RecordCount(); if ($grpresultcount>0) { $grow = array_map('htmlspecialchars', $grpresult->FetchRow()); } } $usergroupsummary = "
\n" . "
\n" . "".$clang->gT("User Group").""; if($ugid && $grpresultcount > 0) { $usergroupsummary .= " {$grow['name']}\n"; } $usergroupsummary .= "
\n" . "
\n" . "
\n" . "\n" . "\n"; if($ugid && $grpresultcount > 0) { $usergroupsummary .= " " ."".$clang->gT("Mail to all Members")."\n" ; } else { $usergroupsummary .= "\n"; } $usergroupsummary .= "\n" . "\n"; if($ugid && $grpresultcount > 0 && $_SESSION['loginID'] == $grow['owner_id']) { $usergroupsummary .= "" . "".$clang->gT("Edit Current User Group")."\n" ; } else { $usergroupsummary .= "\n"; } if($ugid && $grpresultcount > 0 && $_SESSION['loginID'] == $grow['owner_id']) { // $usergroupsummary .= "gT("Are you sure you want to delete this entry?","js")."')\"" $usergroupsummary .= "gT("Are you sure you want to delete this entry?","js")."')) {".get2post("$scriptname?action=delusergroup&ugid=$ugid")."}\" " . "title='".$clang->gTview("Delete Current User Group")."'>" . "".$clang->gT("Delete Current User Group")."\n"; } else { $usergroupsummary .= "\n"; } $usergroupsummary .= "\n" . "\n" . "
\n" . "
\n" . "".$clang->gT("User Groups").": \n"; if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $usergroupsummary .= "" ."".$clang->gT("Add New User Group")."\n"; } $usergroupsummary .= "\n" . "\n" . "
\n" . "
\n"; $usergroupsummary .= "

 

"; //CSS Firefox 2 transition fix } if ($action == "adduser" || $action=="deluser" ||$action=="finaldeluser" || $action == "moduser" || $action == "userrights" || $action == "usertemplates") { include("usercontrol.php"); } if ($action == "setusertemplates") { refreshtemplates(); $usersummary = "\n
\n\t
".$clang->gT('Edit template permissions')."
\n \n \n \t\n \t\n \t\n"; $userlist = getuserlist(); foreach ($userlist as $usr) { if ($usr['uid'] == $postuserid) { $templaterights = array(); $squery = 'SELECT '.db_quote_id('folder').','.db_quote_id('use')." FROM {$dbprefix}templates_rights WHERE uid={$usr['uid']}"; $sresult = db_execute_assoc($squery) or safe_die($connect->ErrorMsg());//Checked while ($srow = $sresult->FetchRow()) { $templaterights[$srow["folder"]] = array("use"=>$srow["use"]); } $usersummary .= "\t\n\n\n\t\n" ."\t\n"; $usersummary .= "\n" ."\n" ."\n" ."\n" ."\n"; $usersummary .= "\n"; $tquery = "SELECT * FROM ".$dbprefix."templates"; $tresult = db_execute_assoc($tquery) or safe_die($connect->ErrorMsg()); //Checked $table_row_odd_even = 'odd'; while ($trow = $tresult->FetchRow()) { if($table_row_odd_even == 'odd' ) { $row_class = ' class="row_odd"'; $table_row_odd_even = 'even'; } else { $row_class = ' class="row_even"'; $table_row_odd_even = 'odd'; }; $usersummary .= "\t\n\n"; $usersummary .= "
\n" . $clang->gT('Set templates that this user may access').': '.$_POST['user']."
" .$clang->gT('Template name') ."
 		" .$clang->gT('Allowed') ."
" ."
\n" ."\tgT('Save settings')."\" />\n" ."\t\n" ."\t\n" ."
{$trow["folder"]}\n" ."\n"; continue; } } } if ($action == "modifyuser") { if (isset($postuserid) && $postuserid) { $squery = "SELECT uid FROM {$dbprefix}users WHERE uid=$postuserid AND parent_id=".$_SESSION['loginID']; // added by Dennis $sresult = $connect->Execute($squery);//Checked $sresultcount = $sresult->RecordCount(); } else { include("access_denied.php"); } // RELIABLY CHECK MY RIGHTS if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1 || $_SESSION['loginID'] == $postuserid || ( $_SESSION['USER_RIGHT_CREATE_USER'] && $sresultcount > 0 ) ) { $usersummary = "
\n".$clang->gT("Editing user")."

