71
+ − 1
<?php
1
+ − 2
119
+ − 3
/* Poweradmin, a friendly web-based admin tool for PowerDNS.
47
+ − 4
* See <https://rejo.zenger.nl/poweradmin> for more details.
+ − 5
*
+ − 6
* Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl>
+ − 7
*
+ − 8
* This program is free software: you can redistribute it and/or modify
+ − 9
* it under the terms of the GNU General Public License as published by
+ − 10
* the Free Software Foundation, either version 3 of the License, or
+ − 11
* (at your option) any later version.
+ − 12
*
+ − 13
* This program is distributed in the hope that it will be useful,
+ − 14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
+ − 15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ − 16
* GNU General Public License for more details.
+ − 17
*
+ − 18
* You should have received a copy of the GNU General Public License
+ − 19
* along with this program. If not, see <http://www.gnu.org/licenses/>.
+ − 20
*/
1
+ − 21
58
+ − 22
require_once ( "inc/toolkit.inc.php" );
1
+ − 23
82
+ − 24
+ − 25
/*
+ − 26
* Function to see if user has right to do something. It will check if
+ − 27
* user has "ueberuser" bit set. If it isn't, it will check if the user has
+ − 28
* the specific permission. It returns "false" if the user doesn't have the
+ − 29
* right, and "true" if the user has.
+ − 30
*/
+ − 31
+ − 32
function verify_permission ( $permission ) {
+ − 33
+ − 34
global $db ;
+ − 35
+ − 36
if (( ! isset ( $_SESSION [ 'userid' ])) || ( ! is_object ( $db ))) {
+ − 37
return 0 ;
+ − 38
}
+ − 39
+ − 40
// Set current user ID.
+ − 41
$userid = $_SESSION [ 'userid' ];
+ − 42
192
+ − 43
$query = 'SELECT id FROM perm_items WHERE name=' . $db -> quote ( 'user_is_ueberuser' , 'text' );
113
+ − 44
$ueberUserId = $db -> queryOne ( $query );
+ − 45
82
+ − 46
// Find the template ID that this user has been assigned.
+ − 47
$query = "SELECT perm_templ
+ − 48
FROM users
192
+ − 49
WHERE id = " . $db -> quote ( $userid , 'integer' ) ;
82
+ − 50
$templ_id = $db -> queryOne ( $query );
+ − 51
+ − 52
// Does this user have ueberuser rights?
+ − 53
$query = "SELECT id
+ − 54
FROM perm_templ_items
192
+ − 55
WHERE templ_id = " . $db -> quote ( $templ_id , 'integer' ) . "
113
+ − 56
AND perm_id = " . $ueberUserId ;
190
+ − 57
$response = $db -> query ( $query );
+ − 58
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 59
if ( $response -> numRows () > 0 ) {
82
+ − 60
return 1 ;
+ − 61
}
+ − 62
+ − 63
// Find the permission ID for the requested permission.
+ − 64
$query = "SELECT id
+ − 65
FROM perm_items
192
+ − 66
WHERE name = " . $db -> quote ( $permission , 'text' ) ;
82
+ − 67
$perm_id = $db -> queryOne ( $query );
+ − 68
+ − 69
// Check if the permission ID is assigned to the template ID.
+ − 70
$query = "SELECT id
+ − 71
FROM perm_templ_items
192
+ − 72
WHERE templ_id = " . $db -> quote ( $templ_id , 'integer' ) . "
+ − 73
AND perm_id = " . $db -> quote ( $perm_id , 'integer' ) ;
190
+ − 74
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 75
$response = $db -> query ( $query );
+ − 76
if ( $response -> numRows () > 0 ) {
82
+ − 77
return 1 ;
+ − 78
} else {
+ − 79
return 0 ;
+ − 80
}
+ − 81
}
+ − 82
+ − 83
function list_permission_templates () {
+ − 84
global $db ;
+ − 85
$query = "SELECT * FROM perm_templ" ;
184
+ − 86
$response = $db -> query ( $query );
82
+ − 87
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 88
+ − 89
$template_list = array ();
184
+ − 90
while ( $template = $response -> fetchRow ()) {
82
+ − 91
$tempate_list [] = array (
+ − 92
"id" => $template [ 'id' ],
+ − 93
"name" => $template [ 'name' ],
+ − 94
"descr" => $template [ 'descr' ]
+ − 95
);
+ − 96
}
+ − 97
return $tempate_list ;
+ − 98
}
+ − 99
1
+ − 100
/*
+ − 101
* Retrieve all users.
