71
+ − 1
<?php
1
+ − 2
119
+ − 3
/* Poweradmin, a friendly web-based admin tool for PowerDNS.
47
+ − 4
* See <https://rejo.zenger.nl/poweradmin> for more details.
+ − 5
*
+ − 6
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl>
+ − 7
*
+ − 8
* This program is free software: you can redistribute it and/or modify
+ − 9
* it under the terms of the GNU General Public License as published by
+ − 10
* the Free Software Foundation, either version 3 of the License, or
+ − 11
* (at your option) any later version.
+ − 12
*
+ − 13
* This program is distributed in the hope that it will be useful,
+ − 14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
+ − 15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ − 16
* GNU General Public License for more details.
+ − 17
*
+ − 18
* You should have received a copy of the GNU General Public License
+ − 19
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ − 20
*/
1
+ − 21
58
+ − 22
require_once ( "inc/toolkit.inc.php" );
1
+ − 23
82
+ − 24
+ − 25
/*
+ − 26
* Function to see if user has right to do something. It will check if
+ − 27
* user has "ueberuser" bit set. If it isn't, it will check if the user has
+ − 28
* the specific permission. It returns "false" if the user doesn't have the
+ − 29
* right, and "true" if the user has.
+ − 30
*/
+ − 31
+ − 32
function verify_permission ( $permission ) {
+ − 33
+ − 34
global $db ;
+ − 35
+ − 36
if (( ! isset ( $_SESSION [ 'userid' ])) || ( ! is_object ( $db ))) {
+ − 37
return 0 ;
+ − 38
}
+ − 39
+ − 40
// Set current user ID.
+ − 41
$userid = $_SESSION [ 'userid' ];
+ − 42
192
+ − 43
$query = 'SELECT id FROM perm_items WHERE name=' . $db -> quote ( 'user_is_ueberuser' , 'text' );
113
+ − 44
$ueberUserId = $db -> queryOne ( $query );
+ − 45
82
+ − 46
// Find the template ID that this user has been assigned.
+ − 47
$query = "SELECT perm_templ
+ − 48
FROM users
192
+ − 49
WHERE id = " . $db -> quote ( $userid , 'integer' ) ;
82
+ − 50
$templ_id = $db -> queryOne ( $query );
+ − 51
+ − 52
// Does this user have ueberuser rights?
+ − 53
$query = "SELECT id
+ − 54
FROM perm_templ_items
192
+ − 55
WHERE templ_id = " . $db -> quote ( $templ_id , 'integer' ) . "
113
+ − 56
AND perm_id = " . $ueberUserId ;
190
+ − 57
$response = $db -> query ( $query );
+ − 58
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 59
if ( $response -> numRows () > 0 ) {
82
+ − 60
return 1 ;
+ − 61
}
+ − 62
+ − 63
// Find the permission ID for the requested permission.
+ − 64
$query = "SELECT id
+ − 65
FROM perm_items
192
+ − 66
WHERE name = " . $db -> quote ( $permission , 'text' ) ;
82
+ − 67
$perm_id = $db -> queryOne ( $query );
+ − 68
+ − 69
// Check if the permission ID is assigned to the template ID.
+ − 70
$query = "SELECT id
+ − 71
FROM perm_templ_items
192
+ − 72
WHERE templ_id = " . $db -> quote ( $templ_id , 'integer' ) . "
+ − 73
AND perm_id = " . $db -> quote ( $perm_id , 'integer' ) ;
190
+ − 74
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 75
$response = $db -> query ( $query );
+ − 76
if ( $response -> numRows () > 0 ) {
82
+ − 77
return 1 ;
+ − 78
} else {
+ − 79
return 0 ;
+ − 80
}
+ − 81
}
+ − 82
+ − 83
function list_permission_templates () {
+ − 84
global $db ;
+ − 85
$query = "SELECT * FROM perm_templ" ;
184
+ − 86
$response = $db -> query ( $query );
82
+ − 87
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 88
+ − 89
$template_list = array ();
184
+ − 90
while ( $template = $response -> fetchRow ()) {
82
+ − 91
$tempate_list [] = array (
+ − 92
"id" => $template [ 'id' ],
+ − 93
"name" => $template [ 'name' ],
+ − 94
"descr" => $template [ 'descr' ]
+ − 95
);
+ − 96
}
+ − 97
return $tempate_list ;
+ − 98
}
+ − 99
1
+ − 100
/*
+ − 101
* Retrieve all users.
