71
+ − 1
<?php
1
+ − 2
47
+ − 3
/* PowerAdmin, a friendly web-based admin tool for PowerDNS.
+ − 4
* See <https://rejo.zenger.nl/poweradmin> for more details.
+ − 5
*
+ − 6
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl>
+ − 7
*
+ − 8
* This program is free software: you can redistribute it and/or modify
+ − 9
* it under the terms of the GNU General Public License as published by
+ − 10
* the Free Software Foundation, either version 3 of the License, or
+ − 11
* (at your option) any later version.
+ − 12
*
+ − 13
* This program is distributed in the hope that it will be useful,
+ − 14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
+ − 15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ − 16
* GNU General Public License for more details.
+ − 17
*
+ − 18
* You should have received a copy of the GNU General Public License
+ − 19
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ − 20
*/
1
+ − 21
58
+ − 22
require_once ( "inc/toolkit.inc.php" );
1
+ − 23
82
+ − 24
+ − 25
/*
+ − 26
* Function to see if user has right to do something. It will check if
+ − 27
* user has "ueberuser" bit set. If it isn't, it will check if the user has
+ − 28
* the specific permission. It returns "false" if the user doesn't have the
+ − 29
* right, and "true" if the user has.
+ − 30
*/
+ − 31
+ − 32
function verify_permission ( $permission ) {
+ − 33
+ − 34
global $db ;
+ − 35
+ − 36
if (( ! isset ( $_SESSION [ 'userid' ])) || ( ! is_object ( $db ))) {
+ − 37
return 0 ;
+ − 38
}
+ − 39
+ − 40
// Set current user ID.
+ − 41
$userid = $_SESSION [ 'userid' ];
+ − 42
+ − 43
// Find the template ID that this user has been assigned.
+ − 44
$query = "SELECT perm_templ
+ − 45
FROM users
+ − 46
WHERE id = " . $db -> quote ( $userid ) ;
+ − 47
$templ_id = $db -> queryOne ( $query );
+ − 48
+ − 49
// Does this user have ueberuser rights?
+ − 50
$query = "SELECT id
+ − 51
FROM perm_templ_items
+ − 52
WHERE templ_id = " . $db -> quote ( $templ_id ) . "
+ − 53
AND perm_id = '53'" ;
+ − 54
$result = $db -> query ( $query );
+ − 55
if ( $result -> numRows () > 0 ) {
+ − 56
return 1 ;
+ − 57
}
+ − 58
+ − 59
// Find the permission ID for the requested permission.
+ − 60
$query = "SELECT id
+ − 61
FROM perm_items
+ − 62
WHERE name = " . $db -> quote ( $permission ) ;
+ − 63
$perm_id = $db -> queryOne ( $query );
+ − 64
+ − 65
// Check if the permission ID is assigned to the template ID.
+ − 66
$query = "SELECT id
+ − 67
FROM perm_templ_items
+ − 68
WHERE templ_id = " . $db -> quote ( $templ_id ) . "
+ − 69
AND perm_id = " . $db -> quote ( $perm_id ) ;
+ − 70
$result = $db -> query ( $query );
+ − 71
if ( $result -> numRows () > 0 ) {
+ − 72
return 1 ;
+ − 73
} else {
+ − 74
return 0 ;
+ − 75
}
+ − 76
}
+ − 77
+ − 78
function list_permission_templates () {
+ − 79
global $db ;
+ − 80
$query = "SELECT * FROM perm_templ" ;
+ − 81
$result = $db -> query ( $query );
+ − 82
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 83
+ − 84
$template_list = array ();
+ − 85
while ( $template = $result -> fetchRow ()) {
+ − 86
$tempate_list [] = array (
+ − 87
"id" => $template [ 'id' ],
+ − 88
"name" => $template [ 'name' ],
+ − 89
"descr" => $template [ 'descr' ]
+ − 90
);
+ − 91
}
+ − 92
return $tempate_list ;
+ − 93
}
+ − 94
1
+ − 95
/*
+ − 96
* Retrieve all users.
+ − 97
* Its to show_users therefore the odd name. Has to be changed.
