71
|
1 |
<?php |
1
|
2 |
|
47
|
3 |
/* PowerAdmin, a friendly web-based admin tool for PowerDNS. |
|
4 |
* See <https://rejo.zenger.nl/poweradmin> for more details. |
|
5 |
* |
|
6 |
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl> |
|
7 |
* |
|
8 |
* This program is free software: you can redistribute it and/or modify |
|
9 |
* it under the terms of the GNU General Public License as published by |
|
10 |
* the Free Software Foundation, either version 3 of the License, or |
|
11 |
* (at your option) any later version. |
|
12 |
* |
|
13 |
* This program is distributed in the hope that it will be useful, |
|
14 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
* GNU General Public License for more details. |
|
17 |
* |
|
18 |
* You should have received a copy of the GNU General Public License |
|
19 |
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
20 |
*/ |
1
|
21 |
|
58
|
22 |
require_once("inc/toolkit.inc.php"); |
1
|
23 |
|
82
|
24 |
|
|
25 |
/* |
|
26 |
* Function to see if user has right to do something. It will check if |
|
27 |
* user has "ueberuser" bit set. If it isn't, it will check if the user has |
|
28 |
* the specific permission. It returns "false" if the user doesn't have the |
|
29 |
* right, and "true" if the user has. |
|
30 |
*/ |
|
31 |
|
|
32 |
function verify_permission($permission) { |
|
33 |
|
|
34 |
global $db; |
|
35 |
|
|
36 |
if ((!isset($_SESSION['userid'])) || (!is_object($db))) { |
|
37 |
return 0; |
|
38 |
} |
|
39 |
|
|
40 |
// Set current user ID. |
|
41 |
$userid=$_SESSION['userid']; |
|
42 |
|
|
43 |
// Find the template ID that this user has been assigned. |
|
44 |
$query = "SELECT perm_templ |
|
45 |
FROM users |
|
46 |
WHERE id = " . $db->quote($userid) ; |
|
47 |
$templ_id = $db->queryOne($query); |
|
48 |
|
|
49 |
// Does this user have ueberuser rights? |
|
50 |
$query = "SELECT id |
|
51 |
FROM perm_templ_items |
|
52 |
WHERE templ_id = " . $db->quote($templ_id) . " |
|
53 |
AND perm_id = '53'"; |
|
54 |
$result = $db->query($query); |
|
55 |
if ( $result->numRows() > 0 ) { |
|
56 |
return 1; |
|
57 |
} |
|
58 |
|
|
59 |
// Find the permission ID for the requested permission. |
|
60 |
$query = "SELECT id |
|
61 |
FROM perm_items |
|
62 |
WHERE name = " . $db->quote($permission) ; |
|
63 |
$perm_id = $db->queryOne($query); |
|
64 |
|
|
65 |
// Check if the permission ID is assigned to the template ID. |
|
66 |
$query = "SELECT id |
|
67 |
FROM perm_templ_items |
|
68 |
WHERE templ_id = " . $db->quote($templ_id) . " |
|
69 |
AND perm_id = " . $db->quote($perm_id) ; |
|
70 |
$result = $db->query($query); |
|
71 |
if ( $result->numRows() > 0 ) { |
|
72 |
return 1; |
|
73 |
} else { |
|
74 |
return 0; |
|
75 |
} |
|
76 |
} |
|
77 |
|
|
78 |
function list_permission_templates() { |
|
79 |
global $db; |
|
80 |
$query = "SELECT * FROM perm_templ"; |
|
81 |
$result = $db->query($query); |
|
82 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
83 |
|
|
84 |
$template_list = array(); |
|
85 |
while ($template= $result->fetchRow()) { |
|
86 |
$tempate_list[] = array( |
|
87 |
"id" => $template['id'], |
|
88 |
"name" => $template['name'], |
|
89 |
"descr" => $template['descr'] |
|
90 |
); |
|
91 |
} |
|
92 |
return $tempate_list; |
|
93 |
} |
|