\n" ."
\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "\n"; $muq = "SELECT a.users_name, a.full_name, a.email, a.uid, b.users_name AS parent FROM ".db_table_name('users')." AS a LEFT JOIN ".db_table_name('users')." AS b ON a.parent_id = b.uid WHERE a.uid='{$postuserid}'"; // added by Dennis //echo($muq); $mur = db_select_limit_assoc($muq, 1); $usersummary .= ""; while ($mrw = $mur->FetchRow()) { $mrw = array_map('htmlspecialchars', $mrw); $usersummary .= "\n" . "\n" . "\n"; $usersummary .= "\n"; } $usersummary .= "\n" . "\n" . "
".$clang->gT("Username")."".$clang->gT("Email")."".$clang->gT("Full name")."".$clang->gT("Password")."
{$mrw['users_name']}\n\n\n" . "\n" . "\n
\n" . "

\n" . "\n" . "\n" . "

\n" . "
\n"; } else { include("access_denied.php"); } } if ($action == "setuserrights") { if (isset($postuserid) && $postuserid) { $squery = "SELECT uid FROM {$dbprefix}users WHERE uid=$postuserid AND parent_id=".$_SESSION['loginID']; // added by Dennis $sresult = $connect->Execute($squery);//Checked $sresultcount = $sresult->RecordCount(); } else { include("access_denied.php"); } // RELIABLY CHECK MY RIGHTS if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1 || ( $_SESSION['USER_RIGHT_CREATE_USER'] && $sresultcount > 0 && $_SESSION['loginID'] != $postuserid ) ) // if($_SESSION['loginID'] != $postuserid) { $usersummary ="
"; $usersummary .="\n" ."\n" ."\n" ."\n"; // HERE WE LIST FOR USER RIGHTS YOU CAN SET TO a USER // YOU CAN ONLY SET AT MOST THE RIGHTS YOU have yourself $userlist = getuserlist(); foreach ($userlist as $usr) { if ($usr['uid'] == $postuserid) { $squery = "SELECT create_survey, configurator, create_user, delete_user, superadmin, manage_template, manage_label FROM {$dbprefix}users WHERE uid={$_SESSION['loginID']}"; // added by Dennis $sresult = $connect->Execute($squery); //Checked $parent = $sresult->FetchRow(); // Initial SuperAdmin has parent_id == 0 $adminquery = "SELECT uid FROM {$dbprefix}users WHERE parent_id=0"; $adminresult = db_select_limit_assoc($adminquery, 1); $row=$adminresult->FetchRow(); $usersummary .="\n"; // Only Initial SuperAdmin can give SuperAdmin rights if($row['uid'] == $_SESSION['loginID']) { // RENAMED AS SUPERADMIN $usersummary .= "\n"; } if($parent['create_survey']) { $usersummary .= "\n"; } if($parent['configurator']) { $usersummary .= "\n"; } if($parent['create_user']) { $usersummary .= "\n"; } if($parent['delete_user']) { $usersummary .= "\n"; } if($parent['manage_template']) { $usersummary .= "\n"; } if($parent['manage_label']) { $usersummary .= "\n"; } $usersummary .="\n" ."\n"; // Only Initial SuperAdmmin can give SuperAdmin right if($row['uid'] == $_SESSION['loginID']) { $usersummary .= "\n" ."\n" ."
" ."".$clang->gT("Set User Rights").": ".htmlspecialchars(sanitize_user($_POST['user']))."" ."
".$clang->gT("SuperAdministrator")."".$clang->gT("Create Survey")."".$clang->gT("Configurator")."".$clang->gT("Create User")."".$clang->gT("Delete User")."".$clang->gT("Use all/manage templates")."".$clang->gT("Manage Labels")."
" ."" ."" ."" ."
\n" ."
\n"; continue; } // if } // foreach } // if else { include("access_denied.php"); } } // if if($subaction == "setasadminchild") { // Set user as child of ADMIN FOR // MORE RIGHT MANAGEMENT POSSIBILITIES // DON'T TOUCH user CHILDS, they remain his childs if($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $query = "UPDATE ".db_table_name('users')." SET parent_id =1 WHERE uid = ".$postuserid; $connect->Execute($query) or safe_die($connect->ErrorMsg()." ".$query); //Checked $_SESSION['flashmessage']=$clang->gT("Ownership was successfully changed."); } else { include("access_denied.php"); } } if ($action == "editusers") { $usersummary = "
".$clang->gT("User control")."