+ − 98
* return values: an array with all users in it.
+ − 99
*/
+ − 100
function show_users ( $id = '' , $rowstart = 0 , $rowamount = 9999999 )
+ − 101
{
+ − 102
global $db ;
65
+ − 103
$add = '' ;
1
+ − 104
if ( is_numeric ( $id ))
+ − 105
{
+ − 106
//When a user id is given, it is excluded from the userlist returned.
65
+ − 107
$add = " WHERE users.id!=" . $db -> quote ( $id );
1
+ − 108
}
+ − 109
+ − 110
// Make a huge query.
+ − 111
$sqlq = "SELECT users.id AS id,
+ − 112
users.username AS username,
+ − 113
users.fullname AS fullname,
+ − 114
users.email AS email,
+ − 115
users.description AS description,
+ − 116
users.active AS active,
82
+ − 117
users.perm_templ AS perm_templ,
1
+ − 118
count(zones.owner) AS aantal FROM users
+ − 119
LEFT JOIN zones ON users.id=zones.owner $add
+ − 120
GROUP BY
+ − 121
users.id,
+ − 122
users.username,
+ − 123
users.fullname,
+ − 124
users.email,
+ − 125
users.description,
82
+ − 126
users.perm_templ,
1
+ − 127
users.active
+ − 128
ORDER BY
65
+ − 129
users.fullname" ;
1
+ − 130
+ − 131
// Execute the huge query.
74
+ − 132
$db -> setLimit ( $rowamount , $rowstart );
1
+ − 133
$result = $db -> query ( $sqlq );
+ − 134
$ret = array ();
+ − 135
$retcount = 0 ;
+ − 136
while ( $r = $result -> fetchRow ())
+ − 137
{
+ − 138
$ret [] = array (
+ − 139
"id" => $r [ "id" ],
+ − 140
"username" => $r [ "username" ],
+ − 141
"fullname" => $r [ "fullname" ],
+ − 142
"email" => $r [ "email" ],
+ − 143
"description" => $r [ "description" ],
+ − 144
"level" => $r [ "level" ],
+ − 145
"active" => $r [ "active" ],
+ − 146
"numdomains" => $r [ "aantal" ]
+ − 147
);
+ − 148
}
+ − 149
return $ret ;
+ − 150
}
+ − 151
+ − 152
+ − 153
/*
+ − 154
* Check if the given $userid is connected to a valid user.
+ − 155
* return values: true if user exists, false if users doesnt exist.
+ − 156
*/
+ − 157
function is_valid_user ( $id )
+ − 158
{
+ − 159
global $db ;
+ − 160
if ( is_numeric ( $id ))
+ − 161
{
65
+ − 162
$result = $db -> query ( "SELECT id FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 163
if ( $result -> numRows () == 1 )
+ − 164
{
+ − 165
return true ;
+ − 166
}
+ − 167
else
+ − 168
{
+ − 169
return false ;
+ − 170
}
+ − 171
}
+ − 172
}
+ − 173
+ − 174
+ − 175
/*
+ − 176
* Checks if a given username exists in the database.
+ − 177
* return values: true if exists, false if not.
+ − 178
*/
+ − 179
function user_exists ( $user )
+ − 180
{
+ − 181
global $db ;
65
+ − 182
$result = $db -> query ( "SELECT id FROM users WHERE username=" . $db -> quote ( $user ));
1
+ − 183
if ( $result -> numRows () == 0 )
+ − 184
{
+ − 185
return false ;
+ − 186
}
+ − 187
elseif ( $result -> numRows () == 1 )
+ − 188
{
+ − 189
return true ;
+ − 190
}
+ − 191
else
+ − 192
{
4
+ − 193
error ( ERR_UNKNOWN );
1
+ − 194
}
+ − 195
}
+ − 196
+ − 197
+ − 198
+ − 199
/*
+ − 200
* Delete a user from the system
+ − 201
* return values: true if user doesnt exist.