94 |
|
1
|
95 |
/* |
|
96 |
* Retrieve all users. |
|
97 |
* Its to show_users therefore the odd name. Has to be changed. |
|
98 |
* return values: an array with all users in it. |
|
99 |
*/ |
|
100 |
function show_users($id='',$rowstart=0,$rowamount=9999999) |
|
101 |
{ |
|
102 |
global $db; |
65
|
103 |
$add = ''; |
1
|
104 |
if(is_numeric($id)) |
|
105 |
{ |
|
106 |
//When a user id is given, it is excluded from the userlist returned. |
65
|
107 |
$add = " WHERE users.id!=".$db->quote($id); |
1
|
108 |
} |
|
109 |
|
|
110 |
// Make a huge query. |
|
111 |
$sqlq = "SELECT users.id AS id, |
|
112 |
users.username AS username, |
|
113 |
users.fullname AS fullname, |
|
114 |
users.email AS email, |
|
115 |
users.description AS description, |
|
116 |
users.active AS active, |
82
|
117 |
users.perm_templ AS perm_templ, |
1
|
118 |
count(zones.owner) AS aantal FROM users |
|
119 |
LEFT JOIN zones ON users.id=zones.owner$add |
|
120 |
GROUP BY |
|
121 |
users.id, |
|
122 |
users.username, |
|
123 |
users.fullname, |
|
124 |
users.email, |
|
125 |
users.description, |
82
|
126 |
users.perm_templ, |
1
|
127 |
users.active |
|
128 |
ORDER BY |
65
|
129 |
users.fullname"; |
1
|
130 |
|
|
131 |
// Execute the huge query. |
74
|
132 |
$db->setLimit($rowamount, $rowstart); |
1
|
133 |
$result = $db->query($sqlq); |
|
134 |
$ret = array(); |
|
135 |
$retcount = 0; |
|
136 |
while ($r = $result->fetchRow()) |
|
137 |
{ |
|
138 |
$ret[] = array( |
|
139 |
"id" => $r["id"], |
|
140 |
"username" => $r["username"], |
|
141 |
"fullname" => $r["fullname"], |
|
142 |
"email" => $r["email"], |
|
143 |
"description" => $r["description"], |
|
144 |
"level" => $r["level"], |
|
145 |
"active" => $r["active"], |
|
146 |
"numdomains" => $r["aantal"] |
|
147 |
); |
|
148 |
} |
|
149 |
return $ret; |
|
150 |
} |
|
151 |
|
|
152 |
|
|
153 |
/* |
|
154 |
* Check if the given $userid is connected to a valid user. |
|
155 |
* return values: true if user exists, false if users doesnt exist. |
|
156 |
*/ |
|
157 |
function is_valid_user($id) |
|
158 |
{ |
|
159 |
global $db; |
|
160 |
if(is_numeric($id)) |
|
161 |
{ |
65
|
162 |
$result = $db->query("SELECT id FROM users WHERE id=".$db->quote($id)); |
1
|
163 |
if ($result->numRows() == 1) |
|
164 |
{ |
|
165 |
return true; |
|
166 |
} |
|
167 |
else |
|
168 |
{ |
|
169 |
return false; |
|
170 |
} |
|
171 |
} |
|
172 |
} |
|
173 |
|
|
174 |
|
|
175 |
/* |
|
176 |
* Checks if a given username exists in the database. |
|
177 |
* return values: true if exists, false if not. |
|
178 |
*/ |
|
179 |
function user_exists($user) |
|
180 |
{ |
|
181 |
global $db; |
65
|
182 |
$result = $db->query("SELECT id FROM users WHERE username=".$db->quote($user)); |
1
|
183 |
if ($result->numRows() == 0) |
|
184 |
{ |
|
185 |
return false; |
|
186 |
} |
|
187 |
elseif($result->numRows() == 1) |
|
188 |
{ |
|
189 |
return true; |
|
190 |
} |
|
191 |
else |
|
192 |
{ |
4
|
193 |
error(ERR_UNKNOWN); |
1
|
194 |
} |
|
195 |
} |
|
196 |
|
|
197 |
|
|
198 |
|
|
199 |
/* |
|
200 |
* Delete a user from the system |
|
201 |
* return values: true if user doesnt exist. |
|
202 |
*/ |
82
|
203 |
function delete_user($uid,$zones) |
1
|
204 |
{ |
|
205 |
global $db; |
|
206 |
|
82
|
207 |