" . "\n" . "\n" . "\n" . "\n"; $usersummary .= "\n" . "\n" . "\n"; if($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $usersummary .= "\n"; } $usersummary .= "\n" . "\n"; $userlist = getuserlist(); $ui = count($userlist); $usrhimself = $userlist[0]; unset($userlist[0]); // output users // output admin user only if the user logged in has user management rights $usersummary .= "\n"; // Action colum first $usersummary .= "\n"; $usersummary .= "\n" . "\n" . "\n"; if($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $noofsurveys=$connect->GetOne('Select count(*) from '.db_table_name('surveys').' where owner_id='.$usrhimself['uid']); $usersummary .= "\n"; } if(isset($usrhimself['parent_id']) && $usrhimself['parent_id']!=0) { $uquery = "SELECT users_name FROM ".db_table_name('users')." WHERE uid=".$usrhimself['parent_id']; $uresult = db_execute_assoc($uquery); //Checked $srow = $uresult->FetchRow(); $usersummary .= "\n"; } else { $usersummary .= "\n"; } $usersummary.="\n"; // other users $row = 0; $usr_arr = $userlist; $noofsurveyslist = array( ); //This loops through for each user and checks the amount of surveys against them. for($i=1;$i<=count($usr_arr);$i++) { $noofsurveyslist[$i]=$connect->GetOne('Select count(*) from '.db_table_name('surveys').' where owner_id='.$usr_arr[$i]['uid']); } for($i=1; $i<=count($usr_arr); $i++) { $usr = $usr_arr[$i]; $usersummary .= "\n"; $usersummary .= "\n"; $usersummary .= "\n" . "\n" . "\n"; $usersummary .= "\n"; // Get Parent's User Name $uquery = "SELECT users_name FROM ".db_table_name('users')." WHERE uid=".$usr['parent_id']; $uresult = db_execute_assoc($uquery); //Checked $userlist = array(); $srow = $uresult->FetchRow(); $usr['parent'] = $srow['users_name']; //TODO: Find out why parent isn't set // ==> because it is parent_id ;-) if (isset($usr['parent_id'])) { $usersummary .= "\n"; } else { $usersummary .= "\n"; } $usersummary .= "\n"; $row++; } $usersummary .= "
".$clang->gT("Action")."".$clang->gT("Username")."".$clang->gT("Email")."".$clang->gT("Full name")."".$clang->gT("No of surveys")."".$clang->gT("Created by")."
\n"; $usersummary .= "
" ."" ."" ."" ."
"; if ($usrhimself['parent_id'] != 0 && $_SESSION['USER_RIGHT_DELETE_USER'] == 1 ) { $usersummary .= "
" ."" ."" ."" ."" ."
"; } $usersummary .= "		{$usrhimself['user']}{$usrhimself['email']}{$usrhimself['full_name']}{$noofsurveys}{$srow['users_name']}---
\n"; if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1 || $usr['uid'] == $_SESSION['loginID'] || ($_SESSION['USER_RIGHT_CREATE_USER'] == 1 && $usr['parent_id'] == $_SESSION['loginID'])) { $usersummary .= "
" ."" ."" ."" ."
"; } if ( (($_SESSION['USER_RIGHT_SUPERADMIN'] == 1 && $usr['uid'] != $_SESSION['loginID'] ) || ($_SESSION['USER_RIGHT_CREATE_USER'] == 1 && $usr['parent_id'] == $_SESSION['loginID'])) && $usr['uid']!=1) { $usersummary .= "
" ."" ."" ."" ."" ."
"; } if ($_SESSION['loginID'] == "1" && $usr['parent_id'] !=1 ) { $usersummary .= "
" ."" ."" ."" ."" ."" ."
"; } if (($_SESSION['USER_RIGHT_SUPERADMIN'] == 1 || $_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] == 1) && $usr['uid']!=1) { $usersummary .= "
" ."" ."" ."" ."" ."
"; } // users are allowed to delete all successor users (but the admin not himself) if (($_SESSION['USER_RIGHT_SUPERADMIN'] == 1 || ($_SESSION['USER_RIGHT_DELETE_USER'] == 1 && $usr['parent_id'] == $_SESSION['loginID']))&& $usr['uid']!=1) { $usersummary .= "
" ."" ."" ."" ."" ."
"; } $usersummary .= "		{$usr['user']}{$usr['email']}{$usr['full_name']}{$noofsurveyslist[$i]}{$usr['parent']}-----