+ − 202
*/
82
+ − 203
function delete_user ( $uid , $zones )
1
+ − 204
{
+ − 205
global $db ;
+ − 206
82
+ − 207
if (( $uid != $_SESSION [ 'userid' ] && ! verify_permission ( user_edit_others )) || ( $uid == $_SESSION [ 'userid' ] && ! verify_permission ( user_edit_own ))) {
+ − 208
error ( ERR_PERM_DEL_USER );
+ − 209
return false ;
+ − 210
} else {
1
+ − 211
82
+ − 212
if ( is_array ( $zones )) {
+ − 213
foreach ( $zones as $zone ) {
+ − 214
if ( $zone [ 'target' ] == "delete" ) {
+ − 215
delete_domain ( $zone [ 'zid' ]);
+ − 216
} elseif ( $zone [ 'target' ] == "new_owner" ) {
+ − 217
add_owner_to_zone ( $zone [ 'zid' ], $zone [ 'newowner' ]);
+ − 218
}
+ − 219
}
+ − 220
}
+ − 221
+ − 222
$query = "DELETE FROM zones WHERE owner = " . $db -> quote ( $uid ) ;
+ − 223
$result = $db -> query ( $query );
+ − 224
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 225
+ − 226
$query = "DELETE FROM users WHERE id = " . $db -> quote ( $uid ) ;
+ − 227
$result = $db -> query ( $query );
+ − 228
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 229
}
82
+ − 230
return true ;
1
+ − 231
}
+ − 232
89
+ − 233
function delete_perm_templ ( $ptid ) {
+ − 234
+ − 235
global $db ;
+ − 236
if ( ! ( verify_permission ( user_edit_templ_perm ))) {
+ − 237
error ( ERR_PERM_DEL_PERM_TEMPL );
+ − 238
} else {
+ − 239
$query = "SELECT id FROM users WHERE perm_templ = " . $ptid ;
+ − 240
$result = $db -> query ( $query );
+ − 241
if ( PEAR :: isError ( $result )) { error ( $response -> getMessage ()); return false ; }
+ − 242
+ − 243
if ( $result -> numRows () > 0 ) {
+ − 244
error ( ERR_PERM_TEMPL_ASSIGNED );
+ − 245
return false ;
+ − 246
} else {
+ − 247
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $ptid ;
+ − 248
$result = $db -> query ( $query );
+ − 249
if ( PEAR :: isError ( $result )) { error ( $response -> getMessage ()); return false ; }
+ − 250
+ − 251
$query = "DELETE FROM perm_templ WHERE id = " . $ptid ;
+ − 252
$result = $db -> query ( $query );
+ − 253
if ( PEAR :: isError ( $result )) { error ( $response -> getMessage ()); return false ; }
+ − 254
+ − 255
return true ;
+ − 256
}
+ − 257
}
+ − 258
}
1
+ − 259
+ − 260
/*
+ − 261
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :)
+ − 262
* return values: true if succesful
+ − 263
*/
82
+ − 264
function edit_user ( $id , $user , $fullname , $email , $perm_templ , $description , $active , $password )
1
+ − 265
{
+ − 266
global $db ;
82
+ − 267
+ − 268
verify_permission ( user_edit_own ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 269
verify_permission ( user_edit_others ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
+ − 270
+ − 271
if (( $id == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) || ( $id != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 272
+ − 273
if ( ! is_valid_email ( $email )) {
+ − 274
error ( ERR_INV_EMAIL );
+ − 275
return false ;
+ − 276
}
1
+ − 277
82
+ − 278
if ( $active != 1 ) {
+ − 279
$active = 0 ;
+ − 280
}
+ − 281
+ − 282
// Before updating the database we need to check whether the user wants to
+ − 283
// change the username. If the user wants to change the username, we need
+ − 284
// to make sure it doesn't already exists.
+ − 285
//
+ − 286
// First find the current username of the user ID we want to change. If the
+ − 287
// current username is not the same as the username that was given by the
+ − 288
// user, the username should apparantly changed. If so, check if the "new"
+ − 289
// username already exists.
