71
+ − 1
<?php
1
+ − 2
47
+ − 3
/* PowerAdmin, a friendly web-based admin tool for PowerDNS.
+ − 4
* See <https://rejo.zenger.nl/poweradmin> for more details.
+ − 5
*
+ − 6
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl>
+ − 7
*
+ − 8
* This program is free software: you can redistribute it and/or modify
+ − 9
* it under the terms of the GNU General Public License as published by
+ − 10
* the Free Software Foundation, either version 3 of the License, or
+ − 11
* (at your option) any later version.
+ − 12
*
+ − 13
* This program is distributed in the hope that it will be useful,
+ − 14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
+ − 15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ − 16
* GNU General Public License for more details.
+ − 17
*
+ − 18
* You should have received a copy of the GNU General Public License
+ − 19
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ − 20
*/
1
+ − 21
58
+ − 22
require_once ( "inc/toolkit.inc.php" );
1
+ − 23
82
+ − 24
+ − 25
/*
+ − 26
* Function to see if user has right to do something. It will check if
+ − 27
* user has "ueberuser" bit set. If it isn't, it will check if the user has
+ − 28
* the specific permission. It returns "false" if the user doesn't have the
+ − 29
* right, and "true" if the user has.
+ − 30
*/
+ − 31
+ − 32
function verify_permission ( $permission ) {
+ − 33
+ − 34
global $db ;
+ − 35
+ − 36
if (( ! isset ( $_SESSION [ 'userid' ])) || ( ! is_object ( $db ))) {
+ − 37
return 0 ;
+ − 38
}
+ − 39
+ − 40
// Set current user ID.
+ − 41
$userid = $_SESSION [ 'userid' ];
+ − 42
+ − 43
// Find the template ID that this user has been assigned.
+ − 44
$query = "SELECT perm_templ
+ − 45
FROM users
+ − 46
WHERE id = " . $db -> quote ( $userid ) ;
+ − 47
$templ_id = $db -> queryOne ( $query );
+ − 48
+ − 49
// Does this user have ueberuser rights?
+ − 50
$query = "SELECT id
+ − 51
FROM perm_templ_items
+ − 52
WHERE templ_id = " . $db -> quote ( $templ_id ) . "
+ − 53
AND perm_id = '53'" ;
+ − 54
$result = $db -> query ( $query );
+ − 55
if ( $result -> numRows () > 0 ) {
+ − 56
return 1 ;
+ − 57
}
+ − 58
+ − 59
// Find the permission ID for the requested permission.
+ − 60
$query = "SELECT id
+ − 61
FROM perm_items
+ − 62
WHERE name = " . $db -> quote ( $permission ) ;
+ − 63
$perm_id = $db -> queryOne ( $query );
+ − 64
+ − 65
// Check if the permission ID is assigned to the template ID.
+ − 66
$query = "SELECT id
+ − 67
FROM perm_templ_items
+ − 68
WHERE templ_id = " . $db -> quote ( $templ_id ) . "
+ − 69
AND perm_id = " . $db -> quote ( $perm_id ) ;
+ − 70
$result = $db -> query ( $query );
+ − 71
if ( $result -> numRows () > 0 ) {
+ − 72
return 1 ;
+ − 73
} else {
+ − 74
return 0 ;
+ − 75
}
+ − 76
}
+ − 77
+ − 78
function list_permission_templates () {
+ − 79
global $db ;
+ − 80
$query = "SELECT * FROM perm_templ" ;
+ − 81
$result = $db -> query ( $query );
+ − 82
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 83
+ − 84
$template_list = array ();
+ − 85
while ( $template = $result -> fetchRow ()) {
+ − 86
$tempate_list [] = array (
+ − 87
"id" => $template [ 'id' ],
+ − 88
"name" => $template [ 'name' ],
+ − 89
"descr" => $template [ 'descr' ]
+ − 90
);
+ − 91
}
+ − 92
return $tempate_list ;
+ − 93
}
+ − 94
1
+ − 95
/*
+ − 96
* Retrieve all users.