+ − 102
* Its to show_users therefore the odd name. Has to be changed.
+ − 103
* return values: an array with all users in it.
+ − 104
*/
+ − 105
function show_users ( $id = '' , $rowstart = 0 , $rowamount = 9999999 )
+ − 106
{
+ − 107
global $db ;
65
+ − 108
$add = '' ;
190
+ − 109
if ( is_numeric ( $id )) {
1
+ − 110
//When a user id is given, it is excluded from the userlist returned.
192
+ − 111
$add = " WHERE users.id!=" . $db -> quote ( $id , 'integer' );
1
+ − 112
}
+ − 113
+ − 114
// Make a huge query.
190
+ − 115
$query = "SELECT users.id AS id,
1
+ − 116
users.username AS username,
+ − 117
users.fullname AS fullname,
+ − 118
users.email AS email,
+ − 119
users.description AS description,
+ − 120
users.active AS active,
82
+ − 121
users.perm_templ AS perm_templ,
1
+ − 122
count(zones.owner) AS aantal FROM users
+ − 123
LEFT JOIN zones ON users.id=zones.owner $add
+ − 124
GROUP BY
+ − 125
users.id,
+ − 126
users.username,
+ − 127
users.fullname,
+ − 128
users.email,
+ − 129
users.description,
82
+ − 130
users.perm_templ,
1
+ − 131
users.active
+ − 132
ORDER BY
65
+ − 133
users.fullname" ;
1
+ − 134
+ − 135
// Execute the huge query.
74
+ − 136
$db -> setLimit ( $rowamount , $rowstart );
190
+ − 137
$response = $db -> query ( $query );
+ − 138
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 139
$ret = array ();
+ − 140
$retcount = 0 ;
190
+ − 141
while ( $r = $response -> fetchRow ()) {
1
+ − 142
$ret [] = array (
+ − 143
"id" => $r [ "id" ],
+ − 144
"username" => $r [ "username" ],
+ − 145
"fullname" => $r [ "fullname" ],
+ − 146
"email" => $r [ "email" ],
+ − 147
"description" => $r [ "description" ],
+ − 148
"active" => $r [ "active" ],
+ − 149
"numdomains" => $r [ "aantal" ]
+ − 150
);
+ − 151
}
+ − 152
return $ret ;
+ − 153
}
+ − 154
+ − 155
+ − 156
/*
+ − 157
* Check if the given $userid is connected to a valid user.
+ − 158
* return values: true if user exists, false if users doesnt exist.
+ − 159
*/
+ − 160
function is_valid_user ( $id )
+ − 161
{
+ − 162
global $db ;
190
+ − 163
if ( is_numeric ( $id )) {
192
+ − 164
$response = $db -> query ( "SELECT id FROM users WHERE id=" . $db -> quote ( $id , 'integer' ));
190
+ − 165
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 166
if ( $response -> numRows () == 1 ) {
1
+ − 167
return true ;
190
+ − 168
} else {
1
+ − 169
return false ;
+ − 170
}
+ − 171
}
+ − 172
}
+ − 173
+ − 174
+ − 175
/*
+ − 176
* Checks if a given username exists in the database.
+ − 177
* return values: true if exists, false if not.
+ − 178
*/
+ − 179
function user_exists ( $user )
+ − 180
{
+ − 181
global $db ;
192
+ − 182
$response = $db -> query ( "SELECT id FROM users WHERE username=" . $db -> quote ( $user , 'text' ));
190
+ − 183
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 184
if ( $response -> numRows () == 0 ) {
1
+ − 185
return false ;
190
+ − 186
} elseif ( $response -> numRows () == 1 ) {
1
+ − 187
return true ;
190
+ − 188
} else {
4
+ − 189
error ( ERR_UNKNOWN );
1
+ − 190
}
+ − 191
}
+ − 192
+ − 193
+ − 194
+ − 195
/*
+ − 196
* Delete a user from the system
+ − 197
* return values: true if user doesnt exist.