"; if($_SESSION['USER_RIGHT_SUPERADMIN'] == 1 || $_SESSION['USER_RIGHT_CREATE_USER']) { $usersummary .= "
\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "
".$clang->gT("Add user:")." " . "

\n"; } } if ($action == "addusergroup") { if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) // only admins may do that { $usersummary ="
".$clang->gT("Add User Group")."
\n" . "
" . "
    \n" . "
  • \n" . " ".$clang->gT("Required")."
    • \n" . "
  • \n" . "
    • \n" . "

\n" . "\n" . "

\n"; } } if ($action == "editusergroup") { if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $query = "SELECT * FROM ".db_table_name('user_groups')." WHERE ugid = ".$_GET['ugid']." AND owner_id = ".$_SESSION['loginID']; $result = db_select_limit_assoc($query, 1); $esrow = $result->FetchRow(); $usersummary = "
".sprintf($clang->gT("Editing user group (Owner: %s)"),$_SESSION['user'])."
" ."
" . "
    \n" . "
  • \n" . "
    • \n" . "
  • \n" . "
    • \n" . "

      \n" . "\n" . "\n" . "\n" . "

      \n"; } } if ($action == "mailusergroup") { $query = "SELECT a.ugid, a.name, a.owner_id, b.uid FROM ".db_table_name('user_groups') ." AS a LEFT JOIN ".db_table_name('user_in_groups') ." AS b ON a.ugid = b.ugid WHERE a.ugid = {$ugid} AND uid = {$_SESSION['loginID']} ORDER BY name"; $result = db_execute_assoc($query); //Checked $crow = $result->FetchRow(); $usersummary = "
      ".$clang->gT("Mail to all Members")."
      " . "
        " . "
      • \n" . "
        • \n" . "
      • \n" . "
        • \n" . "
      • \n" . "
        • \n" . "

      \n" . "
      " . "\n" . "\n" . "

      \n"; } if ($action == "delusergroup") { $usersummary = "
      ".$clang->gT("Deleting User Group")."...
      \n"; $usersummary .= "
      \n"; if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { if(!empty($postusergroupid) && ($postusergroupid > -1)) { $query = "SELECT ugid, name, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = {$postusergroupid} AND owner_id = ".$_SESSION['loginID']; $result = db_select_limit_assoc($query, 1); if($result->RecordCount() > 0) { $row = $result->FetchRow(); $remquery = "DELETE FROM ".db_table_name('user_groups')." WHERE ugid = {$postusergroupid} AND owner_id = {$_SESSION['loginID']}"; if($connect->Execute($remquery)) //Checked { $usersummary .= "
      ".$clang->gT("Group Name").": {$row['name']}