+ − 97
* Its to show_users therefore the odd name. Has to be changed.
+ − 98
* return values: an array with all users in it.
+ − 99
*/
+ − 100
function show_users ( $id = '' , $rowstart = 0 , $rowamount = 9999999 )
+ − 101
{
+ − 102
global $db ;
65
+ − 103
$add = '' ;
1
+ − 104
if ( is_numeric ( $id ))
+ − 105
{
+ − 106
//When a user id is given, it is excluded from the userlist returned.
65
+ − 107
$add = " WHERE users.id!=" . $db -> quote ( $id );
1
+ − 108
}
+ − 109
+ − 110
// Make a huge query.
+ − 111
$sqlq = "SELECT users.id AS id,
+ − 112
users.username AS username,
+ − 113
users.fullname AS fullname,
+ − 114
users.email AS email,
+ − 115
users.description AS description,
+ − 116
users.active AS active,
82
+ − 117
users.perm_templ AS perm_templ,
1
+ − 118
count(zones.owner) AS aantal FROM users
+ − 119
LEFT JOIN zones ON users.id=zones.owner $add
+ − 120
GROUP BY
+ − 121
users.id,
+ − 122
users.username,
+ − 123
users.fullname,
+ − 124
users.email,
+ − 125
users.description,
82
+ − 126
users.perm_templ,
1
+ − 127
users.active
+ − 128
ORDER BY
65
+ − 129
users.fullname" ;
1
+ − 130
+ − 131
// Execute the huge query.
74
+ − 132
$db -> setLimit ( $rowamount , $rowstart );
1
+ − 133
$result = $db -> query ( $sqlq );
+ − 134
$ret = array ();
+ − 135
$retcount = 0 ;
+ − 136
while ( $r = $result -> fetchRow ())
+ − 137
{
+ − 138
$ret [] = array (
+ − 139
"id" => $r [ "id" ],
+ − 140
"username" => $r [ "username" ],
+ − 141
"fullname" => $r [ "fullname" ],
+ − 142
"email" => $r [ "email" ],
+ − 143
"description" => $r [ "description" ],
+ − 144
"level" => $r [ "level" ],
+ − 145
"active" => $r [ "active" ],
+ − 146
"numdomains" => $r [ "aantal" ]
+ − 147
);
+ − 148
}
+ − 149
return $ret ;
+ − 150
}
+ − 151
+ − 152
+ − 153
/*
+ − 154
* Check if the given $userid is connected to a valid user.
+ − 155
* return values: true if user exists, false if users doesnt exist.
+ − 156
*/
+ − 157
function is_valid_user ( $id )
+ − 158
{
+ − 159
global $db ;
+ − 160
if ( is_numeric ( $id ))
+ − 161
{
65
+ − 162
$result = $db -> query ( "SELECT id FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 163
if ( $result -> numRows () == 1 )
+ − 164
{
+ − 165
return true ;
+ − 166
}
+ − 167
else
+ − 168
{
+ − 169
return false ;
+ − 170
}
+ − 171
}
+ − 172
}
+ − 173
+ − 174
+ − 175
/*
+ − 176
* Checks if a given username exists in the database.
+ − 177
* return values: true if exists, false if not.
+ − 178
*/
+ − 179
function user_exists ( $user )
+ − 180
{
+ − 181
global $db ;
65
+ − 182
$result = $db -> query ( "SELECT id FROM users WHERE username=" . $db -> quote ( $user ));
1
+ − 183
if ( $result -> numRows () == 0 )
+ − 184
{
+ − 185
return false ;
+ − 186
}
+ − 187
elseif ( $result -> numRows () == 1 )
+ − 188
{
+ − 189
return true ;
+ − 190
}
+ − 191
else
+ − 192
{
4
+ − 193
error ( ERR_UNKNOWN );
1
+ − 194
}
+ − 195
}
+ − 196
+ − 197
+ − 198
+ − 199
/*
+ − 200
* Delete a user from the system
+ − 201
* return values: true if user doesnt exist.