+ − 198
*/
82
+ − 199
function delete_user ( $uid , $zones )
1
+ − 200
{
+ − 201
global $db ;
+ − 202
126
+ − 203
if (( $uid != $_SESSION [ 'userid' ] && ! verify_permission ( 'user_edit_others' )) || ( $uid == $_SESSION [ 'userid' ] && ! verify_permission ( 'user_edit_own' ))) {
82
+ − 204
error ( ERR_PERM_DEL_USER );
+ − 205
return false ;
+ − 206
} else {
1
+ − 207
82
+ − 208
if ( is_array ( $zones )) {
+ − 209
foreach ( $zones as $zone ) {
+ − 210
if ( $zone [ 'target' ] == "delete" ) {
+ − 211
delete_domain ( $zone [ 'zid' ]);
+ − 212
} elseif ( $zone [ 'target' ] == "new_owner" ) {
+ − 213
add_owner_to_zone ( $zone [ 'zid' ], $zone [ 'newowner' ]);
+ − 214
}
+ − 215
}
+ − 216
}
+ − 217
192
+ − 218
$query = "DELETE FROM zones WHERE owner = " . $db -> quote ( $uid , 'integer' ) ;
190
+ − 219
$response = $db -> query ( $query );
82
+ − 220
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 221
192
+ − 222
$query = "DELETE FROM users WHERE id = " . $db -> quote ( $uid , 'integer' ) ;
190
+ − 223
$response = $db -> query ( $query );
82
+ − 224
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 225
}
82
+ − 226
return true ;
1
+ − 227
}
+ − 228
89
+ − 229
function delete_perm_templ ( $ptid ) {
+ − 230
+ − 231
global $db ;
126
+ − 232
if ( ! ( verify_permission ( 'user_edit_templ_perm' ))) {
89
+ − 233
error ( ERR_PERM_DEL_PERM_TEMPL );
+ − 234
} else {
+ − 235
$query = "SELECT id FROM users WHERE perm_templ = " . $ptid ;
190
+ − 236
$response = $db -> query ( $query );
+ − 237
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
89
+ − 238
190
+ − 239
if ( $response -> numRows () > 0 ) {
89
+ − 240
error ( ERR_PERM_TEMPL_ASSIGNED );
+ − 241
return false ;
+ − 242
} else {
+ − 243
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $ptid ;
190
+ − 244
$response = $db -> query ( $query );
+ − 245
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
89
+ − 246
+ − 247
$query = "DELETE FROM perm_templ WHERE id = " . $ptid ;
190
+ − 248
$response = $db -> query ( $query );
+ − 249
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
89
+ − 250
+ − 251
return true ;
+ − 252
}
+ − 253
}
+ − 254
}
1
+ − 255
+ − 256
/*
+ − 257
* Edit the information of an user.. sloppy implementation with too many queries.. (2) :)
+ − 258
* return values: true if succesful
+ − 259
*/
82
+ − 260
function edit_user ( $id , $user , $fullname , $email , $perm_templ , $description , $active , $password )
1
+ − 261
{
+ − 262
global $db ;
82
+ − 263
126
+ − 264
verify_permission ( 'user_edit_own' ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 265
verify_permission ( 'user_edit_others' ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
82
+ − 266
+ − 267
if (( $id == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) || ( $id != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 268
+ − 269
if ( ! is_valid_email ( $email )) {
+ − 270
error ( ERR_INV_EMAIL );
+ − 271
return false ;
+ − 272
}
1
+ − 273
82
+ − 274
if ( $active != 1 ) {
+ − 275
$active = 0 ;
+ − 276
}
+ − 277
+ − 278
// Before updating the database we need to check whether the user wants to
+ − 279
// change the username. If the user wants to change the username, we need
+ − 280
// to make sure it doesn't already exists.
+ − 281
//
+ − 282
// First find the current username of the user ID we want to change. If the
+ − 283
// current username is not the same as the username that was given by the
+ − 284
// user, the username should apparantly changed. If so, check if the "new"
+ − 285
// username already exists.
1
+ − 286
192
+ − 287
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $id , 'integer' );
184
+ − 288
$response = $db -> query ( $query );
82
+ − 289
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 290
82
+ − 291
$usercheck = array ();
184
+ − 292
$usercheck = $response -> fetchRow ();
1
+ − 293
82
+ − 294
if ( $usercheck [ 'username' ] != $user ) {
+ − 295
+ − 296
// Username of user ID in the database is different from the name
+ − 297
// we have been given. User wants a change of username. Now, make
+ − 298
// sure it doesn't already exist.