+ − 102
* Its to show_users therefore the odd name. Has to be changed.
+ − 103
* return values: an array with all users in it.
+ − 104
*/
+ − 105
function show_users ( $id = '' , $rowstart = 0 , $rowamount = 9999999 )
+ − 106
{
+ − 107
global $db ;
65
+ − 108
$add = '' ;
190
+ − 109
if ( is_numeric ( $id )) {
1
+ − 110
//When a user id is given, it is excluded from the userlist returned.
192
+ − 111
$add = " WHERE users.id!=" . $db -> quote ( $id , 'integer' );
1
+ − 112
}
+ − 113
+ − 114
// Make a huge query.
190
+ − 115
$query = "SELECT users.id AS id,
1
+ − 116
users.username AS username,
+ − 117
users.fullname AS fullname,
+ − 118
users.email AS email,
+ − 119
users.description AS description,
+ − 120
users.active AS active,
82
+ − 121
users.perm_templ AS perm_templ,
1
+ − 122
count(zones.owner) AS aantal FROM users
+ − 123
LEFT JOIN zones ON users.id=zones.owner $add
+ − 124
GROUP BY
+ − 125
users.id,
+ − 126
users.username,
+ − 127
users.fullname,
+ − 128
users.email,
+ − 129
users.description,
82
+ − 130
users.perm_templ,
1
+ − 131
users.active
+ − 132
ORDER BY
65
+ − 133
users.fullname" ;
1
+ − 134
+ − 135
// Execute the huge query.
74
+ − 136
$db -> setLimit ( $rowamount , $rowstart );
190
+ − 137
$response = $db -> query ( $query );
+ − 138
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 139
$ret = array ();
+ − 140
$retcount = 0 ;
190
+ − 141
while ( $r = $response -> fetchRow ()) {
1
+ − 142
$ret [] = array (
+ − 143
"id" => $r [ "id" ],
+ − 144
"username" => $r [ "username" ],
+ − 145
"fullname" => $r [ "fullname" ],
+ − 146
"email" => $r [ "email" ],
+ − 147
"description" => $r [ "description" ],
+ − 148
"active" => $r [ "active" ],
+ − 149
"numdomains" => $r [ "aantal" ]
+ − 150
);
+ − 151
}
+ − 152
return $ret ;
+ − 153
}
+ − 154
+ − 155
+ − 156
/*
+ − 157
* Check if the given $userid is connected to a valid user.
+ − 158
* return values: true if user exists, false if users doesnt exist.
+ − 159
*/
+ − 160
function is_valid_user ( $id )
+ − 161
{
+ − 162
global $db ;
190
+ − 163
if ( is_numeric ( $id )) {
192
+ − 164
$response = $db -> query ( "SELECT id FROM users WHERE id=" . $db -> quote ( $id , 'integer' ));
190
+ − 165
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 166
if ( $response -> numRows () == 1 ) {
1
+ − 167
return true ;
190
+ − 168
} else {
1
+ − 169
return false ;
+ − 170
}
+ − 171
}
+ − 172
}
+ − 173
+ − 174
+ − 175
/*
+ − 176
* Checks if a given username exists in the database.
+ − 177
* return values: true if exists, false if not.
+ − 178
*/
+ − 179
function user_exists ( $user )
+ − 180
{
+ − 181
global $db ;
192
+ − 182
$response = $db -> query ( "SELECT id FROM users WHERE username=" . $db -> quote ( $user , 'text' ));
190
+ − 183
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 184
if ( $response -> numRows () == 0 ) {
1
+ − 185
return false ;
190
+ − 186
} elseif ( $response -> numRows () == 1 ) {
1
+ − 187
return true ;
190
+ − 188
} else {
4
+ − 189
error ( ERR_UNKNOWN );
1
+ − 190
}
+ − 191
}
+ − 192
+ − 193
+ − 194
+ − 195
/*
+ − 196
* Delete a user from the system
+ − 197
* return values: true if user doesnt exist.