1
+ − 290
82
+ − 291
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $id );
+ − 292
$result = $db -> query ( $query );
+ − 293
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 294
82
+ − 295
$usercheck = array ();
+ − 296
$usercheck = $result -> fetchRow ();
1
+ − 297
82
+ − 298
if ( $usercheck [ 'username' ] != $user ) {
+ − 299
+ − 300
// Username of user ID in the database is different from the name
+ − 301
// we have been given. User wants a change of username. Now, make
+ − 302
// sure it doesn't already exist.
+ − 303
83
+ − 304
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $user );
82
+ − 305
$result = $db -> query ( $query );
+ − 306
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 307
82
+ − 308
if ( $result -> numRows () > 0 ) {
+ − 309
error ( ERR_USER_EXIST );
+ − 310
return false ;
+ − 311
}
+ − 312
}
1
+ − 313
82
+ − 314
// So, user doesn't want to change username or, if he wants, there is not
+ − 315
// another user that goes by the wanted username. So, go ahead!
1
+ − 316
82
+ − 317
$query = "UPDATE users SET
+ − 318
username = " . $db -> quote ( $user ) . ",
+ − 319
fullname = " . $db -> quote ( $fullname ) . ",
+ − 320
email = " . $db -> quote ( $email ) . ",
+ − 321
perm_templ = " . $db -> quote ( $perm_templ ) . ",
+ − 322
description = " . $db -> quote ( $description ) . ",
+ − 323
active = " . $db -> quote ( $active ) ;
1
+ − 324
82
+ − 325
if ( $password != "" ) {
+ − 326
$query .= ", password = " . $db -> quote ( md5 ( $password )) ;
+ − 327
}
+ − 328
+ − 329
$query .= " WHERE id = " . $db -> quote ( $id ) ;
+ − 330
+ − 331
$result = $db -> query ( $query );
+ − 332
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 333
+ − 334
} else {
+ − 335
error ( ERR_PERM_EDIT_USER );
+ − 336
return false ;
1
+ − 337
}
82
+ − 338
return true ;
1
+ − 339
}
+ − 340
+ − 341
/*
+ − 342
* Change the pass of the user.
+ − 343
* The user is automatically logged out after the pass change.
+ − 344
* return values: none.
+ − 345
*/
82
+ − 346
function change_user_pass ( $details ) {
1
+ − 347
global $db ;
82
+ − 348
+ − 349
if ( $details [ 'newpass' ] != $details [ 'newpass2' ]) {
1
+ − 350
error ( ERR_USER_MATCH_NEW_PASS );
82
+ − 351
return false ;
1
+ − 352
}
+ − 353
82
+ − 354
$query = "SELECT id, password FROM users WHERE username = " . $db -> quote ( $_SESSION [ "userlogin" ]);
+ − 355
$result = $db -> query ( $query );
+ − 356
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 357
1
+ − 358
$rinfo = $result -> fetchRow ();
+ − 359
82
+ − 360
if ( md5 ( $details [ 'currentpass' ]) == $rinfo [ 'password' ]) {
+ − 361
$query = "UPDATE users SET password = " . $db -> quote ( md5 ( $details [ 'newpass' ])) . " WHERE id = " . $db -> quote ( $rinfo [ 'id' ]) ;
+ − 362
$result = $db -> query ( $query );
+ − 363
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 364
82
+ − 365
logout ( _ ( 'Password has been changed, please login.' ));
+ − 366
} else {
1
+ − 367
error ( ERR_USER_WRONG_CURRENT_PASS );
82
+ − 368
return false ;
1
+ − 369
}
+ − 370
}
+ − 371
+ − 372
+ − 373
/*
+ − 374
* Get a fullname when you have a userid.
+ − 375
* return values: gives the fullname from a userid.
+ − 376
*/
82
+ − 377
function get_fullname_from_userid ( $id ) {
1
+ − 378
global $db ;
82
+ − 379
if ( is_numeric ( $id )) {
65
+ − 380
$result = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 381
$r = $result -> fetchRow ();
+ − 382
return $r [ "fullname" ];
82
+ − 383
} else {
1
+ − 384
error ( ERR_INV_ARG );
82
+ − 385
return false ;
1
+ − 386
}
+ − 387
}
+ − 388
+ − 389
+ − 390
/*
+ − 391
* Get a fullname when you have a userid.