+ − 299
192
+ − 300
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $user , 'integer' );
190
+ − 301
$response = $db -> query ( $query );
82
+ − 302
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 303
190
+ − 304
if ( $response -> numRows () > 0 ) {
82
+ − 305
error ( ERR_USER_EXIST );
+ − 306
return false ;
+ − 307
}
+ − 308
}
1
+ − 309
82
+ − 310
// So, user doesn't want to change username or, if he wants, there is not
+ − 311
// another user that goes by the wanted username. So, go ahead!
1
+ − 312
82
+ − 313
$query = "UPDATE users SET
192
+ − 314
username = " . $db -> quote ( $user , 'text' ) . ",
+ − 315
fullname = " . $db -> quote ( $fullname , 'text' ) . ",
+ − 316
email = " . $db -> quote ( $email , 'text' ) . ",
+ − 317
perm_templ = " . $db -> quote ( $perm_templ , 'integer' ) . ",
+ − 318
description = " . $db -> quote ( $description , 'text' ) . ",
+ − 319
active = " . $db -> quote ( $active , 'integer' ) ;
1
+ − 320
82
+ − 321
if ( $password != "" ) {
192
+ − 322
$query .= ", password = " . $db -> quote ( md5 ( $password ), 'text' ) ;
82
+ − 323
}
+ − 324
192
+ − 325
$query .= " WHERE id = " . $db -> quote ( $id , 'integer' ) ;
82
+ − 326
184
+ − 327
$response = $db -> query ( $query );
82
+ − 328
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 329
+ − 330
} else {
+ − 331
error ( ERR_PERM_EDIT_USER );
+ − 332
return false ;
1
+ − 333
}
82
+ − 334
return true ;
1
+ − 335
}
+ − 336
+ − 337
/*
+ − 338
* Change the pass of the user.
+ − 339
* The user is automatically logged out after the pass change.
+ − 340
* return values: none.
+ − 341
*/
82
+ − 342
function change_user_pass ( $details ) {
1
+ − 343
global $db ;
82
+ − 344
+ − 345
if ( $details [ 'newpass' ] != $details [ 'newpass2' ]) {
1
+ − 346
error ( ERR_USER_MATCH_NEW_PASS );
82
+ − 347
return false ;
1
+ − 348
}
+ − 349
192
+ − 350
$query = "SELECT id, password FROM users WHERE username = " . $db -> quote ( $_SESSION [ "userlogin" ], 'text' );
190
+ − 351
$response = $db -> query ( $query );
82
+ − 352
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 353
190
+ − 354
$rinfo = $response -> fetchRow ();
1
+ − 355
82
+ − 356
if ( md5 ( $details [ 'currentpass' ]) == $rinfo [ 'password' ]) {
192
+ − 357
$query = "UPDATE users SET password = " . $db -> quote ( md5 ( $details [ 'newpass' ]), 'text' ) . " WHERE id = " . $db -> quote ( $rinfo [ 'id' ], 'integer' ) ;
190
+ − 358
$response = $db -> query ( $query );
82
+ − 359
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
1
+ − 360
82
+ − 361
logout ( _ ( 'Password has been changed, please login.' ));
+ − 362
} else {
1
+ − 363
error ( ERR_USER_WRONG_CURRENT_PASS );
82
+ − 364
return false ;
1
+ − 365
}
+ − 366
}
+ − 367
+ − 368
+ − 369
/*
+ − 370
* Get a fullname when you have a userid.
+ − 371
* return values: gives the fullname from a userid.
+ − 372
*/
82
+ − 373
function get_fullname_from_userid ( $id ) {
1
+ − 374
global $db ;
82
+ − 375
if ( is_numeric ( $id )) {
192
+ − 376
$response = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id , 'integer' ));
190
+ − 377
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 378
$r = $response -> fetchRow ();
1
+ − 379
return $r [ "fullname" ];
82
+ − 380
} else {
1
+ − 381
error ( ERR_INV_ARG );
82
+ − 382
return false ;
1
+ − 383
}
+ − 384
}
+ − 385
+ − 386
+ − 387
/*
+ − 388
* Get a fullname when you have a userid.
+ − 389
* return values: gives the fullname from a userid.