+ − 198
*/
82
+ − 199
function delete_user ( $uid , $zones )
1
+ − 200
{
+ − 201
global $db ;
+ − 202
126
+ − 203
if (( $uid != $_SESSION [ 'userid' ] && ! verify_permission ( 'user_edit_others' )) || ( $uid == $_SESSION [ 'userid' ] && ! verify_permission ( 'user_edit_own' ))) {
82
+ − 204
error ( ERR_PERM_DEL_USER );
+ − 205
return false ;
+ − 206
} else {
1
+ − 207
82
+ − 208
if ( is_array ( $zones )) {
+ − 209
foreach ( $zones as $zone ) {
+ − 210
if ( $zone [ 'target' ] == "delete" ) {
+ − 211
delete_domain ( $zone [ 'zid' ]);
+ − 212
} elseif ( $zone [ 'target' ] == "new_owner" ) {
+ − 213
add_owner_to_zone ( $zone [ 'zid' ], $zone [ 'newowner' ]);
+ − 214
}
+ − 215
}
+ − 216
}
+ − 217
192
+ − 218
$query = "DELETE FROM zones WHERE owner = " . $db -> quote ( $uid , 'integer' ) ;
190
+ − 219
$response = $db -> query ( $query );
82
+ − 220
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 221
192
+ − 222
$query = "DELETE FROM users WHERE id = " . $db -> quote ( $uid , 'integer' ) ;
190
+ − 223
$response = $db -> query ( $query );
82
+ − 224
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 225
}
82
+ − 226
return true ;
1
+ − 227
}
+ − 228
89
+ − 229
function delete_perm_templ ( $ptid ) {
+ − 230
+ − 231
global $db ;
126
+ − 232
if ( ! ( verify_permission ( 'user_edit_templ_perm' ))) {
89
+ − 233
error ( ERR_PERM_DEL_PERM_TEMPL );
+ − 234
} else {
+ − 235
$query = "SELECT id FROM users WHERE perm_templ = " . $ptid ;
190
+ − 236
$response = $db -> query ( $query );
+ − 237
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
89
+ − 238
190
+ − 239
if ( $response -> numRows () > 0 ) {
89
+ − 240
error ( ERR_PERM_TEMPL_ASSIGNED );
+ − 241
return false ;
+ − 242
} else {
+ − 243
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $ptid ;
190
+ − 244
$response = $db -> query ( $query );
+ − 245
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
89
+ − 246
+ − 247
$query = "DELETE FROM perm_templ WHERE id = " . $ptid ;
190
+ − 248
$response = $db -> query ( $query );
+ − 249
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
89
+ − 250
+ − 251
return true ;
+ − 252
}
+ − 253
}
+ − 254
}
1
+ − 255
+ − 256
/*
+ − 257
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :)
+ − 258
* return values: true if succesful
+ − 259
*/
82
+ − 260
function edit_user ( $id , $user , $fullname , $email , $perm_templ , $description , $active , $password )
1
+ − 261
{
+ − 262
global $db ;
82
+ − 263
126
+ − 264
verify_permission ( 'user_edit_own' ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 265
verify_permission ( 'user_edit_others' ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
82
+ − 266
+ − 267
if (( $id == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) || ( $id != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 268
+ − 269
if ( ! is_valid_email ( $email )) {
+ − 270
error ( ERR_INV_EMAIL );
+ − 271
return false ;
+ − 272
}
1
+ − 273
82
+ − 274
if ( $active != 1 ) {
+ − 275
$active = 0 ;
+ − 276
}
+ − 277
+ − 278
// Before updating the database we need to check whether the user wants to
+ − 279
// change the username. If the user wants to change the username, we need
+ − 280
// to make sure it doesn't already exists.
+ − 281
//
+ − 282
// First find the current username of the user ID we want to change. If the
+ − 283
// current username is not the same as the username that was given by the
+ − 284
// user, the username should apparantly changed. If so, check if the "new"
+ − 285
// username already exists.
1
+ − 286
192
+ − 287
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $id , 'integer' );
184
+ − 288
$response = $db -> query ( $query );
82
+ − 289
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 290
82
+ − 291
$usercheck = array ();
184
+ − 292
$usercheck = $response -> fetchRow ();
1
+ − 293
82
+ − 294
if ( $usercheck [ 'username' ] != $user ) {
+ − 295
+ − 296
// Username of user ID in the database is different from the name
+ − 297
// we have been given. User wants a change of username. Now, make
+ − 298
// sure it doesn't already exist.