+ − 202
*/
82
+ − 203
function delete_user ( $uid , $zones )
1
+ − 204
{
+ − 205
global $db ;
+ − 206
82
+ − 207
if (( $uid != $_SESSION [ 'userid' ] && ! verify_permission ( user_edit_others )) || ( $uid == $_SESSION [ 'userid' ] && ! verify_permission ( user_edit_own ))) {
+ − 208
error ( ERR_PERM_DEL_USER );
+ − 209
return false ;
+ − 210
} else {
1
+ − 211
82
+ − 212
if ( is_array ( $zones )) {
+ − 213
foreach ( $zones as $zone ) {
+ − 214
if ( $zone [ 'target' ] == "delete" ) {
+ − 215
delete_domain ( $zone [ 'zid' ]);
+ − 216
} elseif ( $zone [ 'target' ] == "new_owner" ) {
+ − 217
add_owner_to_zone ( $zone [ 'zid' ], $zone [ 'newowner' ]);
+ − 218
}
+ − 219
}
+ − 220
}
+ − 221
+ − 222
$query = "DELETE FROM zones WHERE owner = " . $db -> quote ( $uid ) ;
+ − 223
$result = $db -> query ( $query );
+ − 224
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 225
+ − 226
$query = "DELETE FROM users WHERE id = " . $db -> quote ( $uid ) ;
+ − 227
$result = $db -> query ( $query );
+ − 228
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 229
}
82
+ − 230
return true ;
1
+ − 231
}
+ − 232
+ − 233
+ − 234
/*
+ − 235
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :)
+ − 236
* return values: true if succesful
+ − 237
*/
82
+ − 238
function edit_user ( $id , $user , $fullname , $email , $perm_templ , $description , $active , $password )
1
+ − 239
{
+ − 240
global $db ;
82
+ − 241
+ − 242
verify_permission ( user_edit_own ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 243
verify_permission ( user_edit_others ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
+ − 244
+ − 245
if (( $id == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) || ( $id != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 246
+ − 247
if ( ! is_valid_email ( $email )) {
+ − 248
error ( ERR_INV_EMAIL );
+ − 249
return false ;
+ − 250
}
1
+ − 251
82
+ − 252
if ( $active != 1 ) {
+ − 253
$active = 0 ;
+ − 254
}
+ − 255
+ − 256
// Before updating the database we need to check whether the user wants to
+ − 257
// change the username. If the user wants to change the username, we need
+ − 258
// to make sure it doesn't already exists.
+ − 259
//
+ − 260
// First find the current username of the user ID we want to change. If the
+ − 261
// current username is not the same as the username that was given by the
+ − 262
// user, the username should apparantly changed. If so, check if the "new"
+ − 263
// username already exists.
1
+ − 264
82
+ − 265
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $id );
+ − 266
$result = $db -> query ( $query );
+ − 267
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 268
82
+ − 269
$usercheck = array ();
+ − 270
$usercheck = $result -> fetchRow ();
1
+ − 271
82
+ − 272
if ( $usercheck [ 'username' ] != $user ) {
+ − 273
+ − 274
// Username of user ID in the database is different from the name
+ − 275
// we have been given. User wants a change of username. Now, make
+ − 276
// sure it doesn't already exist.
+ − 277
83
+ − 278
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $user );
82
+ − 279
$result = $db -> query ( $query );
+ − 280
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 281
82
+ − 282
if ( $result -> numRows () > 0 ) {
+ − 283
error ( ERR_USER_EXIST );
+ − 284
return false ;
+ − 285
}
+ − 286
}
1
+ − 287
82
+ − 288
// So, user doesn't want to change username or, if he wants, there is not
+ − 289
// another user that goes by the wanted username. So, go ahead!
