equal
deleted
inserted
replaced
79 } |
79 } |
80 |
80 |
81 function list_permission_templates() { |
81 function list_permission_templates() { |
82 global $db; |
82 global $db; |
83 $query = "SELECT * FROM perm_templ"; |
83 $query = "SELECT * FROM perm_templ"; |
84 $result = $db->query($query); |
84 $response = $db->query($query); |
85 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
85 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
86 |
86 |
87 $template_list = array(); |
87 $template_list = array(); |
88 while ($template= $result->fetchRow()) { |
88 while ($template= $response->fetchRow()) { |
89 $tempate_list[] = array( |
89 $tempate_list[] = array( |
90 "id" => $template['id'], |
90 "id" => $template['id'], |
91 "name" => $template['name'], |
91 "name" => $template['name'], |
92 "descr" => $template['descr'] |
92 "descr" => $template['descr'] |
93 ); |
93 ); |
290 // current username is not the same as the username that was given by the |
290 // current username is not the same as the username that was given by the |
291 // user, the username should apparantly changed. If so, check if the "new" |
291 // user, the username should apparantly changed. If so, check if the "new" |
292 // username already exists. |
292 // username already exists. |
293 |
293 |
294 $query = "SELECT username FROM users WHERE id = " . $db->quote($id); |
294 $query = "SELECT username FROM users WHERE id = " . $db->quote($id); |
295 $result = $db->query($query); |
295 $response = $db->query($query); |
296 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
296 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
297 |
297 |
298 $usercheck = array(); |
298 $usercheck = array(); |
299 $usercheck = $result->fetchRow(); |
299 $usercheck = $response->fetchRow(); |
300 |
300 |
301 if ($usercheck['username'] != $user) { |
301 if ($usercheck['username'] != $user) { |
302 |
302 |
303 // Username of user ID in the database is different from the name |
303 // Username of user ID in the database is different from the name |
304 // we have been given. User wants a change of username. Now, make |
304 // we have been given. User wants a change of username. Now, make |
329 $query .= ", password = " . $db->quote(md5($password)) ; |
329 $query .= ", password = " . $db->quote(md5($password)) ; |
330 } |
330 } |
331 |
331 |
332 $query .= " WHERE id = " . $db->quote($id) ; |
332 $query .= " WHERE id = " . $db->quote($id) ; |
333 |
333 |
334 $result = $db->query($query); |
334 $response = $db->query($query); |
335 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
335 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
336 |
336 |
337 } else { |
337 } else { |
338 error(ERR_PERM_EDIT_USER); |
338 error(ERR_PERM_EDIT_USER); |
339 return false; |
339 return false; |
493 FROM users, perm_templ |
493 FROM users, perm_templ |
494 WHERE users.perm_templ = perm_templ.id " |
494 WHERE users.perm_templ = perm_templ.id " |
495 . $sql_add . " |
495 . $sql_add . " |
496 ORDER BY username"; |
496 ORDER BY username"; |
497 |
497 |
498 $result = $db->query($query); |
498 $response = $db->query($query); |
499 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
499 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
500 |
500 |
501 while ($user = $result->fetchRow()) { |
501 while ($user = $response->fetchRow()) { |
502 $userlist[] = array( |
502 $userlist[] = array( |
503 "uid" => $user['uid'], |
503 "uid" => $user['uid'], |
504 "username" => $user['username'], |
504 "username" => $user['username'], |
505 "fullname" => $user['fullname'], |
505 "fullname" => $user['fullname'], |
506 "email" => $user['email'], |
506 "email" => $user['email'], |
533 perm_items.name AS name, |
533 perm_items.name AS name, |
534 perm_items.descr AS descr |
534 perm_items.descr AS descr |
535 FROM perm_items" |
535 FROM perm_items" |
536 . $limit . " |
536 . $limit . " |
537 ORDER BY descr"; |
537 ORDER BY descr"; |
538 $result = $db->query($query); |
538 $response = $db->query($query); |
539 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
539 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
540 |
540 |
541 $permission_list = array(); |
541 $permission_list = array(); |
542 while ($permission = $result->fetchRow()) { |
542 while ($permission = $response->fetchRow()) { |
543 if ($return_name_only == false) { |
543 if ($return_name_only == false) { |
544 $permission_list[] = array( |
544 $permission_list[] = array( |
545 "id" => $permission['id'], |
545 "id" => $permission['id'], |
546 "name" => $permission['name'], |
546 "name" => $permission['name'], |
547 "descr" => $permission['descr'] |
547 "descr" => $permission['descr'] |
659 |
659 |
660 global $db; |
660 global $db; |
661 |
661 |
662 verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0" ; |
662 verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0" ; |
663 verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0" ; |
663 verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0" ; |
|
664 verify_permission('templ_perm_edit') ? $perm_templ_perm_edit = "1" : $perm_templ_perm_edit = "0" ; |
664 |
665 |
665 if (($details['uid'] == $_SESSION["userid"] && $perm_edit_own == "1") || |
666 if (($details['uid'] == $_SESSION["userid"] && $perm_edit_own == "1") || |
666 ($details['uid'] != $_SESSION["userid"] && $perm_edit_others == "1" )) { |
667 ($details['uid'] != $_SESSION["userid"] && $perm_edit_others == "1" )) { |
667 |
668 |
668 if (!is_valid_email($details['email'])) { |
669 if (!is_valid_email($details['email'])) { |
719 if ($perm_templ_perm_edit == "1") { |
720 if ($perm_templ_perm_edit == "1") { |
720 $query .= ", perm_templ = " . $db->quote($details['templ_id']) ; |
721 $query .= ", perm_templ = " . $db->quote($details['templ_id']) ; |
721 |
722 |
722 } |
723 } |
723 |
724 |
724 // TODO Check if function works if password is set too. |
725 if(isset($details['password']) && $details['password'] != "") { |
725 if($details['password'] != "") { |
|
726 $query .= ", password = '" . md5($db->quote($details['password'])) . "' "; |
726 $query .= ", password = '" . md5($db->quote($details['password'])) . "' "; |
727 } |
727 } |
728 |
728 |
729 $query .= " WHERE id = " . $db->quote($details['uid']) ; |
729 $query .= " WHERE id = " . $db->quote($details['uid']) ; |
730 |
730 |