ];
82
+ − 386
} else {
1
+ − 387
error ( ERR_INV_ARG );
82
+ − 388
return false ;
1
+ − 389
}
+ − 390
}
+ − 391
+ − 392
+ − 393
/*
+ − 394
* Get a fullname when you have a userid.
+ − 395
* return values: gives the fullname from a userid.
+ − 396
*/
+ − 397
function get_owner_from_id ( $id )
+ − 398
{
+ − 399
global $db ;
+ − 400
if ( is_numeric ( $id ))
+ − 401
{
65
+ − 402
$result = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 403
if ( $result -> numRows () == 1 )
+ − 404
{
+ − 405
$r = $result -> fetchRow ();
+ − 406
return $r [ "fullname" ];
+ − 407
}
+ − 408
else
+ − 409
{
+ − 410
error ( ERR_USER_NOT_EXIST );
+ − 411
}
+ − 412
}
+ − 413
error ( ERR_INV_ARG );
+ − 414
}
26
+ − 415
+ − 416
/**
+ − 417
* get_owners_from_domainid
+ − 418
*
+ − 419
* @todo also fetch the subowners
+ − 420
* @param $id integer the id of the domain
+ − 421
* @return String the list of owners for this domain
+ − 422
*/
82
+ − 423
function get_fullnames_owners_from_domainid ( $id ) {
26
+ − 424
+ − 425
global $db ;
+ − 426
if ( is_numeric ( $id ))
+ − 427
{
65
+ − 428
$result = $db -> query ( "SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=" . $db -> quote ( $id ) . " AND zones.owner=users.id ORDER by fullname" );
26
+ − 429
if ( $result -> numRows () == 0 )
+ − 430
{
36
+ − 431
return "" ;
+ − 432
}
+ − 433
else
+ − 434
{
26
+ − 435
$names = array ();
36
+ − 436
while ( $r = $result -> fetchRow ())
+ − 437
{
26
+ − 438
$names [] = $r [ 'fullname' ];
+ − 439
}
+ − 440
return implode ( ', ' , $names );
+ − 441
}
+ − 442
}
+ − 443
error ( ERR_INV_ARG );
+ − 444
}
+ − 445
82
+ − 446
+ − 447
+ − 448
function verify_user_is_owner_zoneid ( $zoneid ) {
+ − 449
global $db ;
+ − 450
+ − 451
$userid = $_SESSION [ "userid" ];
+ − 452
+ − 453
if ( is_numeric ( $zoneid )) {
+ − 454
$result = $db -> query ( "SELECT zones.id
+ − 455
FROM zones
+ − 456
WHERE zones.owner = " . $db -> quote ( $userid ) . "
+ − 457
AND zones.domain_id = " . $db -> quote ( $zoneid )) ;
+ − 458
if ( $result -> numRows () == 0 ) {
+ − 459
return "0" ;
+ − 460
} else {
+ − 461
return "1" ;
+ − 462
}
+ − 463
}
+ − 464
error ( ERR_INV_ARG );
+ − 465
}
+ − 466
+ − 467
+ − 468
function get_user_detail_list ( $specific ) {
+ − 469
+ − 470
global $db ;
+ − 471
$userid = $_SESSION [ 'userid' ];
+ − 472
+ − 473
+ − 474
if ( v_num ( $specific )) {
+ − 475
$sql_add = "AND users.id = " . $db -> quote ( $specific ) ;
+ − 476
} else {
126
+ − 477
if ( verify_permission ( 'user_view_others' )) {
82
+ − 478
$sql_add = "" ;
+ − 479
} else {
+ − 480
$sql_add = "AND users.id = " . $db -> quote ( $userid ) ;
+ − 481
}
+ − 482
}
+ − 483
+ − 484
$query = "SELECT users.id AS uid,
+ − 485
username,
+ − 486
fullname,
+ − 487
email,
+ − 488
description AS descr,
+ − 489
active,
+ − 490
perm_templ.id AS tpl_id,
+ − 491
perm_templ.name AS tpl_name,
+ − 492
perm_templ.descr AS tpl_descr
+ − 493
FROM users, perm_templ
+ − 494
WHERE users.perm_templ = perm_templ.id "
+ − 495
. $sql_add . "
+ − 496
ORDER BY username" ;
+ − 497
+ − 498
$result = $db -> query ( $query );
+ − 499
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 500
+ − 501