1
+ − 290
82
+ − 291
$query = "UPDATE users SET
+ − 292
username = " . $db -> quote ( $user ) . ",
+ − 293
fullname = " . $db -> quote ( $fullname ) . ",
+ − 294
email = " . $db -> quote ( $email ) . ",
+ − 295
perm_templ = " . $db -> quote ( $perm_templ ) . ",
+ − 296
description = " . $db -> quote ( $description ) . ",
+ − 297
active = " . $db -> quote ( $active ) ;
1
+ − 298
82
+ − 299
if ( $password != "" ) {
+ − 300
$query .= ", password = " . $db -> quote ( md5 ( $password )) ;
+ − 301
}
+ − 302
+ − 303
$query .= " WHERE id = " . $db -> quote ( $id ) ;
+ − 304
+ − 305
$result = $db -> query ( $query );
+ − 306
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 307
+ − 308
} else {
+ − 309
error ( ERR_PERM_EDIT_USER );
+ − 310
return false ;
1
+ − 311
}
82
+ − 312
return true ;
1
+ − 313
}
+ − 314
+ − 315
/*
+ − 316
* Change the pass of the user.
+ − 317
* The user is automatically logged out after the pass change.
+ − 318
* return values: none.
+ − 319
*/
82
+ − 320
function change_user_pass ( $details ) {
1
+ − 321
global $db ;
82
+ − 322
+ − 323
if ( $details [ 'newpass' ] != $details [ 'newpass2' ]) {
1
+ − 324
error ( ERR_USER_MATCH_NEW_PASS );
82
+ − 325
return false ;
1
+ − 326
}
+ − 327
82
+ − 328
$query = "SELECT id, password FROM users WHERE username = " . $db -> quote ( $_SESSION [ "userlogin" ]);
+ − 329
$result = $db -> query ( $query );
+ − 330
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 331
1
+ − 332
$rinfo = $result -> fetchRow ();
+ − 333
82
+ − 334
if ( md5 ( $details [ 'currentpass' ]) == $rinfo [ 'password' ]) {
+ − 335
$query = "UPDATE users SET password = " . $db -> quote ( md5 ( $details [ 'newpass' ])) . " WHERE id = " . $db -> quote ( $rinfo [ 'id' ]) ;
+ − 336
$result = $db -> query ( $query );
+ − 337
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 338
82
+ − 339
logout ( _ ( 'Password has been changed, please login.' ));
+ − 340
} else {
1
+ − 341
error ( ERR_USER_WRONG_CURRENT_PASS );
82
+ − 342
return false ;
1
+ − 343
}
+ − 344
}
+ − 345
+ − 346
+ − 347
/*
+ − 348
* Get a fullname when you have a userid.
+ − 349
* return values: gives the fullname from a userid.
+ − 350
*/
82
+ − 351
function get_fullname_from_userid ( $id ) {
1
+ − 352
global $db ;
82
+ − 353
if ( is_numeric ( $id )) {
65
+ − 354
$result = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 355
$r = $result -> fetchRow ();
+ − 356
return $r [ "fullname" ];
82
+ − 357
} else {
1
+ − 358
error ( ERR_INV_ARG );
82
+ − 359
return false ;
1
+ − 360
}
+ − 361
}
+ − 362
+ − 363
+ − 364
/*
+ − 365
* Get a fullname when you have a userid.
+ − 366
* return values: gives the fullname from a userid.