+ − 299
192
+ − 300
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $user , 'integer' );
190
+ − 301
$response = $db -> query ( $query );
82
+ − 302
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 303
190
+ − 304
if ( $response -> numRows () > 0 ) {
82
+ − 305
error ( ERR_USER_EXIST );
+ − 306
return false ;
+ − 307
}
+ − 308
}
1
+ − 309
82
+ − 310
// So, user doesn't want to change username or, if he wants, there is not
+ − 311
// another user that goes by the wanted username. So, go ahead!
1
+ − 312
82
+ − 313
$query = "UPDATE users SET
192
+ − 314
username = " . $db -> quote ( $user , 'text' ) . ",
+ − 315
fullname = " . $db -> quote ( $fullname , 'text' ) . ",
195
+ − 316
email = " . $db -> quote ( $email , 'text' ) . "," ;
+ − 317
if ( verify_permission ( 'user_edit_templ_perm' )) {
+ − 318
$query .= "perm_templ = " . $db -> quote ( $perm_templ , 'integer' ) . "," ;
+ − 319
}
+ − 320
$query .= "description = " . $db -> quote ( $description , 'text' ) . ",
192
+ − 321
active = " . $db -> quote ( $active , 'integer' ) ;
1
+ − 322
82
+ − 323
if ( $password != "" ) {
192
+ − 324
$query .= ", password = " . $db -> quote ( md5 ( $password ), 'text' ) ;
82
+ − 325
}
+ − 326
192
+ − 327
$query .= " WHERE id = " . $db -> quote ( $id , 'integer' ) ;
82
+ − 328
184
+ − 329
$response = $db -> query ( $query );
82
+ − 330
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 331
+ − 332
} else {
+ − 333
error ( ERR_PERM_EDIT_USER );
+ − 334
return false ;
1
+ − 335
}
82
+ − 336
return true ;
1
+ − 337
}
+ − 338
+ − 339
/*
+ − 340
* Change the pass of the user.
+ − 341
* The user is automatically logged out after the pass change.
+ − 342
* return values: none.
+ − 343
*/
82
+ − 344
function change_user_pass ( $details ) {
1
+ − 345
global $db ;
82
+ − 346
+ − 347
if ( $details [ 'newpass' ] != $details [ 'newpass2' ]) {
1
+ − 348
error ( ERR_USER_MATCH_NEW_PASS );
82
+ − 349
return false ;
1
+ − 350
}
+ − 351
192
+ − 352
$query = "SELECT id, password FROM users WHERE username = " . $db -> quote ( $_SESSION [ "userlogin" ], 'text' );
190
+ − 353
$response = $db -> query ( $query );
82
+ − 354
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 355
190
+ − 356
$rinfo = $response -> fetchRow ();
1
+ − 357
82
+ − 358
if ( md5 ( $details [ 'currentpass' ]) == $rinfo [ 'password' ]) {
192
+ − 359
$query = "UPDATE users SET password = " . $db -> quote ( md5 ( $details [ 'newpass' ]), 'text' ) . " WHERE id = " . $db -> quote ( $rinfo [ 'id' ], 'integer' ) ;
190
+ − 360
$response = $db -> query ( $query );
82
+ − 361
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 362
82
+ − 363
logout ( _ ( 'Password has been changed, please login.' ));
+ − 364
} else {
1
+ − 365
error ( ERR_USER_WRONG_CURRENT_PASS );
82
+ − 366
return false ;
1
+ − 367
}
+ − 368
}
+ − 369
+ − 370
+ − 371
/*
+ − 372
* Get a fullname when you have a userid.
+ − 373
* return values: gives the fullname from a userid.
+ − 374
*/
82
+ − 375
function get_fullname_from_userid ( $id ) {
1
+ − 376
global $db ;
82
+ − 377
if ( is_numeric ( $id )) {
192
+ − 378
$response = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id , 'integer' ));
190
+ − 379
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 380
$r = $response -> fetchRow ();
1
+ − 381
return $r [ "fullname" ];
82
+ − 382
} else {
1
+ − 383
error ( ERR_INV_ARG );
82
+ − 384
return false ;
1
+ − 385
}
+ − 386
}
+ − 387
+ − 388
+ − 389
/*
+ − 390
* Get a fullname when you have a userid.
+ − 391
* return values: gives the fullname from a userid.