if (($uid != $_SESSION['userid'] && !verify_permission(user_edit_others)) || ($uid == $_SESSION['userid'] && !verify_permission(user_edit_own))) { |
|
208 |
error(ERR_PERM_DEL_USER); |
|
209 |
return false; |
|
210 |
} else { |
1
|
211 |
|
82
|
212 |
if (is_array($zones)) { |
|
213 |
foreach ($zones as $zone) { |
|
214 |
if ($zone['target'] == "delete") { |
|
215 |
delete_domain($zone['zid']); |
|
216 |
} elseif ($zone['target'] == "new_owner") { |
|
217 |
add_owner_to_zone($zone['zid'], $zone['newowner']); |
|
218 |
} |
|
219 |
} |
|
220 |
} |
|
221 |
|
|
222 |
$query = "DELETE FROM zones WHERE owner = " . $db->quote($uid) ; |
|
223 |
$result = $db->query($query); |
|
224 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
225 |
|
|
226 |
$query = "DELETE FROM users WHERE id = " . $db->quote($uid) ; |
|
227 |
$result = $db->query($query); |
|
228 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
1
|
229 |
} |
82
|
230 |
return true; |
1
|
231 |
} |
|
232 |
|
|
233 |
|
|
234 |
/* |
|
235 |
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :) |
|
236 |
* return values: true if succesful |
|
237 |
*/ |
82
|
238 |
function edit_user($id, $user, $fullname, $email, $perm_templ, $description, $active, $password) |
1
|
239 |
{ |
|
240 |
global $db; |
82
|
241 |
|
|
242 |
verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; |
|
243 |
verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; |
|
244 |
|
|
245 |
if (($id == $_SESSION["userid"] && $perm_edit_own == "1") || ($id != $_SESSION["userid"] && $perm_edit_others == "1" )) { |
|
246 |
|
|
247 |
if (!is_valid_email($email)) { |
|
248 |
error(ERR_INV_EMAIL); |
|
249 |
return false; |
|
250 |
} |
1
|
251 |
|
82
|
252 |
if ($active != 1) { |
|
253 |
$active = 0; |
|
254 |
} |
|
255 |
|
|
256 |
// Before updating the database we need to check whether the user wants to |
|
257 |
// change the username. If the user wants to change the username, we need |
|
258 |
// to make sure it doesn't already exists. |
|
259 |
// |
|
260 |
// First find the current username of the user ID we want to change. If the |
|
261 |
// current username is not the same as the username that was given by the |
|
262 |
// user, the username should apparantly changed. If so, check if the "new" |
|
263 |
// username already exists. |
1
|
264 |
|
82
|
265 |
$query = "SELECT username FROM users WHERE id = " . $db->quote($id); |
|
266 |
$result = $db->query($query); |
|
267 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
1
|
268 |
|
82
|
269 |
$usercheck = array(); |
|
270 |
$usercheck = $result->fetchRow(); |
1
|
271 |
|
82
|
272 |
if ($usercheck['username'] != $user) { |
|
273 |
|
|
274 |
// Username of user ID in the database is different from the name |
|
275 |
// we have been given. User wants a change of username. Now, make |
|
276 |
// sure it doesn't already exist. |
|
277 |
|
83
|
278 |
$query = "SELECT id FROM users WHERE username = " . $db->quote($user); |
82
|
279 |
$result = $db->query($query); |
|
280 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
1
|
281 |
|
82
|
282 |
if($result->numRows() > 0) { |
|
283 |
error(ERR_USER_EXIST); |
|
284 |
return false; |
|
285 |
} |
|
286 |
} |
1
|
287 |
|
82
|
288 |
// So, user doesn't want to change username or, if he wants, there is not |