+ − 367
*/
+ − 368
function get_owner_from_id ( $id )
+ − 369
{
+ − 370
global $db ;
+ − 371
if ( is_numeric ( $id ))
+ − 372
{
65
+ − 373
$result = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 374
if ( $result -> numRows () == 1 )
+ − 375
{
+ − 376
$r = $result -> fetchRow ();
+ − 377
return $r [ "fullname" ];
+ − 378
}
+ − 379
else
+ − 380
{
+ − 381
error ( ERR_USER_NOT_EXIST );
+ − 382
}
+ − 383
}
+ − 384
error ( ERR_INV_ARG );
+ − 385
}
26
+ − 386
+ − 387
/**
+ − 388
* get_owners_from_domainid
+ − 389
*
+ − 390
* @todo also fetch the subowners
+ − 391
* @param $id integer the id of the domain
+ − 392
* @return String the list of owners for this domain
+ − 393
*/
82
+ − 394
function get_fullnames_owners_from_domainid ( $id ) {
26
+ − 395
+ − 396
global $db ;
+ − 397
if ( is_numeric ( $id ))
+ − 398
{
65
+ − 399
$result = $db -> query ( "SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=" . $db -> quote ( $id ) . " AND zones.owner=users.id ORDER by fullname" );
26
+ − 400
if ( $result -> numRows () == 0 )
+ − 401
{
36
+ − 402
return "" ;
+ − 403
}
+ − 404
else
+ − 405
{
26
+ − 406
$names = array ();
36
+ − 407
while ( $r = $result -> fetchRow ())
+ − 408
{
26
+ − 409
$names [] = $r [ 'fullname' ];
+ − 410
}
+ − 411
return implode ( ', ' , $names );
+ − 412
}
+ − 413
}
+ − 414
error ( ERR_INV_ARG );
+ − 415
}
+ − 416
82
+ − 417
+ − 418
+ − 419
function verify_user_is_owner_zoneid ( $zoneid ) {
+ − 420
global $db ;
+ − 421
+ − 422
$userid = $_SESSION [ "userid" ];
+ − 423
+ − 424
if ( is_numeric ( $zoneid )) {
+ − 425
$result = $db -> query ( "SELECT zones.id
+ − 426
FROM zones
+ − 427
WHERE zones.owner = " . $db -> quote ( $userid ) . "
+ − 428
AND zones.domain_id = " . $db -> quote ( $zoneid )) ;
+ − 429
if ( $result -> numRows () == 0 ) {
+ − 430
return "0" ;
+ − 431
} else {
+ − 432
return "1" ;
+ − 433
}
+ − 434
}
+ − 435
error ( ERR_INV_ARG );
+ − 436
}
+ − 437
+ − 438
+ − 439
function get_user_detail_list ( $specific ) {
+ − 440
+ − 441
global $db ;
+ − 442
$userid = $_SESSION [ 'userid' ];
+ − 443
+ − 444
+ − 445
if ( v_num ( $specific )) {
+ − 446
$sql_add = "AND users.id = " . $db -> quote ( $specific ) ;
+ − 447
} else {
+ − 448
if ( verify_permission ( user_view_others )) {
+ − 449
$sql_add = "" ;
+ − 450
} else {
+ − 451
$sql_add = "AND users.id = " . $db -> quote ( $userid ) ;
+ − 452
}
+ − 453
}
+ − 454
+ − 455
$query = "SELECT users.id AS uid,
+ − 456
username,
+ − 457
fullname,
+ − 458
email,
+ − 459
description AS descr,
+ − 460
active,
+ − 461
perm_templ.id AS tpl_id,
+ − 462
perm_templ.name AS tpl_name,
+ − 463
perm_templ.descr AS tpl_descr
+ − 464
FROM users, perm_templ
+ − 465
WHERE users.perm_templ = perm_templ.id "
+ − 466
. $sql_add . "
+ − 467
ORDER BY username" ;
+ − 468
+ − 469
$result = $db -> query ( $query );
+ − 470
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 471
+ − 472
while ( $user = $result -> fetchRow ()) {
+ − 473
$userlist [] = array (
+ − 474
"uid" => $user [ 'uid' ],
+ − 475
"username" => $user [ 'username' ],
+ − 476
"fullname" => $user [ 'fullname' ],
+ − 477
"email" => $user [ 'email' ],
+ − 478
"descr" => $user [ 'descr' ],
+ − 479
"active" => $user [ 'active' ],
+ − 480
"tpl_id" => $user [ 'tpl_id' ],
+ − 481
"tpl_name" => $user [ 'tpl_name' ],
+ − 482
"tpl_descr" => $user [ 'tpl_descr' ]
+ − 483
);
+ − 484
}
+ − 485
return $userlist ;
+ − 486
}
+ − 487
+ − 488
+ − 489
// Get a list of permissions that are available. If first argument is "0", it
+ − 490
// should return all available permissions. If the first argument is > "0", it
+ − 491
// should return the permissions assigned to that particular template only. If
+ − 492
// second argument is true, only the permission names are returned.