+ − 392
*/
+ − 393
function get_owner_from_id ( $id )
+ − 394
{
+ − 395
global $db ;
+ − 396
if ( is_numeric ( $id ))
+ − 397
{
192
+ − 398
$response = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id , 'integer' ));
190
+ − 399
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 400
if ( $response -> numRows () == 1 )
1
+ − 401
{
190
+ − 402
$r = $response -> fetchRow ();
1
+ − 403
return $r [ "fullname" ];
+ − 404
}
+ − 405
else
+ − 406
{
+ − 407
error ( ERR_USER_NOT_EXIST );
+ − 408
}
+ − 409
}
+ − 410
error ( ERR_INV_ARG );
+ − 411
}
26
+ − 412
+ − 413
/**
+ − 414
* get_owners_from_domainid
+ − 415
*
+ − 416
* @todo also fetch the subowners
+ − 417
* @param $id integer the id of the domain
+ − 418
* @return String the list of owners for this domain
+ − 419
*/
82
+ − 420
function get_fullnames_owners_from_domainid ( $id ) {
190
+ − 421
+ − 422
global $db ;
+ − 423
if ( is_numeric ( $id )) {
192
+ − 424
$response = $db -> query ( "SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=" . $db -> quote ( $id , 'integer' ) . " AND zones.owner=users.id ORDER by fullname" );
190
+ − 425
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 426
if ( $response -> numRows () == 0 ) {
+ − 427
return "" ;
+ − 428
} else {
+ − 429
$names = array ();
+ − 430
while ( $r = $response -> fetchRow ()) {
+ − 431
$names [] = $r [ 'fullname' ];
+ − 432
}
+ − 433
return implode ( ', ' , $names );
+ − 434
}
+ − 435
}
+ − 436
error ( ERR_INV_ARG );
26
+ − 437
}
+ − 438
82
+ − 439
+ − 440
+ − 441
function verify_user_is_owner_zoneid ( $zoneid ) {
+ − 442
global $db ;
+ − 443
+ − 444
$userid = $_SESSION [ "userid" ];
+ − 445
+ − 446
if ( is_numeric ( $zoneid )) {
190
+ − 447
$response = $db -> query ( "SELECT zones.id
82
+ − 448
FROM zones
192
+ − 449
WHERE zones.owner = " . $db -> quote ( $userid , 'integer' ) . "
+ − 450
AND zones.domain_id = " . $db -> quote ( $zoneid , 'integer' )) ;
190
+ − 451
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 452
if ( $response -> numRows () == 0 ) {
82
+ − 453
return "0" ;
+ − 454
} else {
+ − 455
return "1" ;
+ − 456
}
+ − 457
}
+ − 458
error ( ERR_INV_ARG );
+ − 459
}
+ − 460
+ − 461
+ − 462
function get_user_detail_list ( $specific ) {
+ − 463
+ − 464
global $db ;
+ − 465
$userid = $_SESSION [ 'userid' ];
+ − 466
+ − 467
+ − 468
if ( v_num ( $specific )) {
192
+ − 469
$sql_add = "AND users.id = " . $db -> quote ( $specific , 'integer' ) ;
82
+ − 470
} else {
126
+ − 471
if ( verify_permission ( 'user_view_others' )) {
82
+ − 472
$sql_add = "" ;
+ − 473
} else {
192
+ − 474
$sql_add = "AND users.id = " . $db -> quote ( $userid , 'integer' ) ;
82
+ − 475
}
+ − 476
}
+ − 477
+ − 478
$query = "SELECT users.id AS uid,
+ − 479
username,
+ − 480
fullname,
+ − 481
email,
+ − 482
description AS descr,
+ − 483
active,
+ − 484
perm_templ.id AS tpl_id,
+ − 485
perm_templ.name AS tpl_name,
+ − 486
perm_templ.descr AS tpl_descr
+ − 487
FROM users, perm_templ
+ − 488
WHERE users.perm_templ = perm_templ.id "
+ − 489
. $sql_add . "
+ − 490
ORDER BY username" ;
+ − 491
184
+ − 492
$response = $db -> query ( $query );
82
+ − 493
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 494
184
+ − 495
while ( $user = $response -> fetchRow ()) {
82
+ − 496
$userlist [] = array (
+ − 497
"uid" => $user [ 'uid' ],
+ − 498
"username" => $user [ 'username' ],
+ − 499
"fullname" => $user [ 'fullname' ],
+ − 500
"email" => $user [ 'email' ],
+ − 501
"descr" => $user [ 'descr' ],
+ − 502
"active" => $user [ 'active' ],
+ − 503
"tpl_id" => $user [ 'tpl_id' ],
+ − 504
"tpl_name" => $user [ 'tpl_name' ],
+ − 505
"tpl_descr" => $user [ 'tpl_descr' ]
+ − 506
);
+ − 507
}
+ − 508
return $userlist ;
+ − 509
}
+ − 510
+ − 511
+ − 512
// Get a list of permissions that are available. If first argument is "0", it
+ − 513
// should return all available permissions. If the first argument is > "0", it
+ − 514
// should return the permissions assigned to that particular template only. If
+ − 515
// second argument is true, only the permission names are returned.