|
289 |
// another user that goes by the wanted username. So, go ahead! |
1
|
290 |
|
82
|
291 |
$query = "UPDATE users SET |
|
292 |
username = " . $db->quote($user) . ", |
|
293 |
fullname = " . $db->quote($fullname) . ", |
|
294 |
email = " . $db->quote($email) . ", |
|
295 |
perm_templ = " . $db->quote($perm_templ) . ", |
|
296 |
description = " . $db->quote($description) . ", |
|
297 |
active = " . $db->quote($active) ; |
1
|
298 |
|
82
|
299 |
if($password != "") { |
|
300 |
$query .= ", password = " . $db->quote(md5($password)) ; |
|
301 |
} |
|
302 |
|
|
303 |
$query .= " WHERE id = " . $db->quote($id) ; |
|
304 |
|
|
305 |
$result = $db->query($query); |
|
306 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
307 |
|
|
308 |
} else { |
|
309 |
error(ERR_PERM_EDIT_USER); |
|
310 |
return false; |
1
|
311 |
} |
82
|
312 |
return true; |
1
|
313 |
} |
|
314 |
|
|
315 |
/* |
|
316 |
* Change the pass of the user. |
|
317 |
* The user is automatically logged out after the pass change. |
|
318 |
* return values: none. |
|
319 |
*/ |
82
|
320 |
function change_user_pass($details) { |
1
|
321 |
global $db; |
82
|
322 |
|
|
323 |
if ($details['newpass'] != $details['newpass2']) { |
1
|
324 |
error(ERR_USER_MATCH_NEW_PASS); |
82
|
325 |
return false; |
1
|
326 |
} |
|
327 |
|
82
|
328 |
$query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION["userlogin"]); |
|
329 |
$result = $db->query($query); |
|
330 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
331 |
|
1
|
332 |
$rinfo = $result->fetchRow(); |
|
333 |
|
82
|
334 |
if(md5($details['currentpass']) == $rinfo['password']) { |
|
335 |
$query = "UPDATE users SET password = " . $db->quote(md5($details['newpass'])) . " WHERE id = " . $db->quote($rinfo['id']) ; |
|
336 |
$result = $db->query($query); |
|
337 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
1
|
338 |
|
82
|
339 |
logout( _('Password has been changed, please login.')); |
|
340 |
} else { |
1
|
341 |
error(ERR_USER_WRONG_CURRENT_PASS); |
82
|
342 |
return false; |
1
|
343 |
} |
|
344 |
} |
|
345 |
|
|
346 |
|
|
347 |
/* |
|
348 |
* Get a fullname when you have a userid. |
|
349 |
* return values: gives the fullname from a userid. |
|
350 |
*/ |
82
|
351 |
function get_fullname_from_userid($id) { |
1
|
352 |
global $db; |
82
|
353 |
if (is_numeric($id)) { |
65
|
354 |
$result = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id)); |
1
|
355 |
$r = $result->fetchRow(); |
|
356 |
return $r["fullname"]; |
82
|
357 |
} else { |
1
|
358 |
error(ERR_INV_ARG); |
82
|
359 |
return false; |
1
|
360 |
} |
|
361 |
} |
|
362 |
|
|
363 |
|
|
364 |
/* |
|
365 |
* Get a fullname when you have a userid. |
|
366 |
* return values: gives the fullname from a userid. |
|
367 |
*/ |
|
368 |
function get_owner_from_id($id) |
|
369 |
{ |
|
370 |
global $db; |
|
371 |
if (is_numeric($id)) |
|
372 |
{ |
65
|
373 |
$result = $db->query("SELECT fullname FROM users WHERE id=".$db->quote($id)); |
1
|
374 |
if ($result->numRows() == 1) |
|
375 |
{ |
|
376 |
$r = $result->fetchRow(); |
|
377 |
return $r["fullname"]; |
|
378 |
} |
|
379 |
else |
|
380 |
{ |
|
381 |
error(ERR_USER_NOT_EXIST); |
|
382 |
} |
|
383 |
} |
|
384 |
error(ERR_INV_ARG); |
|
385 |
} |
26
|
386 |
|
|
387 |