+ − 493
+ − 494
function get_permissions_by_template_id ( $templ_id = 0 , $return_name_only = false ) {
+ − 495
global $db ;
+ − 496
+ − 497
if ( $templ_id > 0 ) {
+ − 498
$limit = ", perm_templ_items
+ − 499
WHERE perm_templ_items.templ_id = " . $db -> quote ( $templ_id ) . "
+ − 500
AND perm_templ_items.perm_id = perm_items.id" ;
+ − 501
}
+ − 502
+ − 503
$query = "SELECT perm_items.id AS id,
+ − 504
perm_items.name AS name,
+ − 505
perm_items.descr AS descr
+ − 506
FROM perm_items"
+ − 507
. $limit . "
+ − 508
ORDER BY descr" ;
+ − 509
$result = $db -> query ( $query );
+ − 510
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 511
+ − 512
$permission_list = array ();
+ − 513
while ( $permission = $result -> fetchRow ()) {
+ − 514
if ( $return_name_only == false ) {
+ − 515
$permission_list [] = array (
+ − 516
"id" => $permission [ 'id' ],
+ − 517
"name" => $permission [ 'name' ],
+ − 518
"descr" => $permission [ 'descr' ]
+ − 519
);
+ − 520
} else {
+ − 521
$permission_list [] = $permission [ 'name' ];
+ − 522
}
+ − 523
}
+ − 524
return $permission_list ;
+ − 525
}
+ − 526
+ − 527
+ − 528
// Get name and description of template based on template ID.
+ − 529
+ − 530
function get_permission_template_details ( $templ_id ) {
+ − 531
global $db ;
+ − 532
+ − 533
$query = "SELECT *
+ − 534
FROM perm_templ
+ − 535
WHERE perm_templ.id = " . $db -> quote ( $templ_id );
+ − 536
+ − 537
$result = $db -> query ( $query );
+ − 538
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 539
+ − 540
while ( $details = $result -> fetchRow ()) {
+ − 541
$detail_list [] = array (
+ − 542
"name" => $details [ 'name' ],
+ − 543
"descr" => $details [ 'descr' ]
+ − 544
);
+ − 545
}
+ − 546
return $detail_list ;
+ − 547
}
+ − 548
+ − 549
+ − 550
// Get a list of all available permission templates.
+ − 551
+ − 552
function get_list_permission_templates () {
+ − 553
global $db ;
+ − 554
+ − 555
$query = "SELECT * FROM perm_templ" ;
+ − 556
$result = $db -> query ( $query );
+ − 557
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 558
+ − 559
$perm_templ_list = array ();
+ − 560
while ( $perm_templ = $result -> fetchRow ()) {
+ − 561
$perm_templ_list [] = array (
+ − 562
"id" => $perm_templ [ 'id' ],
+ − 563
"name" => $perm_templ [ 'name' ],
+ − 564
"descr" => $perm_templ [ 'descr' ]
+ − 565
);
+ − 566
}
+ − 567
return $perm_templ_list ;
+ − 568
}
+ − 569
+ − 570
85
+ − 571
// Add a permission template.
+ − 572
+ − 573
function add_perm_templ ( $details ) {
+ − 574
global $db ;
+ − 575
+ − 576
// Fix permission template name and description first.