+ − 392
* return values: gives the fullname from a userid.
+ − 393
*/
+ − 394
function get_owner_from_id ( $id )
+ − 395
{
+ − 396
global $db ;
+ − 397
if ( is_numeric ( $id ))
+ − 398
{
65
+ − 399
$result = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id ));
1
+ − 400
if ( $result -> numRows () == 1 )
+ − 401
{
+ − 402
$r = $result -> fetchRow ();
+ − 403
return $r [ "fullname" ];
+ − 404
}
+ − 405
else
+ − 406
{
+ − 407
error ( ERR_USER_NOT_EXIST );
+ − 408
}
+ − 409
}
+ − 410
error ( ERR_INV_ARG );
+ − 411
}
26
+ − 412
+ − 413
/**
+ − 414
* get_owners_from_domainid
+ − 415
*
+ − 416
* @todo also fetch the subowners
+ − 417
* @param $id integer the id of the domain
+ − 418
* @return String the list of owners for this domain
+ − 419
*/
82
+ − 420
function get_fullnames_owners_from_domainid ( $id ) {
26
+ − 421
+ − 422
global $db ;
+ − 423
if ( is_numeric ( $id ))
+ − 424
{
65
+ − 425
$result = $db -> query ( "SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=" . $db -> quote ( $id ) . " AND zones.owner=users.id ORDER by fullname" );
26
+ − 426
if ( $result -> numRows () == 0 )
+ − 427
{
36
+ − 428
return "" ;
+ − 429
}
+ − 430
else
+ − 431
{
26
+ − 432
$names = array ();
36
+ − 433
while ( $r = $result -> fetchRow ())
+ − 434
{
26
+ − 435
$names [] = $r [ 'fullname' ];
+ − 436
}
+ − 437
return implode ( ', ' , $names );
+ − 438
}
+ − 439
}
+ − 440
error ( ERR_INV_ARG );
+ − 441
}
+ − 442
82
+ − 443
+ − 444
+ − 445
function verify_user_is_owner_zoneid ( $zoneid ) {
+ − 446
global $db ;
+ − 447
+ − 448
$userid = $_SESSION [ "userid" ];
+ − 449
+ − 450
if ( is_numeric ( $zoneid )) {
+ − 451
$result = $db -> query ( "SELECT zones.id
+ − 452
FROM zones
+ − 453
WHERE zones.owner = " . $db -> quote ( $userid ) . "
+ − 454
AND zones.domain_id = " . $db -> quote ( $zoneid )) ;
+ − 455
if ( $result -> numRows () == 0 ) {
+ − 456
return "0" ;
+ − 457
} else {
+ − 458
return "1" ;
+ − 459
}
+ − 460
}
+ − 461
error ( ERR_INV_ARG );
+ − 462
}
+ − 463
+ − 464
+ − 465
function get_user_detail_list ( $specific ) {
+ − 466
+ − 467
global $db ;
+ − 468
$userid = $_SESSION [ 'userid' ];
+ − 469
+ − 470
+ − 471
if ( v_num ( $specific )) {
+ − 472
$sql_add = "AND users.id = " . $db -> quote ( $specific ) ;
+ − 473
} else {
+ − 474
if ( verify_permission ( user_view_others )) {
+ − 475
$sql_add = "" ;
+ − 476
} else {
+ − 477
$sql_add = "AND users.id = " . $db -> quote ( $userid ) ;
+ − 478
}
+ − 479
}
+ − 480
+ − 481
$query = "SELECT users.id AS uid,
+ − 482
username,
+ − 483
fullname,
+ − 484
email,
+ − 485
description AS descr,
+ − 486
active,
+ − 487
perm_templ.id AS tpl_id,
+ − 488
perm_templ.name AS tpl_name,
+ − 489
perm_templ.descr AS tpl_descr
+ − 490
FROM users, perm_templ
+ − 491
WHERE users.perm_templ = perm_templ.id "
+ − 492
. $sql_add . "
+ − 493
ORDER BY username" ;
+ − 494
+ − 495
$result = $db -> query ( $query );
+ − 496
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 497
+ − 498
while ( $user = $result -> fetchRow ()) {
+ − 499
$userlist [] = array (
+ − 500
"uid" => $user [ 'uid' ],
+ − 501
"username" => $user [ 'username' ],
+ − 502
"fullname" => $user [ 'fullname' ],
+ − 503
"email" => $user [ 'email' ],
+ − 504
"descr" => $user [ 'descr' ],
+ − 505
"active" => $user [ 'active' ],
+ − 506
"tpl_id" => $user [ 'tpl_id' ],
+ − 507
"tpl_name" => $user [ 'tpl_name' ],
+ − 508
"tpl_descr" => $user [ 'tpl_descr' ]
+ − 509
);
+ − 510
}
+ − 511
return $userlist ;
+ − 512
}
+ − 513
+ − 514
+ − 515
// Get a list of permissions that are available. If first argument is "0", it
+ − 516
// should return all available permissions. If the first argument is > "0", it
+ − 517
// should return the permissions assigned to that particular template only. If
+ − 518
// second argument is true, only the permission names are returned.