while ( $user = $result -> fetchRow ()) {
+ − 502
$userlist [] = array (
+ − 503
"uid" => $user [ 'uid' ],
+ − 504
"username" => $user [ 'username' ],
+ − 505
"fullname" => $user [ 'fullname' ],
+ − 506
"email" => $user [ 'email' ],
+ − 507
"descr" => $user [ 'descr' ],
+ − 508
"active" => $user [ 'active' ],
+ − 509
"tpl_id" => $user [ 'tpl_id' ],
+ − 510
"tpl_name" => $user [ 'tpl_name' ],
+ − 511
"tpl_descr" => $user [ 'tpl_descr' ]
+ − 512
);
+ − 513
}
+ − 514
return $userlist ;
+ − 515
}
+ − 516
+ − 517
+ − 518
// Get a list of permissions that are available. If first argument is "0", it
+ − 519
// should return all available permissions. If the first argument is > "0", it
+ − 520
// should return the permissions assigned to that particular template only. If
+ − 521
// second argument is true, only the permission names are returned.
+ − 522
+ − 523
function get_permissions_by_template_id ( $templ_id = 0 , $return_name_only = false ) {
+ − 524
global $db ;
+ − 525
+ − 526
if ( $templ_id > 0 ) {
+ − 527
$limit = ", perm_templ_items
+ − 528
WHERE perm_templ_items.templ_id = " . $db -> quote ( $templ_id ) . "
+ − 529
AND perm_templ_items.perm_id = perm_items.id" ;
+ − 530
}
+ − 531
+ − 532
$query = "SELECT perm_items.id AS id,
+ − 533
perm_items.name AS name,
+ − 534
perm_items.descr AS descr
+ − 535
FROM perm_items"
+ − 536
. $limit . "
+ − 537
ORDER BY descr" ;
+ − 538
$result = $db -> query ( $query );
+ − 539
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 540
+ − 541
$permission_list = array ();
+ − 542
while ( $permission = $result -> fetchRow ()) {
+ − 543
if ( $return_name_only == false ) {
+ − 544
$permission_list [] = array (
+ − 545
"id" => $permission [ 'id' ],
+ − 546
"name" => $permission [ 'name' ],
+ − 547
"descr" => $permission [ 'descr' ]
+ − 548
);
+ − 549
} else {
+ − 550
$permission_list [] = $permission [ 'name' ];
+ − 551
}
+ − 552
}
+ − 553
return $permission_list ;
+ − 554
}
+ − 555
+ − 556
+ − 557
// Get name and description of template based on template ID.
+ − 558
+ − 559
function get_permission_template_details ( $templ_id ) {
+ − 560
global $db ;
+ − 561
+ − 562
$query = "SELECT *
+ − 563
FROM perm_templ
+ − 564
WHERE perm_templ.id = " . $db -> quote ( $templ_id );
+ − 565
+ − 566
$result = $db -> query ( $query );
+ − 567
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 568
89
+ − 569
$details = $result -> fetchRow ();
+ − 570
return $details ;
82
+ − 571
}
+ − 572
+ − 573
+ − 574
// Get a list of all available permission templates.
+ − 575
+ − 576
function get_list_permission_templates () {
+ − 577
global $db ;
+ − 578
+ − 579
$query = "SELECT * FROM perm_templ" ;
+ − 580
$result = $db -> query ( $query );
+ − 581
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 582
+ − 583
$perm_templ_list = array ();
+ − 584
while ( $perm_templ = $result -> fetchRow ()) {
+ − 585
$perm_templ_list [] = array (
+ − 586
"id" => $perm_templ [ 'id' ],
+ − 587
"name" => $perm_templ [ 'name' ],
+ − 588
"descr" => $perm_templ [ 'descr' ]
+ − 589
);
+ − 590
}
+ − 591
return $perm_templ_list ;
+ − 592
}
+ − 593
+ − 594
85
+ − 595
// Add a permission template.