+ − 577
+ − 578
$query = "INSERT INTO perm_templ
+ − 579
VALUES (
+ − 580
'', "
+ − 581
. $db -> quote ( $details [ 'templ_name' ]) . ", "
+ − 582
. $db -> quote ( $details [ 'templ_descr' ]) . ")" ;
+ − 583
+ − 584
$result = $db -> query ( $query );
+ − 585
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 586
+ − 587
$perm_templ_id = $db -> lastInsertId ( 'perm_templ' , 'id' );
+ − 588
+ − 589
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
+ − 590
$r_insert_values [] = "(''," . $db -> quote ( $perm_templ_id ) . "," . $db -> quote ( $perm_id ) . ")" ;
+ − 591
}
+ − 592
$query = "INSERT INTO perm_templ_items VALUES " . implode ( ',' , $r_insert_values ) ;
+ − 593
$result = $db -> query ( $query );
+ − 594
if ( pear :: iserror ( $response )) { error ( $response -> getmessage ()); return false ; }
+ − 595
+ − 596
return true ;
+ − 597
}
+ − 598
82
+ − 599
// Update all details of a permission template.
+ − 600
+ − 601
function update_perm_templ_details ( $details ) {
+ − 602
global $db ;
+ − 603
+ − 604
// Fix permission template name and description first.
+ − 605
+ − 606
$query = "UPDATE perm_templ
+ − 607
SET name = " . $db -> quote ( $details [ 'templ_name' ]) . ",
+ − 608
descr = " . $db -> quote ( $details [ 'templ_descr' ]) . "
+ − 609
WHERE id = " . $db -> quote ( $details [ 'templ_id' ]) ;
+ − 610
+ − 611
$result = $db -> query ( $query );
+ − 612
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 613
+ − 614
// Now, update list of permissions assigned to this template. We could do
+ − 615
// this The Correct Way [tm] by comparing the list of permissions that are
+ − 616
// currently assigned with a list of permissions that should be assigned and
+ − 617
// apply the difference between these two lists to the database. That sounds
+ − 618
// like to much work. Just delete all the permissions currently assigned to
+ − 619
// the template, than assign all the permessions the template should have.
+ − 620
+ − 621
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details [ 'templ_id' ] ;
+ − 622
$result = $db -> query ( $query );
+ − 623
if ( pear :: iserror ( $response )) { error ( $response -> getmessage ()); return false ; }
+ − 624
+ − 625
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
+ − 626
$r_insert_values [] = "(''," . $db -> quote ( $details [ 'templ_id' ]) . "," . $db -> quote ( $perm_id ) . ")" ;
+ − 627
}
+ − 628
$query = "INSERT INTO perm_templ_items VALUES " . implode ( ',' , $r_insert_values ) ;
+ − 629
$result = $db -> query ( $query );
+ − 630
if ( pear :: iserror ( $response )) { error ( $response -> getmessage ()); return false ; }
+ − 631
+ − 632
return true ;
+ − 633
}
+ − 634
+ − 635
function update_user_details ( $details ) {
+ − 636
+ − 637
global $db ;
+ − 638
+ − 639
verify_permission ( user_edit_own ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 640
verify_permission ( user_edit_others ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
+ − 641
+ − 642
if (( $details [ 'uid' ] == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) ||
+ − 643
( $details [ 'uid' ] != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 644
+ − 645
if ( ! is_valid_email ( $details [ 'email' ])) {
+ − 646
error ( ERR_INV_EMAIL );
+ − 647
return false ;
+ − 648
}
+ − 649
+ − 650
if ( ! isset ( $details [ 'active' ]) || $details [ 'active' ] != "on" ) {
+ − 651
$active = 0 ;
+ − 652
} else {
+ − 653
$active = 1 ;
+ − 654
}
+ − 655
+ − 656
// Before updating the database we need to check whether the user wants to
+ − 657
// change the username. If the user wants to change the username, we need
+ − 658
// to make sure it doesn't already exists.
+ − 659
//
+ − 660
// First find the current username of the user ID we want to change. If the
+ − 661
// current username is not the same as the username that was given by the
+ − 662
// user, the username should apparantly changed. If so, check if the "new"
+ − 663
// username already exists.