+ − 519
+ − 520
function get_permissions_by_template_id ( $templ_id = 0 , $return_name_only = false ) {
+ − 521
global $db ;
+ − 522
+ − 523
if ( $templ_id > 0 ) {
+ − 524
$limit = ", perm_templ_items
+ − 525
WHERE perm_templ_items.templ_id = " . $db -> quote ( $templ_id ) . "
+ − 526
AND perm_templ_items.perm_id = perm_items.id" ;
+ − 527
}
+ − 528
+ − 529
$query = "SELECT perm_items.id AS id,
+ − 530
perm_items.name AS name,
+ − 531
perm_items.descr AS descr
+ − 532
FROM perm_items"
+ − 533
. $limit . "
+ − 534
ORDER BY descr" ;
+ − 535
$result = $db -> query ( $query );
+ − 536
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 537
+ − 538
$permission_list = array ();
+ − 539
while ( $permission = $result -> fetchRow ()) {
+ − 540
if ( $return_name_only == false ) {
+ − 541
$permission_list [] = array (
+ − 542
"id" => $permission [ 'id' ],
+ − 543
"name" => $permission [ 'name' ],
+ − 544
"descr" => $permission [ 'descr' ]
+ − 545
);
+ − 546
} else {
+ − 547
$permission_list [] = $permission [ 'name' ];
+ − 548
}
+ − 549
}
+ − 550
return $permission_list ;
+ − 551
}
+ − 552
+ − 553
+ − 554
// Get name and description of template based on template ID.
+ − 555
+ − 556
function get_permission_template_details ( $templ_id ) {
+ − 557
global $db ;
+ − 558
+ − 559
$query = "SELECT *
+ − 560
FROM perm_templ
+ − 561
WHERE perm_templ.id = " . $db -> quote ( $templ_id );
+ − 562
+ − 563
$result = $db -> query ( $query );
+ − 564
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 565
89
+ − 566
$details = $result -> fetchRow ();
+ − 567
return $details ;
82
+ − 568
}
+ − 569
+ − 570
+ − 571
// Get a list of all available permission templates.
+ − 572
+ − 573
function get_list_permission_templates () {
+ − 574
global $db ;
+ − 575
+ − 576
$query = "SELECT * FROM perm_templ" ;
+ − 577
$result = $db -> query ( $query );
+ − 578
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 579
+ − 580
$perm_templ_list = array ();
+ − 581
while ( $perm_templ = $result -> fetchRow ()) {
+ − 582
$perm_templ_list [] = array (
+ − 583
"id" => $perm_templ [ 'id' ],
+ − 584
"name" => $perm_templ [ 'name' ],
+ − 585
"descr" => $perm_templ [ 'descr' ]
+ − 586
);
+ − 587
}
+ − 588
return $perm_templ_list ;
+ − 589
}
+ − 590
+ − 591
85
+ − 592
// Add a permission template.
+ − 593
+ − 594
function add_perm_templ ( $details ) {
+ − 595
global $db ;
+ − 596
+ − 597
// Fix permission template name and description first.