+ − 516
+ − 517
function get_permissions_by_template_id ( $templ_id = 0 , $return_name_only = false ) {
+ − 518
global $db ;
+ − 519
+ − 520
if ( $templ_id > 0 ) {
+ − 521
$limit = ", perm_templ_items
192
+ − 522
WHERE perm_templ_items.templ_id = " . $db -> quote ( $templ_id , 'integer' ) . "
82
+ − 523
AND perm_templ_items.perm_id = perm_items.id" ;
+ − 524
}
+ − 525
+ − 526
$query = "SELECT perm_items.id AS id,
+ − 527
perm_items.name AS name,
+ − 528
perm_items.descr AS descr
+ − 529
FROM perm_items"
+ − 530
. $limit . "
+ − 531
ORDER BY descr" ;
184
+ − 532
$response = $db -> query ( $query );
82
+ − 533
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 534
+ − 535
$permission_list = array ();
184
+ − 536
while ( $permission = $response -> fetchRow ()) {
82
+ − 537
if ( $return_name_only == false ) {
+ − 538
$permission_list [] = array (
+ − 539
"id" => $permission [ 'id' ],
+ − 540
"name" => $permission [ 'name' ],
+ − 541
"descr" => $permission [ 'descr' ]
+ − 542
);
+ − 543
} else {
+ − 544
$permission_list [] = $permission [ 'name' ];
+ − 545
}
+ − 546
}
+ − 547
return $permission_list ;
+ − 548
}
+ − 549
+ − 550
+ − 551
// Get name and description of template based on template ID.
+ − 552
+ − 553
function get_permission_template_details ( $templ_id ) {
+ − 554
global $db ;
+ − 555
+ − 556
$query = "SELECT *
+ − 557
FROM perm_templ
192
+ − 558
WHERE perm_templ.id = " . $db -> quote ( $templ_id , 'integer' );
82
+ − 559
190
+ − 560
$response = $db -> query ( $query );
82
+ − 561
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 562
190
+ − 563
$details = $response -> fetchRow ();
89
+ − 564
return $details ;
82
+ − 565
}
+ − 566
+ − 567
+ − 568
// Get a list of all available permission templates.
+ − 569
+ − 570
function get_list_permission_templates () {
+ − 571
global $db ;
+ − 572
+ − 573
$query = "SELECT * FROM perm_templ" ;
190
+ − 574
$response = $db -> query ( $query );
82
+ − 575
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 576
+ − 577
$perm_templ_list = array ();
190
+ − 578
while ( $perm_templ = $response -> fetchRow ()) {
82
+ − 579
$perm_templ_list [] = array (
+ − 580
"id" => $perm_templ [ 'id' ],
+ − 581
"name" => $perm_templ [ 'name' ],
+ − 582
"descr" => $perm_templ [ 'descr' ]
+ − 583
);
+ − 584
}
+ − 585
return $perm_templ_list ;
+ − 586
}
+ − 587
+ − 588
85
+ − 589
// Add a permission template.
+ − 590
+ − 591
function add_perm_templ ( $details ) {
+ − 592
global $db ;
+ − 593
+ − 594
// Fix permission template name and description first.