+ − 390
*/
+ − 391
function get_owner_from_id ( $id )
+ − 392
{
+ − 393
global $db ;
+ − 394
if ( is_numeric ( $id ))
+ − 395
{
192
+ − 396
$response = $db -> query ( "SELECT fullname FROM users WHERE id=" . $db -> quote ( $id , 'integer' ));
190
+ − 397
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 398
if ( $response -> numRows () == 1 )
1
+ − 399
{
190
+ − 400
$r = $response -> fetchRow ();
1
+ − 401
return $r [ "fullname" ];
+ − 402
}
+ − 403
else
+ − 404
{
+ − 405
error ( ERR_USER_NOT_EXIST );
+ − 406
}
+ − 407
}
+ − 408
error ( ERR_INV_ARG );
+ − 409
}
26
+ − 410
+ − 411
/**
+ − 412
* get_owners_from_domainid
+ − 413
*
+ − 414
* @todo also fetch the subowners
+ − 415
* @param $id integer the id of the domain
+ − 416
* @return String the list of owners for this domain
+ − 417
*/
82
+ − 418
function get_fullnames_owners_from_domainid ( $id ) {
190
+ − 419
+ − 420
global $db ;
+ − 421
if ( is_numeric ( $id )) {
192
+ − 422
$response = $db -> query ( "SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=" . $db -> quote ( $id , 'integer' ) . " AND zones.owner=users.id ORDER by fullname" );
190
+ − 423
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 424
if ( $response -> numRows () == 0 ) {
+ − 425
return "" ;
+ − 426
} else {
+ − 427
$names = array ();
+ − 428
while ( $r = $response -> fetchRow ()) {
+ − 429
$names [] = $r [ 'fullname' ];
+ − 430
}
+ − 431
return implode ( ', ' , $names );
+ − 432
}
+ − 433
}
+ − 434
error ( ERR_INV_ARG );
26
+ − 435
}
+ − 436
82
+ − 437
+ − 438
+ − 439
function verify_user_is_owner_zoneid ( $zoneid ) {
+ − 440
global $db ;
+ − 441
+ − 442
$userid = $_SESSION [ "userid" ];
+ − 443
+ − 444
if ( is_numeric ( $zoneid )) {
190
+ − 445
$response = $db -> query ( "SELECT zones.id
82
+ − 446
FROM zones
192
+ − 447
WHERE zones.owner = " . $db -> quote ( $userid , 'integer' ) . "
+ − 448
AND zones.domain_id = " . $db -> quote ( $zoneid , 'integer' )) ;
190
+ − 449
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 450
if ( $response -> numRows () == 0 ) {
82
+ − 451
return "0" ;
+ − 452
} else {
+ − 453
return "1" ;
+ − 454
}
+ − 455
}
+ − 456
error ( ERR_INV_ARG );
+ − 457
}
+ − 458
+ − 459
+ − 460
function get_user_detail_list ( $specific ) {
+ − 461
+ − 462
global $db ;
+ − 463
$userid = $_SESSION [ 'userid' ];
+ − 464
+ − 465
+ − 466
if ( v_num ( $specific )) {
192
+ − 467
$sql_add = "AND users.id = " . $db -> quote ( $specific , 'integer' ) ;
82
+ − 468
} else {
126
+ − 469
if ( verify_permission ( 'user_view_others' )) {
82
+ − 470
$sql_add = "" ;
+ − 471
} else {
192
+ − 472
$sql_add = "AND users.id = " . $db -> quote ( $userid , 'integer' ) ;
82
+ − 473
}
+ − 474
}
+ − 475
+ − 476
$query = "SELECT users.id AS uid,
+ − 477
username,
+ − 478
fullname,
+ − 479
email,
+ − 480
description AS descr,
+ − 481
active,
+ − 482
perm_templ.id AS tpl_id,
+ − 483
perm_templ.name AS tpl_name,
+ − 484
perm_templ.descr AS tpl_descr
+ − 485
FROM users, perm_templ
+ − 486
WHERE users.perm_templ = perm_templ.id "
+ − 487
. $sql_add . "
+ − 488
ORDER BY username" ;
+ − 489
184
+ − 490
$response = $db -> query ( $query );
82
+ − 491
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 492
184
+ − 493
while ( $user = $response -> fetchRow ()) {
82
+ − 494
$userlist [] = array (
+ − 495
"uid" => $user [ 'uid' ],
+ − 496
"username" => $user [ 'username' ],
+ − 497
"fullname" => $user [ 'fullname' ],
+ − 498
"email" => $user [ 'email' ],
+ − 499
"descr" => $user [ 'descr' ],
+ − 500
"active" => $user [ 'active' ],
+ − 501
"tpl_id" => $user [ 'tpl_id' ],
+ − 502
"tpl_name" => $user [ 'tpl_name' ],
+ − 503
"tpl_descr" => $user [ 'tpl_descr' ]
+ − 504
);
+ − 505
}
+ − 506
return $userlist ;
+ − 507
}
+ − 508
+ − 509
+ − 510
// Get a list of permissions that are available. If first argument is "0", it
+ − 511
// should return all available permissions. If the first argument is > "0", it
+ − 512
// should return the permissions assigned to that particular template only. If
+ − 513
// second argument is true, only the permission names are returned.