+ − 596
+ − 597
function add_perm_templ ( $details ) {
+ − 598
global $db ;
+ − 599
+ − 600
// Fix permission template name and description first.
+ − 601
109
+ − 602
$query = "INSERT INTO perm_templ (name, descr)
+ − 603
VALUES ("
85
+ − 604
. $db -> quote ( $details [ 'templ_name' ]) . ", "
+ − 605
. $db -> quote ( $details [ 'templ_descr' ]) . ")" ;
+ − 606
+ − 607
$result = $db -> query ( $query );
+ − 608
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 609
+ − 610
$perm_templ_id = $db -> lastInsertId ( 'perm_templ' , 'id' );
+ − 611
+ − 612
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
109
+ − 613
$r_insert_values [] = "(" . $db -> quote ( $perm_templ_id ) . "," . $db -> quote ( $perm_id ) . ")" ;
85
+ − 614
}
109
+ − 615
$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES " . implode ( ',' , $r_insert_values ) ;
85
+ − 616
$result = $db -> query ( $query );
+ − 617
if ( pear :: iserror ( $response )) { error ( $response -> getmessage ()); return false ; }
+ − 618
+ − 619
return true ;
+ − 620
}
+ − 621
82
+ − 622
// Update all details of a permission template.
+ − 623
+ − 624
function update_perm_templ_details ( $details ) {
+ − 625
global $db ;
+ − 626
+ − 627
// Fix permission template name and description first.
+ − 628
+ − 629
$query = "UPDATE perm_templ
+ − 630
SET name = " . $db -> quote ( $details [ 'templ_name' ]) . ",
+ − 631
descr = " . $db -> quote ( $details [ 'templ_descr' ]) . "
+ − 632
WHERE id = " . $db -> quote ( $details [ 'templ_id' ]) ;
+ − 633
+ − 634
$result = $db -> query ( $query );
+ − 635
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 636
+ − 637
// Now, update list of permissions assigned to this template. We could do
+ − 638
// this The Correct Way [tm] by comparing the list of permissions that are
+ − 639
// currently assigned with a list of permissions that should be assigned and
+ − 640
// apply the difference between these two lists to the database. That sounds
+ − 641
// like to much work. Just delete all the permissions currently assigned to
+ − 642
// the template, than assign all the permessions the template should have.
+ − 643
+ − 644
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details [ 'templ_id' ] ;
+ − 645
$result = $db -> query ( $query );
+ − 646
if ( pear :: iserror ( $response )) { error ( $response -> getmessage ()); return false ; }
+ − 647
+ − 648
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
109
+ − 649
$r_insert_values [] = "(" . $db -> quote ( $details [ 'templ_id' ]) . "," . $db -> quote ( $perm_id ) . ")" ;
82
+ − 650
}
109
+ − 651
$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES " . implode ( ',' , $r_insert_values ) ;
82
+ − 652
$result = $db -> query ( $query );
+ − 653
if ( pear :: iserror ( $response )) { error ( $response -> getmessage ()); return false ; }
+ − 654
+ − 655
return true ;
+ − 656
}
+ − 657
+ − 658
function update_user_details ( $details ) {
+ − 659
+ − 660
global $db ;
+ − 661
126
+ − 662
verify_permission ( 'user_edit_own' ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 663
verify_permission ( 'user_edit_others' ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
82
+ − 664
+ − 665
if (( $details [ 'uid' ] == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) ||
+ − 666
( $details [ 'uid' ] != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 667
+ − 668
if ( ! is_valid_email ( $details [ 'email' ])) {
+ − 669
error ( ERR_INV_EMAIL );
+ − 670
return false ;
+ − 671
}
+ − 672
+ − 673
if ( ! isset ( $details [ 'active' ]) || $details [ 'active' ] != "on" ) {
+ − 674
$active = 0 ;
+ − 675
} else {
+ − 676
$active = 1 ;
+ − 677
}
+ − 678
+ − 679
// Before updating the database we need to check whether the user wants to
+ − 680
// change the username. If the user wants to change the username, we need
+ − 681
// to make sure it doesn't already exists.