      \n"; $usersummary .= "
      ".$clang->gT("Success!")."
      \n"; } else { $usersummary .= "
      ".$clang->gT("Could not delete user group.")."
      \n"; } $usersummary .= "
      gT("Continue")."\"/>\n"; } else { include("access_denied.php"); } } else { $usersummary .= "
      ".$clang->gT("Could not delete user group. No group selected.")."
      \n"; $usersummary .= "
      gT("Continue")."\"/>\n"; } } $usersummary .= "
      \n"; } if ($action == "usergroupindb") { $usersummary = "
      ".$clang->gT("Adding User Group")."...
      \n"; $usersummary .= "
      \n"; if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $db_group_name = db_quote($_POST['group_name']); $db_group_description = db_quote($_POST['group_description']); $html_group_name = htmlspecialchars($_POST['group_name']); $html_group_description = htmlspecialchars($_POST['group_description']); if(isset($db_group_name) && strlen($db_group_name) > 0) { $ugid = addUserGroupInDB($db_group_name, $db_group_description); if($ugid > 0) { $usersummary .= "
      ".$clang->gT("Group Name").": ".$html_group_name."

      \n"; if(isset($db_group_description) && strlen($db_group_description) > 0) { $usersummary .= $clang->gT("Description: ").$html_group_description."

      \n"; } $usersummary .= "
      ".$clang->gT("User group successfully added!")."
      \n"; $usersummary .= "
      gT("Continue")."\"/>\n"; } else { $usersummary .= "
      ".$clang->gT("Failed to add Group!")."
      \n" . "
      " . $clang->gT("Group already exists!")."
      \n"; $usersummary .= "
      gT("Continue")."\"/>\n"; } } else { $usersummary .= "
      ".$clang->gT("Failed to add Group!")."
      \n" . "
      " . $clang->gT("Group name was not supplied!")."
      \n"; $usersummary .= "
      gT("Continue")."\"/>\n"; } } else { include("access_denied.php"); } $usersummary .= "
      \n"; } if ($action == "mailsendusergroup") { $usersummary = "
      ".$clang->gT("Mail to all Members")."
      \n"; $usersummary .= "
      \n"; // user must be in user group // or superadmin $query = "SELECT uid FROM ".db_table_name('user_in_groups') ." WHERE ugid = {$ugid} AND uid = {$_SESSION['loginID']}"; $result = db_execute_assoc($query); //Checked if($result->RecordCount() > 0 || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $eguquery = "SELECT * FROM ".db_table_name("user_in_groups")." AS a INNER JOIN ".db_table_name("users")." AS b ON a.uid = b.uid WHERE ugid = " . $ugid . " AND b.uid != {$_SESSION['loginID']} ORDER BY b.users_name"; $eguresult = db_execute_assoc($eguquery); //Checked $addressee = ''; $to = ''; while ($egurow = $eguresult->FetchRow()) { $to .= $egurow['users_name']. ' <'.$egurow['email'].'>'. '; ' ; $addressee .= $egurow['users_name'].', '; } $to = substr("$to", 0, -2); $addressee = substr("$addressee", 0, -2); $from_user = "SELECT email, users_name, full_name FROM ".db_table_name("users")." WHERE uid = " .$_SESSION['loginID']; $from_user_result = db_execute_assoc($from_user); //Checked $from_user_row = $from_user_result->FetchRow(); if ($from_user_row['full_name']) { $from = $from_user_row['full_name'].' <'.$from_user_row['email'].'> '; } else { $from = $from_user_row['users_name'].' <'.$from_user_row['email'].'> '; } $ugid = $postusergroupid; $body = $_POST['body']; $subject = $_POST['subject']; if(isset($_POST['copymail']) && $_POST['copymail'] == 1) { $to .= ", " . $from; } $body = str_replace("\n.", "\n..", $body); $body = wordwrap($body, 70); //echo $body . '-'.$subject .'-'.'
      '.htmlspecialchars($to).'
      '.'-'.$from; if (SendEmailMessage(null, $body, $subject, $to, $from,'')) { $usersummary = "
      \n"; $usersummary .= "
      ".$clang->gT("Message(s) sent successfully!")."
      \n" . "
      ".$clang->gT("To:")."". $addressee."
      \n" . "
      gT("Continue")."\"/>\n"; } else { $usersummary = "
      \n"; $usersummary .= "
      ".sprintf($clang->gT("Email to %s failed. Error Message:"),$to)." ".$maildebug."
      "; if ($debug>0) { $usersummary .= "
      Subject : $subject