+ − 664
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $details [ 'uid' ]);
+ − 665
$result = $db -> query ( $query );
+ − 666
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 667
+ − 668
$usercheck = array ();
+ − 669
$usercheck = $result -> fetchRow ();
+ − 670
+ − 671
if ( $usercheck [ 'username' ] != $details [ 'username' ]) {
+ − 672
// Username of user ID in the database is different from the name
+ − 673
// we have been given. User wants a change of username. Now, make
+ − 674
// sure it doesn't already exist.
+ − 675
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $details [ 'username' ]);
+ − 676
$result = $db -> query ( $query );
+ − 677
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 678
+ − 679
if ( $result -> numRows () > 0 ) {
+ − 680
error ( ERR_USER_EXIST );
+ − 681
return false ;
+ − 682
}
+ − 683
}
+ − 684
+ − 685
// So, user doesn't want to change username or, if he wants, there is not
+ − 686
// another user that goes by the wanted username. So, go ahead!
+ − 687
+ − 688
$query = "UPDATE users SET
+ − 689
username = " . $db -> quote ( $details [ 'username' ]) . ",
+ − 690
fullname = " . $db -> quote ( $details [ 'fullname' ]) . ",
+ − 691
email = " . $db -> quote ( $details [ 'email' ]) . ",
+ − 692
perm_templ = " . $db -> quote ( $details [ 'templ_id' ]) . ",
+ − 693
description = " . $db -> quote ( $details [ 'descr' ]) . ",
+ − 694
active = " . $db -> quote ( $active ) ;
+ − 695
+ − 696
// TODO Check if function works if password is set too.
+ − 697
if ( $details [ 'password' ] != "" ) {
+ − 698
$query .= ", password = '" . md5 ( $db -> quote ( $details [ 'password' ])) . "' " ;
+ − 699
}
+ − 700
+ − 701
$query .= " WHERE id = " . $db -> quote ( $details [ 'uid' ]) ;
+ − 702
+ − 703
$result = $db -> query ( $query );
+ − 704
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 705
+ − 706
} else {
+ − 707
error ( ERR_PERM_EDIT_USER );
+ − 708
return false ;
+ − 709
}
+ − 710
return true ;
+ − 711
}
+ − 712
+ − 713
// Add a new user
+ − 714
+ − 715
function add_new_user ( $details ) {
+ − 716
global $db ;
+ − 717
+ − 718
if ( ! verify_permission ( user_add_new )) {
+ − 719
error ( ERR_PERM_ADD_USER );
+ − 720
+ − 721
} elseif ( user_exists ( $details [ 'username' ])) {
+ − 722
error ( ERR_USER_EXISTS );
+ − 723
+ − 724
} elseif ( ! is_valid_email ( $details [ 'email' ])) {
+ − 725
error ( ERR_INV_EMAIL );
+ − 726
+ − 727
} elseif ( $details [ 'active' ] == 1 ) {
+ − 728
$active = 1 ;
+ − 729
} else {
+ − 730
$active = 0 ;
+ − 731
}
+ − 732
+ − 733
$query = "INSERT INTO users VALUES ( "
+ − 734
. "'', "
+ − 735
. $db -> quote ( $details [ 'username' ]) . ", "
+ − 736
. $db -> quote ( md5 ( $details [ 'password' ])) . ", "
+ − 737
. $db -> quote ( $details [ 'fullname' ]) . ", "
+ − 738
. $db -> quote ( $details [ 'email' ]) . ", "
+ − 739
. $db -> quote ( $details [ 'descr' ]) . ", "
+ − 740
. $db -> quote ( $details [ 'perm_templ' ]) . ", "
+ − 741
. $db -> quote ( $active )
+ − 742
. ")" ;
+ − 743
+ − 744
$result = $db -> query ( $query );
+ − 745
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 746
+ − 747
return true ;
+ − 748
}
+ − 749
+ − 750
+ − 751
1
+ − 752
?>