+ − 682
//
+ − 683
// First find the current username of the user ID we want to change. If the
+ − 684
// current username is not the same as the username that was given by the
+ − 685
// user, the username should apparantly changed. If so, check if the "new"
+ − 686
// username already exists.
+ − 687
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $details [ 'uid' ]);
+ − 688
$result = $db -> query ( $query );
+ − 689
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 690
+ − 691
$usercheck = array ();
+ − 692
$usercheck = $result -> fetchRow ();
+ − 693
+ − 694
if ( $usercheck [ 'username' ] != $details [ 'username' ]) {
+ − 695
// Username of user ID in the database is different from the name
+ − 696
// we have been given. User wants a change of username. Now, make
+ − 697
// sure it doesn't already exist.
+ − 698
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $details [ 'username' ]);
+ − 699
$result = $db -> query ( $query );
+ − 700
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 701
+ − 702
if ( $result -> numRows () > 0 ) {
+ − 703
error ( ERR_USER_EXIST );
+ − 704
return false ;
+ − 705
}
+ − 706
}
+ − 707
+ − 708
// So, user doesn't want to change username or, if he wants, there is not
+ − 709
// another user that goes by the wanted username. So, go ahead!
+ − 710
+ − 711
$query = "UPDATE users SET
+ − 712
username = " . $db -> quote ( $details [ 'username' ]) . ",
+ − 713
fullname = " . $db -> quote ( $details [ 'fullname' ]) . ",
+ − 714
email = " . $db -> quote ( $details [ 'email' ]) . ",
+ − 715
perm_templ = " . $db -> quote ( $details [ 'templ_id' ]) . ",
+ − 716
description = " . $db -> quote ( $details [ 'descr' ]) . ",
+ − 717
active = " . $db -> quote ( $active ) ;
+ − 718
+ − 719
// TODO Check if function works if password is set too.
+ − 720
if ( $details [ 'password' ] != "" ) {
+ − 721
$query .= ", password = '" . md5 ( $db -> quote ( $details [ 'password' ])) . "' " ;
+ − 722
}
+ − 723
+ − 724
$query .= " WHERE id = " . $db -> quote ( $details [ 'uid' ]) ;
+ − 725
+ − 726
$result = $db -> query ( $query );
+ − 727
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 728
+ − 729
} else {
+ − 730
error ( ERR_PERM_EDIT_USER );
+ − 731
return false ;
+ − 732
}
+ − 733
return true ;
+ − 734
}
+ − 735
+ − 736
// Add a new user
+ − 737
+ − 738
function add_new_user ( $details ) {
+ − 739
global $db ;
+ − 740
126
+ − 741
if ( ! verify_permission ( 'user_add_new' )) {
82
+ − 742
error ( ERR_PERM_ADD_USER );
+ − 743
+ − 744
} elseif ( user_exists ( $details [ 'username' ])) {
+ − 745
error ( ERR_USER_EXISTS );
+ − 746
+ − 747
} elseif ( ! is_valid_email ( $details [ 'email' ])) {
+ − 748
error ( ERR_INV_EMAIL );
+ − 749
+ − 750
} elseif ( $details [ 'active' ] == 1 ) {
+ − 751
$active = 1 ;
+ − 752
} else {
+ − 753
$active = 0 ;
+ − 754
}
+ − 755
109
+ − 756
$query = "INSERT INTO users (username, password, fullname, email, description, perm_templ, active) VALUES ("
82
+ − 757
. $db -> quote ( $details [ 'username' ]) . ", "
+ − 758
. $db -> quote ( md5 ( $details [ 'password' ])) . ", "
+ − 759
. $db -> quote ( $details [ 'fullname' ]) . ", "
+ − 760
. $db -> quote ( $details [ 'email' ]) . ", "
+ − 761
. $db -> quote ( $details [ 'descr' ]) . ", "
+ − 762
. $db -> quote ( $details [ 'perm_templ' ]) . ", "
+ − 763
. $db -> quote ( $active )
+ − 764
. ")" ;
+ − 765
+ − 766
$result = $db -> query ( $query );
+ − 767
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 768
+ − 769
return true ;
+ − 770
}
+ − 771
+ − 772
+ − 773
1
+ − 774
?>