+ − 514
+ − 515
function get_permissions_by_template_id ( $templ_id = 0 , $return_name_only = false ) {
+ − 516
global $db ;
+ − 517
+ − 518
if ( $templ_id > 0 ) {
+ − 519
$limit = ", perm_templ_items
192
+ − 520
WHERE perm_templ_items.templ_id = " . $db -> quote ( $templ_id , 'integer' ) . "
82
+ − 521
AND perm_templ_items.perm_id = perm_items.id" ;
+ − 522
}
+ − 523
+ − 524
$query = "SELECT perm_items.id AS id,
+ − 525
perm_items.name AS name,
+ − 526
perm_items.descr AS descr
+ − 527
FROM perm_items"
+ − 528
. $limit . "
+ − 529
ORDER BY descr" ;
184
+ − 530
$response = $db -> query ( $query );
82
+ − 531
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 532
+ − 533
$permission_list = array ();
184
+ − 534
while ( $permission = $response -> fetchRow ()) {
82
+ − 535
if ( $return_name_only == false ) {
+ − 536
$permission_list [] = array (
+ − 537
"id" => $permission [ 'id' ],
+ − 538
"name" => $permission [ 'name' ],
+ − 539
"descr" => $permission [ 'descr' ]
+ − 540
);
+ − 541
} else {
+ − 542
$permission_list [] = $permission [ 'name' ];
+ − 543
}
+ − 544
}
+ − 545
return $permission_list ;
+ − 546
}
+ − 547
+ − 548
+ − 549
// Get name and description of template based on template ID.
+ − 550
+ − 551
function get_permission_template_details ( $templ_id ) {
+ − 552
global $db ;
+ − 553
+ − 554
$query = "SELECT *
+ − 555
FROM perm_templ
192
+ − 556
WHERE perm_templ.id = " . $db -> quote ( $templ_id , 'integer' );
82
+ − 557
190
+ − 558
$response = $db -> query ( $query );
82
+ − 559
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 560
190
+ − 561
$details = $response -> fetchRow ();
89
+ − 562
return $details ;
82
+ − 563
}
+ − 564
+ − 565
+ − 566
// Get a list of all available permission templates.
+ − 567
+ − 568
function get_list_permission_templates () {
+ − 569
global $db ;
+ − 570
+ − 571
$query = "SELECT * FROM perm_templ" ;
190
+ − 572
$response = $db -> query ( $query );
82
+ − 573
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 574
+ − 575
$perm_templ_list = array ();
190
+ − 576
while ( $perm_templ = $response -> fetchRow ()) {
82
+ − 577
$perm_templ_list [] = array (
+ − 578
"id" => $perm_templ [ 'id' ],
+ − 579
"name" => $perm_templ [ 'name' ],
+ − 580
"descr" => $perm_templ [ 'descr' ]
+ − 581
);
+ − 582
}
+ − 583
return $perm_templ_list ;
+ − 584
}
+ − 585
+ − 586
85
+ − 587
// Add a permission template.
+ − 588
+ − 589
function add_perm_templ ( $details ) {
+ − 590
global $db ;
+ − 591
+ − 592
// Fix permission template name and description first.