      ".htmlspecialchars($maildebugbody)."
      "; } $usersummary .= "
      gT("Continue")."\"/>\n"; } } else { include("access_denied.php"); } $usersummary .= "
      \n"; } if ($action == "editusergroupindb") { if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $ugid = $postusergroupid; $db_name = db_quote($_POST['name']); $db_description = db_quote($_POST['description']); $html_name = html_escape($_POST['name']); $html_description = html_escape($_POST['description']); $usersummary = "
      \n"; if(updateusergroup($db_name, $db_description, $ugid)) { $usersummary .= "
      ".$clang->gT("Edit User Group Successfully!")."
      \n" . "
      ".$clang->gT("Name").": {$html_name}
      \n" . $clang->gT("Description: ").$html_description."
      \n" . "
      ".$clang->gT("Continue")."
       \n"; } else { $usersummary .= "
      ".$clang->gT("Failed to update!")."
      \n" . "
      ".$clang->gT("Continue")."
       \n"; } $usersummary .= "
      \n"; } else { include("access_denied.php"); } } if ($action == "editusergroups" ) { // REMOVING CONDITION ON loginID == 1 // editusergroups is only to display groups // a user is in //if ( $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) if ( isset($_SESSION['loginID'])) { if(isset($_GET['ugid'])) { $ugid = sanitize_int($_GET['ugid']); $query = "SELECT a.ugid, a.name, a.owner_id, a.description, b.uid FROM ".db_table_name('user_groups') ." AS a LEFT JOIN ".db_table_name('user_in_groups') ." AS b ON a.ugid = b.ugid WHERE a.ugid = {$ugid} AND uid = {$_SESSION['loginID']} ORDER BY name"; $result = db_execute_assoc($query); //Checked $crow = $result->FetchRow(); if($result->RecordCount() > 0) { if(!empty($crow['description'])) { $usergroupsummary .= "\n" . "\n" . "
      " . "".$clang->gT("Description: ")."" . "{$crow['description']}
      "; } $eguquery = "SELECT * FROM ".db_table_name("user_in_groups")." AS a INNER JOIN ".db_table_name("users")." AS b ON a.uid = b.uid WHERE ugid = " . $ugid . " ORDER BY b.users_name"; $eguresult = db_execute_assoc($eguquery); //Checked $usergroupsummary .= "\n" . "\n" . "\n" . "\n" . "\n" . "\n"; $query2 = "SELECT ugid FROM ".db_table_name('user_groups')." WHERE ugid = ".$ugid." AND owner_id = ".$_SESSION['loginID']; $result2 = db_select_limit_assoc($query2, 1); $row2 = $result2->FetchRow(); $row = 1; $usergroupentries=''; while ($egurow = $eguresult->FetchRow()) { if (!isset($bgcc)) {$bgcc="evenrow";} else { if ($bgcc == "evenrow") {$bgcc = "oddrow";} else {$bgcc = "evenrow";} } if($egurow['uid'] == $crow['owner_id']) { $usergroupowner = "\n" . "\n" . "\n" . "\n" . ""; continue; } // output users $usergroupentries .= "\n" . "\n"; $usergroupentries .= "\n" . "\n" . "\n"; $row++; } $usergroupsummary .= $usergroupowner; if (isset($usergroupentries)) {$usergroupsummary .= $usergroupentries;}; $usergroupsummary .= '
      ".$clang->gT("Action")."".$clang->gT("Username")."".$clang->gT("Email")."
       {$egurow['users_name']}{$egurow['email']}
      \n"; if($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $usergroupentries .= "
      " ." " ." " ." " ." "; } $usergroupentries .= "
      " . "      		{$egurow['users_name']}{$egurow['email']}
      '; if(isset($row2['ugid'])) { $usergroupsummary .= "
      \n" . "\n" . "" . "\n" . "
        \n" . "\n" . "
      \n" . "
      \n"; } } else { include("access_denied.php"); } } } else { include("access_denied.php"); } } if($action == "deleteuserfromgroup") { $usersummary = "
      ".$clang->gT("Delete User")."
      \n"; $usersummary .= "
      \n"; if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $ugid = $postusergroupid; $uid = $postuserid; $query = "SELECT ugid, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = ".$ugid." AND ((owner_id = ".$_SESSION['loginID']." AND owner_id != ".$uid.") OR (owner_id != ".$_SESSION['loginID']." AND $uid = ".$_SESSION['loginID']."))"; $result = db_execute_assoc($query); //Checked if($result->RecordCount() > 0) { $remquery = "DELETE FROM ".db_table_name('user_in_groups')." WHERE ugid = {$ugid} AND uid = {$uid}"; if($connect->Execute($remquery)) //Checked { $usersummary .= "
      ".$clang->gT("Username").": ".sanitize_xss_string(strip_tags($_POST['user']))."