/** |
|
388 |
* get_owners_from_domainid |
|
389 |
* |
|
390 |
* @todo also fetch the subowners |
|
391 |
* @param $id integer the id of the domain |
|
392 |
* @return String the list of owners for this domain |
|
393 |
*/ |
82
|
394 |
function get_fullnames_owners_from_domainid($id) { |
26
|
395 |
|
|
396 |
global $db; |
|
397 |
if (is_numeric($id)) |
|
398 |
{ |
65
|
399 |
$result = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=".$db->quote($id)." AND zones.owner=users.id ORDER by fullname"); |
26
|
400 |
if ($result->numRows() == 0) |
|
401 |
{ |
36
|
402 |
return ""; |
|
403 |
} |
|
404 |
else |
|
405 |
{ |
26
|
406 |
$names = array(); |
36
|
407 |
while ($r = $result->fetchRow()) |
|
408 |
{ |
26
|
409 |
$names[] = $r['fullname']; |
|
410 |
} |
|
411 |
return implode(', ', $names); |
|
412 |
} |
|
413 |
} |
|
414 |
error(ERR_INV_ARG); |
|
415 |
} |
|
416 |
|
82
|
417 |
|
|
418 |
|
|
419 |
function verify_user_is_owner_zoneid($zoneid) { |
|
420 |
global $db; |
|
421 |
|
|
422 |
$userid=$_SESSION["userid"]; |
|
423 |
|
|
424 |
if (is_numeric($zoneid)) { |
|
425 |
$result = $db->query("SELECT zones.id |
|
426 |
FROM zones |
|
427 |
WHERE zones.owner = " . $db->quote($userid) . " |
|
428 |
AND zones.domain_id = ". $db->quote($zoneid)) ; |
|
429 |
if ($result->numRows() == 0) { |
|
430 |
return "0"; |
|
431 |
} else { |
|
432 |
return "1"; |
|
433 |
} |
|
434 |
} |
|
435 |
error(ERR_INV_ARG); |
|
436 |
} |
|
437 |
|
|
438 |
|
|
439 |
function get_user_detail_list($specific) { |
|
440 |
|
|
441 |
global $db; |
|
442 |
$userid=$_SESSION['userid']; |
|
443 |
|
|
444 |
|
|
445 |
if (v_num($specific)) { |
|
446 |
$sql_add = "AND users.id = " . $db->quote($specific) ; |
|
447 |
} else { |
|
448 |
if (verify_permission(user_view_others)) { |
|
449 |
$sql_add = ""; |
|
450 |
} else { |
|
451 |
$sql_add = "AND users.id = " . $db->quote($userid) ; |
|
452 |
} |
|
453 |
} |
|
454 |
|
|
455 |
$query = "SELECT users.id AS uid, |
|
456 |
username, |
|
457 |
fullname, |
|
458 |
email, |
|
459 |
description AS descr, |
|
460 |
active, |
|
461 |
perm_templ.id AS tpl_id, |
|
462 |
perm_templ.name AS tpl_name, |
|
463 |
perm_templ.descr AS tpl_descr |
|
464 |
FROM users, perm_templ |
|
465 |
WHERE users.perm_templ = perm_templ.id " |
|
466 |
. $sql_add . " |
|
467 |
ORDER BY username"; |
|
468 |
|
|
469 |
$result = $db->query($query); |
|
470 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
471 |
|
|
472 |
while ($user = $result->fetchRow()) { |
|
473 |
$userlist[] = array( |
|
474 |
"uid" => $user['uid'], |
|
475 |
"username" => $user['username'], |
|
476 |
"fullname" => $user['fullname'], |
|
477 |
"email" => $user['email'], |
|
478 |
"descr" => $user['descr'], |
|
479 |
"active" => $user['active'], |
|
480 |
"tpl_id" => $user['tpl_id'], |
|
481 |
"tpl_name" => $user['tpl_name'], |
|
482 |
"tpl_descr" => $user['tpl_descr'] |
|
483 |
); |
|
484 |
} |
|
485 |
return $userlist; |
|
486 |
} |
|
487 |
|
|
488 |
|
|
489 |
// Get a list of permissions that are available. If first argument is "0", it |
|
490 |
// should return all available permissions. If the first argument is > "0", it |
|
491 |
// should return the permissions assigned to that particular template only. If |
|
492 |