+ − 593
109
+ − 594
$query = "INSERT INTO perm_templ (name, descr)
+ − 595
VALUES ("
192
+ − 596
. $db -> quote ( $details [ 'templ_name' ], 'text' ) . ", "
+ − 597
. $db -> quote ( $details [ 'templ_descr' ], 'text' ) . ")" ;
85
+ − 598
190
+ − 599
$response = $db -> query ( $query );
85
+ − 600
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 601
+ − 602
$perm_templ_id = $db -> lastInsertId ( 'perm_templ' , 'id' );
+ − 603
+ − 604
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
192
+ − 605
$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db -> quote ( $perm_templ_id , 'integer' ) . "," . $db -> quote ( $perm_id , 'integer' ) . ")" ;
190
+ − 606
$response = $db -> query ( $query );
+ − 607
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
85
+ − 608
}
+ − 609
+ − 610
return true ;
+ − 611
}
+ − 612
82
+ − 613
// Update all details of a permission template.
+ − 614
+ − 615
function update_perm_templ_details ( $details ) {
+ − 616
global $db ;
+ − 617
+ − 618
// Fix permission template name and description first.
+ − 619
+ − 620
$query = "UPDATE perm_templ
192
+ − 621
SET name = " . $db -> quote ( $details [ 'templ_name' ], 'text' ) . ",
+ − 622
descr = " . $db -> quote ( $details [ 'templ_descr' ], 'text' ) . "
+ − 623
WHERE id = " . $db -> quote ( $details [ 'templ_id' ], 'integer' ) ;
190
+ − 624
$response = $db -> query ( $query );
82
+ − 625
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 626
+ − 627
// Now, update list of permissions assigned to this template. We could do
+ − 628
// this The Correct Way [tm] by comparing the list of permissions that are
+ − 629
// currently assigned with a list of permissions that should be assigned and
+ − 630
// apply the difference between these two lists to the database. That sounds
190
+ − 631
// like too much work. Just delete all the permissions currently assigned to
82
+ − 632
// the template, than assign all the permessions the template should have.
+ − 633
+ − 634
$query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details [ 'templ_id' ] ;
190
+ − 635
$response = $db -> query ( $query );
+ − 636
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
82
+ − 637
+ − 638
foreach ( $details [ 'perm_id' ] AS $perm_id ) {
192
+ − 639
$query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db -> quote ( $details [ 'templ_id' ], 'integer' ) . "," . $db -> quote ( $perm_id , 'integer' ) . ")" ;
190
+ − 640
$response = $db -> query ( $query );
+ − 641
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
82
+ − 642
}
+ − 643
+ − 644
return true ;
+ − 645
}
+ − 646
+ − 647
function update_user_details ( $details ) {
+ − 648
+ − 649
global $db ;
+ − 650
126
+ − 651
verify_permission ( 'user_edit_own' ) ? $perm_edit_own = "1" : $perm_edit_own = "0" ;
+ − 652
verify_permission ( 'user_edit_others' ) ? $perm_edit_others = "1" : $perm_edit_others = "0" ;
184
+ − 653
verify_permission ( 'templ_perm_edit' ) ? $perm_templ_perm_edit = "1" : $perm_templ_perm_edit = "0" ;
82
+ − 654
+ − 655
if (( $details [ 'uid' ] == $_SESSION [ "userid" ] && $perm_edit_own == "1" ) ||
+ − 656
( $details [ 'uid' ] != $_SESSION [ "userid" ] && $perm_edit_others == "1" )) {
+ − 657
+ − 658
if ( ! is_valid_email ( $details [ 'email' ])) {
+ − 659
error ( ERR_INV_EMAIL );
+ − 660
return false ;
+ − 661
}
+ − 662
+ − 663
if ( ! isset ( $details [ 'active' ]) || $details [ 'active' ] != "on" ) {
+ − 664
$active = 0 ;
+ − 665
} else {
+ − 666
$active = 1 ;
+ − 667
}
+ − 668
+ − 669
// Before updating the database we need to check whether the user wants to
+ − 670
// change the username. If the user wants to change the username, we need
+ − 671
// to make sure it doesn't already exists.
+ − 672
//
+ − 673
// First find the current username of the user ID we want to change. If the
+ − 674
// current username is not the same as the username that was given by the
+ − 675
// user, the username should apparantly changed. If so, check if the "new"
+ − 676
// username already exists.
192
+ − 677
$query = "SELECT username FROM users WHERE id = " . $db -> quote ( $details [ 'uid' ], 'integer' );
190
+ − 678
$response = $db -> query ( $query );
82
+ − 679
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 680
+ − 681
$usercheck = array ();
190
+ − 682
$usercheck = $response -> fetchRow ();
82
+ − 683
+ − 684
if ( $usercheck [ 'username' ] != $details [ 'username' ]) {
+ − 685
// Username of user ID in the database is different from the name
+ − 686
// we have been given. User wants a change of username. Now, make
+ − 687
// sure it doesn't already exist.