+ − 595
109
+ − 596
$query = "INSERT INTO perm_templ (name, descr)
+ − 597
VALUES ("
192
+ − 598
. $db -> quote ( $details [ 'templ_name' ], 'text' ) . ", "
+ − 599
. $db -> quote ( $details [ 'templ_descr' ], 'text' ) . ")" ;
85
+ − 600
190
+ − 601
$response = $db -> query ( $query );
85
+ − 602
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 603
+ − 604
$perm_templ_id = $db -> lastInsertId ( 'perm_templ' , 'id' );
+ − 605
+ − 606
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
192
+ − 607
$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db -> quote ( $perm_templ_id , 'integer' ) . "," . $db -> quote ( $perm_id , 'integer' ) . ")" ;
190
+ − 608
$response = $db -> query ( $query );
+ − 609
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
85
+ − 610
}
+ − 611
+ − 612
return true ;
+ − 613
}
+ − 614
82
+ − 615
// Update all details of a permission template.
+ − 616
+ − 617
function update_perm_templ_details ( $details ) {
+ − 618
global $db ;
+ − 619
+ − 620
// Fix permission template name and description first.
+ − 621
+ − 622
$query = "UPDATE perm_templ
192
+ − 623
SET name = " . $db -> quote ( $details [ 'templ_name' ], 'text' ) . ",
+ − 624
descr = " . $db -> quote ( $details [ 'templ_descr' ], 'text' ) . "
+ − 625
WHERE id = " . $db -> quote ( $details [ 'templ_id' ], 'integer' ) ;
190
+ − 626
$response = $db -> query ( $query );
82
+ − 627
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 628
+ − 629
// Now, update list of permissions assigned to this template. We could do
+ − 630
// this The Correct Way [tm] by comparing the list of permissions that are
+ − 631
// currently assigned with a list of permissions that should be assigned and
+ − 632
// apply the difference between these two lists to the database. That sounds
190
+ − 633
// like too much work. Just delete all the permissions currently assigned to
82
+ − 634
// the template, than assign all the permessions the template should have.
+ − 635
+ − 636
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details [ 'templ_id' ] ;
190
+ − 637
$response = $db -> query ( $query );
+ − 638
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
82
+ − 639
+ − 640
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
192
+ − 641
$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db -> quote ( $details [ 'templ_id' ], 'integer' ) . "," . $db -> quote ( $perm_id , 'integer' ) . ")" ;
190
+ − 642
$response = $db -> query ( $query );
+ − 643
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
82
+ − 644
}
+ − 645
+ − 646
return true ;
+ − 647
}
+ − 648
+ − 649
function update_user_details ( $details ) {
+ − 650
+ − 651
global $db ;
+ − 652
126
+ − 653
verify_permission ( 'user_edit_own' ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 654
verify_permission ( 'user_edit_others' ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
184
+ − 655
verify_permission ( 'templ_perm_edit' ) ? $perm_templ_perm_edit = "1" : $perm_templ_perm_edit = "0" ;
82
+ − 656
+ − 657
if (( $details [ 'uid' ] == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) ||
+ − 658
( $details [ 'uid' ] != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 659
+ − 660
if ( ! is_valid_email ( $details [ 'email' ])) {
+ − 661
error ( ERR_INV_EMAIL );
+ − 662
return false ;
+ − 663
}
+ − 664
+ − 665
if ( ! isset ( $details [ 'active' ]) || $details [ 'active' ] != "on" ) {
+ − 666
$active = 0 ;
+ − 667
} else {
+ − 668
$active = 1 ;
+ − 669
}
+ − 670
+ − 671
// Before updating the database we need to check whether the user wants to
+ − 672
// change the username. If the user wants to change the username, we need
+ − 673
// to make sure it doesn't already exists.
+ − 674
//
+ − 675
// First find the current username of the user ID we want to change. If the
+ − 676
// current username is not the same as the username that was given by the
+ − 677
// user, the username should apparantly changed. If so, check if the "new"
+ − 678
// username already exists.
192
+ − 679
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $details [ 'uid' ], 'integer' );
190
+ − 680
$response = $db -> query ( $query );
82
+ − 681
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 682
+ − 683
$usercheck = array ();
190
+ − 684
$usercheck = $response -> fetchRow ();
82
+ − 685
+ − 686
if ( $usercheck [ 'username' ] != $details [ 'username' ]) {
+ − 687
// Username of user ID in the database is different from the name
+ − 688
// we have been given. User wants a change of username. Now, make
+ − 689
// sure it doesn't already exist.