// second argument is true, only the permission names are returned. |
|
493 |
|
|
494 |
function get_permissions_by_template_id($templ_id=0,$return_name_only=false) { |
|
495 |
global $db; |
|
496 |
|
|
497 |
if ($templ_id > 0) { |
|
498 |
$limit = ", perm_templ_items |
|
499 |
WHERE perm_templ_items.templ_id = " . $db->quote($templ_id) . " |
|
500 |
AND perm_templ_items.perm_id = perm_items.id"; |
|
501 |
} |
|
502 |
|
|
503 |
$query = "SELECT perm_items.id AS id, |
|
504 |
perm_items.name AS name, |
|
505 |
perm_items.descr AS descr |
|
506 |
FROM perm_items" |
|
507 |
. $limit . " |
|
508 |
ORDER BY descr"; |
|
509 |
$result = $db->query($query); |
|
510 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
511 |
|
|
512 |
$permission_list = array(); |
|
513 |
while ($permission = $result->fetchRow()) { |
|
514 |
if ($return_name_only == false) { |
|
515 |
$permission_list[] = array( |
|
516 |
"id" => $permission['id'], |
|
517 |
"name" => $permission['name'], |
|
518 |
"descr" => $permission['descr'] |
|
519 |
); |
|
520 |
} else { |
|
521 |
$permission_list[] = $permission['name']; |
|
522 |
} |
|
523 |
} |
|
524 |
return $permission_list; |
|
525 |
} |
|
526 |
|
|
527 |
|
|
528 |
// Get name and description of template based on template ID. |
|
529 |
|
|
530 |
function get_permission_template_details($templ_id) { |
|
531 |
global $db; |
|
532 |
|
|
533 |
$query = "SELECT * |
|
534 |
FROM perm_templ |
|
535 |
WHERE perm_templ.id = " . $db->quote($templ_id); |
|
536 |
|
|
537 |
$result = $db->query($query); |
|
538 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
539 |
|
|
540 |
while($details = $result->fetchRow()) { |
|
541 |
$detail_list[] = array ( |
|
542 |
"name" => $details['name'], |
|
543 |
"descr" => $details['descr'] |
|
544 |
); |
|
545 |
} |
|
546 |
return $detail_list; |
|
547 |
} |
|
548 |
|
|
549 |
|
|
550 |
// Get a list of all available permission templates. |
|
551 |
|
|
552 |
function get_list_permission_templates() { |
|
553 |
global $db; |
|
554 |
|
|
555 |
$query = "SELECT * FROM perm_templ"; |
|
556 |
$result = $db->query($query); |
|
557 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
558 |
|
|
559 |
$perm_templ_list = array(); |
|
560 |
while ($perm_templ = $result->fetchRow()) { |
|
561 |
$perm_templ_list[] = array( |
|
562 |
"id" => $perm_templ['id'], |
|
563 |
"name" => $perm_templ['name'], |
|
564 |
"descr" => $perm_templ['descr'] |
|
565 |
); |
|
566 |
} |
|
567 |
return $perm_templ_list; |
|
568 |
} |
|
569 |
|
|
570 |
|
85
|
571 |
// Add a permission template. |
|
572 |
|
|
573 |
function add_perm_templ($details) { |
|
574 |
global $db; |
|
575 |
|
|
576 |
// Fix permission template name and description first. |
|
577 |
|
|
578 |
$query = "INSERT INTO perm_templ |
|
579 |
VALUES ( |
|
580 |
'', " |
|
581 |
. $db->quote($details['templ_name']) . ", " |
|
582 |
. $db->quote($details['templ_descr']) . ")"; |
|
583 |
|
|
584 |
$result = $db->query($query); |
|
585 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
586 |
|
|
587 |
$perm_templ_id = $db->lastInsertId('perm_templ', 'id'); |
|
588 |
|
|
589 |
foreach ($details['perm_id'] AS $perm_id) { |
|
590 |
$r_insert_values[] = "(''," . $db->quote($perm_templ_id) . "," . $db->quote($perm_id) . ")"; |
|
591 |
} |
|
592 |