+ − 598
109
+ − 599
$query = "INSERT INTO perm_templ (name, descr)
+ − 600
VALUES ("
85
+ − 601
. $db -> quote ( $details [ 'templ_name' ]) . ", "
+ − 602
. $db -> quote ( $details [ 'templ_descr' ]) . ")" ;
+ − 603
+ − 604
$result = $db -> query ( $query );
+ − 605
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 606
+ − 607
$perm_templ_id = $db -> lastInsertId ( 'perm_templ' , 'id' );
+ − 608
+ − 609
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
109
+ − 610
$r_insert_values [] = "(" . $db -> quote ( $perm_templ_id ) . "," . $db -> quote ( $perm_id ) . ")" ;
85
+ − 611
}
109
+ − 612
$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES " . implode ( ',' , $r_insert_values ) ;
85
+ − 613
$result = $db -> query ( $query );
+ − 614
if ( pear :: iserror ( $response )) { error ( $response -> getmessage ()); return false ; }
+ − 615
+ − 616
return true ;
+ − 617
}
+ − 618
82
+ − 619
// Update all details of a permission template.
+ − 620
+ − 621
function update_perm_templ_details ( $details ) {
+ − 622
global $db ;
+ − 623
+ − 624
// Fix permission template name and description first.
+ − 625
+ − 626
$query = "UPDATE perm_templ
+ − 627
SET name = " . $db -> quote ( $details [ 'templ_name' ]) . ",
+ − 628
descr = " . $db -> quote ( $details [ 'templ_descr' ]) . "
+ − 629
WHERE id = " . $db -> quote ( $details [ 'templ_id' ]) ;
+ − 630
+ − 631
$result = $db -> query ( $query );
+ − 632
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 633
+ − 634
// Now, update list of permissions assigned to this template. We could do
+ − 635
// this The Correct Way [tm] by comparing the list of permissions that are
+ − 636
// currently assigned with a list of permissions that should be assigned and
+ − 637
// apply the difference between these two lists to the database. That sounds
+ − 638
// like to much work. Just delete all the permissions currently assigned to
+ − 639
// the template, than assign all the permessions the template should have.
+ − 640
+ − 641
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details [ 'templ_id' ] ;
+ − 642
$result = $db -> query ( $query );
+ − 643
if ( pear :: iserror ( $response )) { error ( $response -> getmessage ()); return false ; }
+ − 644
+ − 645
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
109
+ − 646
$r_insert_values [] = "(" . $db -> quote ( $details [ 'templ_id' ]) . "," . $db -> quote ( $perm_id ) . ")" ;
82
+ − 647
}
109
+ − 648
$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES " . implode ( ',' , $r_insert_values ) ;
82
+ − 649
$result = $db -> query ( $query );
+ − 650
if ( pear :: iserror ( $response )) { error ( $response -> getmessage ()); return false ; }
+ − 651
+ − 652
return true ;
+ − 653
}
+ − 654
+ − 655
function update_user_details ( $details ) {
+ − 656
+ − 657
global $db ;
+ − 658
+ − 659
verify_permission ( user_edit_own ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 660
verify_permission ( user_edit_others ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
+ − 661
+ − 662
if (( $details [ 'uid' ] == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) ||
+ − 663
( $details [ 'uid' ] != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 664
+ − 665
if ( ! is_valid_email ( $details [ 'email' ])) {
+ − 666
error ( ERR_INV_EMAIL );
+ − 667
return false ;
+ − 668
}
+ − 669
+ − 670
if ( ! isset ( $details [ 'active' ]) || $details [ 'active' ] != "on" ) {
+ − 671
$active = 0 ;
+ − 672
} else {
+ − 673
$active = 1 ;
+ − 674
}
+ − 675
+ − 676
// Before updating the database we need to check whether the user wants to
+ − 677
// change the username. If the user wants to change the username, we need
+ − 678
// to make sure it doesn't already exists.