192
+ − 688
$query = "SELECT id FROM users WHERE username = " . $db -> quote ( $details [ 'username' ], 'text' );
190
+ − 689
$response = $db -> query ( $query );
82
+ − 690
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 691
190
+ − 692
if ( $response -> numRows () > 0 ) {
82
+ − 693
error ( ERR_USER_EXIST );
+ − 694
return false ;
+ − 695
}
+ − 696
}
+ − 697
+ − 698
// So, user doesn't want to change username or, if he wants, there is not
+ − 699
// another user that goes by the wanted username. So, go ahead!
+ − 700
+ − 701
$query = "UPDATE users SET
192
+ − 702
username = " . $db -> quote ( $details [ 'username' ], 'text' ) . ",
+ − 703
fullname = " . $db -> quote ( $details [ 'fullname' ], 'text' ) . ",
+ − 704
email = " . $db -> quote ( $details [ 'email' ], 'text' ) . ",
+ − 705
description = " . $db -> quote ( $details [ 'descr' ], 'text' ) . ",
+ − 706
active = " . $db -> quote ( $active , 'integer' ) ;
82
+ − 707
183
+ − 708
// If the user is alllowed to change the permission template, set it.
+ − 709
if ( $perm_templ_perm_edit == "1" ) {
192
+ − 710
$query .= ", perm_templ = " . $db -> quote ( $details [ 'templ_id' ], 'integer' ) ;
183
+ − 711
+ − 712
}
+ − 713
184
+ − 714
if ( isset ( $details [ 'password' ]) && $details [ 'password' ] != "" ) {
192
+ − 715
$query .= ", password = " . $db -> quote ( md5 ( $details [ 'password' ]), 'text' );
82
+ − 716
}
+ − 717
192
+ − 718
$query .= " WHERE id = " . $db -> quote ( $details [ 'uid' ], 'integer' ) ;
82
+ − 719
190
+ − 720
$response = $db -> query ( $query );
82
+ − 721
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 722
+ − 723
} else {
+ − 724
error ( ERR_PERM_EDIT_USER );
+ − 725
return false ;
+ − 726
}
+ − 727
return true ;
+ − 728
}
+ − 729
+ − 730
// Add a new user
+ − 731
+ − 732
function add_new_user ( $details ) {
+ − 733
global $db ;
+ − 734
126
+ − 735
if ( ! verify_permission ( 'user_add_new' )) {
82
+ − 736
error ( ERR_PERM_ADD_USER );
+ − 737
+ − 738
} elseif ( user_exists ( $details [ 'username' ])) {
+ − 739
error ( ERR_USER_EXISTS );
+ − 740
+ − 741
} elseif ( ! is_valid_email ( $details [ 'email' ])) {
+ − 742
error ( ERR_INV_EMAIL );
+ − 743
+ − 744
} elseif ( $details [ 'active' ] == 1 ) {
+ − 745
$active = 1 ;
+ − 746
} else {
+ − 747
$active = 0 ;
+ − 748
}
+ − 749
109
+ − 750
$query = "INSERT INTO users (username, password, fullname, email, description, perm_templ, active) VALUES ("
192
+ − 751
. $db -> quote ( $details [ 'username' ], 'text' ) . ", "
+ − 752
. $db -> quote ( md5 ( $details [ 'password' ]), 'text' ) . ", "
+ − 753
. $db -> quote ( $details [ 'fullname' ], 'text' ) . ", "
+ − 754
. $db -> quote ( $details [ 'email' ], 'text' ) . ", "
+ − 755
. $db -> quote ( $details [ 'descr' ], 'text' ) . ", "
+ − 756
. $db -> quote ( $details [ 'perm_templ' ], 'integer' ) . ", "
+ − 757
. $db -> quote ( $active , 'integer' )
82
+ − 758
. ")" ;
+ − 759
190
+ − 760
$response = $db -> query ( $query );
82
+ − 761
if ( PEAR :: isError ( $response )) { error ( $response -> getMessage ()); return false ; }
+ − 762
+ − 763
return true ;
+ − 764
}
+ − 765
+ − 766
+ − 767
1
+ − 768
?>