$query = "INSERT INTO perm_templ_items VALUES " . implode(',', $r_insert_values) ; |
|
593 |
$result = $db->query($query); |
|
594 |
if (pear::iserror($response)) { error($response->getmessage()); return false; } |
|
595 |
|
|
596 |
return true; |
|
597 |
} |
|
598 |
|
82
|
599 |
// Update all details of a permission template. |
|
600 |
|
|
601 |
function update_perm_templ_details($details) { |
|
602 |
global $db; |
|
603 |
|
|
604 |
// Fix permission template name and description first. |
|
605 |
|
|
606 |
$query = "UPDATE perm_templ |
|
607 |
SET name = " . $db->quote($details['templ_name']) . ", |
|
608 |
descr = " . $db->quote($details['templ_descr']) . " |
|
609 |
WHERE id = " . $db->quote($details['templ_id']) ; |
|
610 |
|
|
611 |
$result = $db->query($query); |
|
612 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
613 |
|
|
614 |
// Now, update list of permissions assigned to this template. We could do |
|
615 |
// this The Correct Way [tm] by comparing the list of permissions that are |
|
616 |
// currently assigned with a list of permissions that should be assigned and |
|
617 |
// apply the difference between these two lists to the database. That sounds |
|
618 |
// like to much work. Just delete all the permissions currently assigned to |
|
619 |
// the template, than assign all the permessions the template should have. |
|
620 |
|
|
621 |
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details['templ_id'] ; |
|
622 |
$result = $db->query($query); |
|
623 |
if (pear::iserror($response)) { error($response->getmessage()); return false; } |
|
624 |
|
|
625 |
foreach ($details['perm_id'] AS $perm_id) { |
|
626 |
$r_insert_values[] = "(''," . $db->quote($details['templ_id']) . "," . $db->quote($perm_id) . ")"; |
|
627 |
} |
|
628 |
$query = "INSERT INTO perm_templ_items VALUES " . implode(',', $r_insert_values) ; |
|
629 |
$result = $db->query($query); |
|
630 |
if (pear::iserror($response)) { error($response->getmessage()); return false; } |
|
631 |
|
|
632 |
return true; |
|
633 |
} |
|
634 |
|
|
635 |
function update_user_details($details) { |
|
636 |
|
|
637 |
global $db; |
|
638 |
|
|
639 |
verify_permission(user_edit_own) ? $perm_edit_own = "1" : $perm_edit_own = "0" ; |
|
640 |
verify_permission(user_edit_others) ? $perm_edit_others = "1" : $perm_edit_others = "0" ; |
|
641 |
|
|
642 |
if (($details['uid'] == $_SESSION["userid"] && $perm_edit_own == "1") || |
|
643 |
($details['uid'] != $_SESSION["userid"] && $perm_edit_others == "1" )) { |
|
644 |
|
|
645 |
if (!is_valid_email($details['email'])) { |
|
646 |
error(ERR_INV_EMAIL); |
|
647 |
return false; |
|
648 |
} |
|
649 |
|
|
650 |
if (!isset($details['active']) || $details['active'] != "on" ) { |
|
651 |
$active = 0; |
|
652 |
} else { |
|
653 |
$active = 1; |
|
654 |
} |
|
655 |
|
|
656 |
// Before updating the database we need to check whether the user wants to |
|
657 |
// change the username. If the user wants to change the username, we need |
|
658 |
// to make sure it doesn't already exists. |
|
659 |
// |
|
660 |
// First find the current username of the user ID we want to change. If the |
|
661 |
// current username is not the same as the username that was given by the |
|
662 |