192
+ − 690
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $details [ 'username' ], 'text' );
190
+ − 691
$response = $db -> query ( $query );
82
+ − 692
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 693
190
+ − 694
if ( $response -> numRows () > 0 ) {
82
+ − 695
error ( ERR_USER_EXIST );
+ − 696
return false ;
+ − 697
}
+ − 698
}
+ − 699
+ − 700
// So, user doesn't want to change username or, if he wants, there is not
+ − 701
// another user that goes by the wanted username. So, go ahead!
+ − 702
+ − 703
$query = "UPDATE users SET
192
+ − 704
username = " . $db -> quote ( $details [ 'username' ], 'text' ) . ",
+ − 705
fullname = " . $db -> quote ( $details [ 'fullname' ], 'text' ) . ",
+ − 706
email = " . $db -> quote ( $details [ 'email' ], 'text' ) . ",
+ − 707
description = " . $db -> quote ( $details [ 'descr' ], 'text' ) . ",
+ − 708
active = " . $db -> quote ( $active , 'integer' ) ;
82
+ − 709
183
+ − 710
// If the user is alllowed to change the permission template, set it.
+ − 711
if ( $perm_templ_perm_edit == "1" ) {
192
+ − 712
$query .= ", perm_templ = " . $db -> quote ( $details [ 'templ_id' ], 'integer' ) ;
183
+ − 713
+ − 714
}
+ − 715
184
+ − 716
if ( isset ( $details [ 'password' ]) && $details [ 'password' ] != "" ) {
192
+ − 717
$query .= ", password = " . $db -> quote ( md5 ( $details [ 'password' ]), 'text' );
82
+ − 718
}
+ − 719
192
+ − 720
$query .= " WHERE id = " . $db -> quote ( $details [ 'uid' ], 'integer' ) ;
82
+ − 721
190
+ − 722
$response = $db -> query ( $query );
82
+ − 723
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 724
+ − 725
} else {
+ − 726
error ( ERR_PERM_EDIT_USER );
+ − 727
return false ;
+ − 728
}
+ − 729
return true ;
+ − 730
}
+ − 731
+ − 732
// Add a new user
+ − 733
+ − 734
function add_new_user ( $details ) {
+ − 735
global $db ;
+ − 736
126
+ − 737
if ( ! verify_permission ( 'user_add_new' )) {
82
+ − 738
error ( ERR_PERM_ADD_USER );
195
+ − 739
return false ;
82
+ − 740
} elseif ( user_exists ( $details [ 'username' ])) {
+ − 741
error ( ERR_USER_EXISTS );
195
+ − 742
return false ;
82
+ − 743
} elseif ( ! is_valid_email ( $details [ 'email' ])) {
+ − 744
error ( ERR_INV_EMAIL );
195
+ − 745
return false ;
82
+ − 746
} elseif ( $details [ 'active' ] == 1 ) {
+ − 747
$active = 1 ;
+ − 748
} else {
+ − 749
$active = 0 ;
+ − 750
}
+ − 751
195
+ − 752
$query = "INSERT INTO users (username, password, fullname, email, description," ;
+ − 753
if ( verify_permission ( 'user_edit_templ_perm' )) {
+ − 754
$query .= ' perm_templ,' ;
+ − 755
}
+ − 756
$query .= " active) VALUES ("
192
+ − 757
. $db -> quote ( $details [ 'username' ], 'text' ) . ", "
+ − 758
. $db -> quote ( md5 ( $details [ 'password' ]), 'text' ) . ", "
+ − 759
. $db -> quote ( $details [ 'fullname' ], 'text' ) . ", "
+ − 760
. $db -> quote ( $details [ 'email' ], 'text' ) . ", "
195
+ − 761
. $db -> quote ( $details [ 'descr' ], 'text' ) . ", " ;
+ − 762
if ( verify_permission ( 'user_edit_templ_perm' )) {
+ − 763
$query .= $db -> quote ( $details [ 'perm_templ' ], 'integer' ) . ", " ;
+ − 764
}
+ − 765
$query .= $db -> quote ( $active , 'integer' )
82
+ − 766
. ")" ;
190
+ − 767
$response = $db -> query ( $query );
82
+ − 768
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 769
+ − 770
return true ;
+ − 771
}
+ − 772
+ − 773
+ − 774
1
+ − 775
?>