      \n"; $usersummary .= "
      ".$clang->gT("Success!")."
      \n"; } else { $usersummary .= "
      ".$clang->gT("Could not delete user. User was not supplied.")."
      \n"; } } else { include("access_denied.php"); } if($_SESSION['loginID'] != $postuserid) { $usersummary .= "
      gT("Continue")."\"/>\n"; } else { $usersummary .= "
      gT("Continue")."\"/>\n"; } } else { include("access_denied.php"); } $usersummary .= "
      \n"; } if($action == "addusertogroup") { $ugid=returnglobal('ugid'); $addsummary = "
      ".$clang->gT("Adding User to group")."...
      \n"; $addsummary .= "
      \n"; if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $query = "SELECT ugid, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = {$ugid} AND owner_id = ".$_SESSION['loginID']." AND owner_id != ".$postuserid; $result = db_execute_assoc($query); //Checked if($result->RecordCount() > 0) { if($postuserid > 0) { $isrquery = "INSERT INTO {$dbprefix}user_in_groups VALUES({$ugid},{$postuserid})"; $isrresult = $connect->Execute($isrquery); //Checked if($isrresult) { $addsummary .= "
      ".$clang->gT("User added.")."
      \n"; } else // ToDo: for this to happen the keys on the table must still be set accordingly { // Username already exists. $addsummary .= "
      ".$clang->gT("Failed to add user.")."
      \n" . "
      " . $clang->gT("Username already exists.")."
      \n"; } } else { $addsummary .= "
      ".$clang->gT("Failed to add user.")."
      \n" . "
      " . $clang->gT("No Username selected.")."
      \n"; } $addsummary .= "
      gT("Continue")."\"/>\n"; } else { include("access_denied.php"); } } else { include("access_denied.php"); } $addsummary .= "
      \n"; } function updateusergroup($name, $description, $ugid) { global $dbprefix, $scriptname, $connect; $uquery = "UPDATE ".db_table_name('user_groups')." SET name = '$name', description = '$description' WHERE ugid =$ugid"; // TODO return $connect->Execute($uquery) or safe_die($connect->ErrorMsg()) ; //Checked } function refreshtemplates() { global $connect ; global $dbprefix ; $template_a = gettemplatelist(); foreach ($template_a as $tp=>$fullpath) { // check for each folder if there is already an entry in the database // if not create it with current user as creator (user with rights "create user" can assign template rights) $query = "SELECT * FROM ".$dbprefix."templates WHERE folder LIKE '".$tp."'"; $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); //Checked if ($result->RecordCount() == 0) { $query2 = "INSERT INTO ".$dbprefix."templates (".db_quote_id('folder').",".db_quote_id('creator').") VALUES ('".$tp."', ".$_SESSION['loginID'].')' ; $connect->Execute($query2) or safe_die($connect->ErrorMsg()); //Checked } } return true; } // adds Usergroups in Database by Moses function addUserGroupInDB($group_name, $group_description) { global $connect; $iquery = "INSERT INTO ".db_table_name('user_groups')." (name, description, owner_id) VALUES('{$group_name}', '{$group_description}', '{$_SESSION['loginID']}')"; if($connect->Execute($iquery)) { //Checked $id = $connect->Insert_Id(db_table_name_nq('user_groups'),'ugid'); if($id > 0) { $iquery = "INSERT INTO ".db_table_name('user_in_groups')." VALUES($id, '{$_SESSION['loginID']}')"; $connect->Execute($iquery ) or safe_die($connect->ErrorMsg()); //Checked } return $id; } else { return -1; } } ?>