// user, the username should apparantly changed. If so, check if the "new" |
|
663 |
// username already exists. |
|
664 |
$query = "SELECT username FROM users WHERE id = " . $db->quote($details['uid']); |
|
665 |
$result = $db->query($query); |
|
666 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
667 |
|
|
668 |
$usercheck = array(); |
|
669 |
$usercheck = $result->fetchRow(); |
|
670 |
|
|
671 |
if ($usercheck['username'] != $details['username']) { |
|
672 |
// Username of user ID in the database is different from the name |
|
673 |
// we have been given. User wants a change of username. Now, make |
|
674 |
// sure it doesn't already exist. |
|
675 |
$query = "SELECT id FROM users WHERE username = " . $db->quote($details['username']); |
|
676 |
$result = $db->query($query); |
|
677 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
678 |
|
|
679 |
if($result->numRows() > 0) { |
|
680 |
error(ERR_USER_EXIST); |
|
681 |
return false; |
|
682 |
} |
|
683 |
} |
|
684 |
|
|
685 |
// So, user doesn't want to change username or, if he wants, there is not |
|
686 |
// another user that goes by the wanted username. So, go ahead! |
|
687 |
|
|
688 |
$query = "UPDATE users SET |
|
689 |
username = " . $db->quote($details['username']) . ", |
|
690 |
fullname = " . $db->quote($details['fullname']) . ", |
|
691 |
email = " . $db->quote($details['email']) . ", |
|
692 |
perm_templ = " . $db->quote($details['templ_id']) . ", |
|
693 |
description = " . $db->quote($details['descr']) . ", |
|
694 |
active = " . $db->quote($active) ; |
|
695 |
|
|
696 |
// TODO Check if function works if password is set too. |
|
697 |
if($details['password'] != "") { |
|
698 |
$query .= ", password = '" . md5($db->quote($details['password'])) . "' "; |
|
699 |
} |
|
700 |
|
|
701 |
$query .= " WHERE id = " . $db->quote($details['uid']) ; |
|
702 |
|
|
703 |
$result = $db->query($query); |
|
704 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
705 |
|
|
706 |
} else { |
|
707 |
error(ERR_PERM_EDIT_USER); |
|
708 |
return false; |
|
709 |
} |
|
710 |
return true; |
|
711 |
} |
|
712 |
|
|
713 |
// Add a new user |
|
714 |
|
|
715 |
function add_new_user($details) { |
|
716 |
global $db; |
|
717 |
|
|
718 |
if (!verify_permission(user_add_new)) { |
|
719 |
error(ERR_PERM_ADD_USER); |
|
720 |
|
|
721 |
} elseif (user_exists($details['username'])) { |
|
722 |
error(ERR_USER_EXISTS); |
|
723 |
|
|
724 |
} elseif (!is_valid_email($details['email'])) { |
|
725 |
error(ERR_INV_EMAIL); |
|
726 |
|
|
727 |
} elseif ($details['active'] == 1) { |
|
728 |
$active = 1; |
|
729 |
} else { |
|
730 |
$active = 0; |
|
731 |
} |
|
732 |
|
|
733 |
$query = "INSERT INTO users VALUES ( " |
|
734 |
. "'', " |
|
735 |
. $db->quote($details['username']) . ", " |
|
736 |
. $db->quote(md5($details['password'])) . ", " |
|
737 |
. $db->quote($details['fullname']) . ", " |
|
738 |
. $db->quote($details['email']) . ", " |
|
739 |
. $db->quote($details['descr']) . ", " |
|
740 |
. $db->quote($details['perm_templ']) . ", " |
|
741 |
. $db->quote($active) |
|
742 |
. ")"; |
|
743 |
|
|
744 |
$result = $db->query($query); |
|
745 |
if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
|
746 |
|
|
747 |
return true; |
|
748 |
} |
|
749 |
|
|
750 |
|
|
751 |
|
1
|
752 |
?> |