+ − 679
//
+ − 680
// First find the current username of the user ID we want to change. If the
+ − 681
// current username is not the same as the username that was given by the
+ − 682
// user, the username should apparantly changed. If so, check if the "new"
+ − 683
// username already exists.
+ − 684
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $details [ 'uid' ]);
+ − 685
$result = $db -> query ( $query );
+ − 686
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 687
+ − 688
$usercheck = array ();
+ − 689
$usercheck = $result -> fetchRow ();
+ − 690
+ − 691
if ( $usercheck [ 'username' ] != $details [ 'username' ]) {
+ − 692
// Username of user ID in the database is different from the name
+ − 693
// we have been given. User wants a change of username. Now, make
+ − 694
// sure it doesn't already exist.
+ − 695
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $details [ 'username' ]);
+ − 696
$result = $db -> query ( $query );
+ − 697
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 698
+ − 699
if ( $result -> numRows () > 0 ) {
+ − 700
error ( ERR_USER_EXIST );
+ − 701
return false ;
+ − 702
}
+ − 703
}
+ − 704
+ − 705
// So, user doesn't want to change username or, if he wants, there is not
+ − 706
// another user that goes by the wanted username. So, go ahead!
+ − 707
+ − 708
$query = "UPDATE users SET
+ − 709
username = " . $db -> quote ( $details [ 'username' ]) . ",
+ − 710
fullname = " . $db -> quote ( $details [ 'fullname' ]) . ",
+ − 711
email = " . $db -> quote ( $details [ 'email' ]) . ",
+ − 712
perm_templ = " . $db -> quote ( $details [ 'templ_id' ]) . ",
+ − 713
description = " . $db -> quote ( $details [ 'descr' ]) . ",
+ − 714
active = " . $db -> quote ( $active ) ;
+ − 715
+ − 716
// TODO Check if function works if password is set too.
+ − 717
if ( $details [ 'password' ] != "" ) {
+ − 718
$query .= ", password = '" . md5 ( $db -> quote ( $details [ 'password' ])) . "' " ;
+ − 719
}
+ − 720
+ − 721
$query .= " WHERE id = " . $db -> quote ( $details [ 'uid' ]) ;
+ − 722
+ − 723
$result = $db -> query ( $query );
+ − 724
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 725
+ − 726
} else {
+ − 727
error ( ERR_PERM_EDIT_USER );
+ − 728
return false ;
+ − 729
}
+ − 730
return true ;
+ − 731
}
+ − 732
+ − 733
// Add a new user
+ − 734
+ − 735
function add_new_user ( $details ) {
+ − 736
global $db ;
+ − 737
+ − 738
if ( ! verify_permission ( user_add_new )) {
+ − 739
error ( ERR_PERM_ADD_USER );
+ − 740
+ − 741
} elseif ( user_exists ( $details [ 'username' ])) {
+ − 742
error ( ERR_USER_EXISTS );
+ − 743
+ − 744
} elseif ( ! is_valid_email ( $details [ 'email' ])) {
+ − 745
error ( ERR_INV_EMAIL );
+ − 746
+ − 747
} elseif ( $details [ 'active' ] == 1 ) {
+ − 748
$active = 1 ;
+ − 749
} else {
+ − 750
$active = 0 ;
+ − 751
}
+ − 752
109
+ − 753
$query = "INSERT INTO users (username, password, fullname, email, description, perm_templ, active) VALUES ("
82
+ − 754
. $db -> quote ( $details [ 'username' ]) . ", "
+ − 755
. $db -> quote ( md5 ( $details [ 'password' ])) . ", "
+ − 756
. $db -> quote ( $details [ 'fullname' ]) . ", "
+ − 757
. $db -> quote ( $details [ 'email' ]) . ", "
+ − 758
. $db -> quote ( $details [ 'descr' ]) . ", "
+ − 759
. $db -> quote ( $details [ 'perm_templ' ]) . ", "
+ − 760
. $db -> quote ( $active )
+ − 761
. ")" ;
+ − 762
+ − 763
$result = $db -> query ( $query );
+ − 764
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 765
+ − 766
return true ;
+ − 767
}
+ − 768
+ − 769
+ − 770
1
+ − 771
?>