Merge lp:~dangarner/xibo/110-server into lp:~xibo-maintainers/xibo/encke
- 110-server
- Merge into encke
Proposed by
Dan Garner
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | not available | ||||
Proposed branch: | lp:~dangarner/xibo/110-server | ||||
Merge into: | lp:~xibo-maintainers/xibo/encke | ||||
Diff against target: |
1753 lines (+962/-426) 11 files modified
server/install/database/20.php (+41/-0) server/install/database/20.sql (+25/-0) server/install/database/21.sql (+5/-0) server/lib/data/usergroup.data.class.php (+259/-0) server/lib/include.php (+9/-2) server/lib/js/group.js (+27/-1) server/lib/pages/displaygroup.class.php (+3/-3) server/lib/pages/group.class.php (+173/-33) server/lib/pages/schedule.class.php (+2/-1) server/lib/pages/user.class.php (+352/-345) server/modules/module_user_general.php (+66/-41) |
||||
To merge this branch: | bzr merge lp:~dangarner/xibo/110-server | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Xibo Maintainters | Pending | ||
Review via email:
|
Commit message
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'server/install/database/20.php' | |||
2 | --- server/install/database/20.php 2009-10-14 18:15:10 +0000 | |||
3 | +++ server/install/database/20.php 2009-12-28 14:14:15 +0000 | |||
4 | @@ -36,6 +36,9 @@ | |||
5 | 36 | // Each schedule record needs to be altered so that the displayID_list now reflects the displayGroupIDs | 36 | // Each schedule record needs to be altered so that the displayID_list now reflects the displayGroupIDs |
6 | 37 | $this->UpdateSchedules(); | 37 | $this->UpdateSchedules(); |
7 | 38 | 38 | ||
8 | 39 | // Create groups for all current users | ||
9 | 40 | $this->UpdateUserGroups(); | ||
10 | 41 | |||
11 | 39 | return true; | 42 | return true; |
12 | 40 | } | 43 | } |
13 | 41 | 44 | ||
14 | @@ -129,5 +132,43 @@ | |||
15 | 129 | } | 132 | } |
16 | 130 | } | 133 | } |
17 | 131 | } | 134 | } |
18 | 135 | |||
19 | 136 | /** | ||
20 | 137 | * We need to update the user groups | ||
21 | 138 | */ | ||
22 | 139 | private function UpdateUserGroups() | ||
23 | 140 | { | ||
24 | 141 | $db =& $this->db; | ||
25 | 142 | |||
26 | 143 | // Get all the current users in the system | ||
27 | 144 | $SQL = "SELECT UserID, groupID, UserName FROM `user`"; | ||
28 | 145 | |||
29 | 146 | if (!$result = $db->query($SQL)) | ||
30 | 147 | { | ||
31 | 148 | trigger_error("Error creating user groups", E_USER_ERROR); | ||
32 | 149 | } | ||
33 | 150 | |||
34 | 151 | while ($row = $db->get_assoc_row($result)) | ||
35 | 152 | { | ||
36 | 153 | // For each display create a display group and link it to the display | ||
37 | 154 | $ugid = 0; | ||
38 | 155 | $userID = Kit::ValidateParam($row['UserID'], _INT); | ||
39 | 156 | $groupID = Kit::ValidateParam($row['groupID'], _INT); | ||
40 | 157 | $username = Kit::ValidateParam($row['UserName'], _STRING); | ||
41 | 158 | |||
42 | 159 | $ug = new UserGroup($db); | ||
43 | 160 | |||
44 | 161 | // For each one create a user specific group | ||
45 | 162 | if (!$ugId = $ug->Add($username, 1)) | ||
46 | 163 | { | ||
47 | 164 | trigger_error("Error creating user groups", E_USER_ERROR); | ||
48 | 165 | } | ||
49 | 166 | |||
50 | 167 | // Link to the users own userspecific group and also to the one they were already on | ||
51 | 168 | $ug->Link($ugId, $userID); | ||
52 | 169 | |||
53 | 170 | $ug->Link($groupID, $userID); | ||
54 | 171 | } | ||
55 | 172 | } | ||
56 | 132 | } | 173 | } |
57 | 133 | ?> | 174 | ?> |
58 | 134 | \ No newline at end of file | 175 | \ No newline at end of file |
59 | 135 | 176 | ||
60 | === modified file 'server/install/database/20.sql' | |||
61 | --- server/install/database/20.sql 2009-10-09 20:28:23 +0000 | |||
62 | +++ server/install/database/20.sql 2009-12-28 14:14:15 +0000 | |||
63 | @@ -147,6 +147,31 @@ | |||
64 | 147 | ALTER TABLE `schedule_detail` DROP INDEX `schedule_detail_ibfk_3`; | 147 | ALTER TABLE `schedule_detail` DROP INDEX `schedule_detail_ibfk_3`; |
65 | 148 | ALTER TABLE `schedule_detail` DROP INDEX `IM_SDT_DisplayID`; | 148 | ALTER TABLE `schedule_detail` DROP INDEX `IM_SDT_DisplayID`; |
66 | 149 | 149 | ||
67 | 150 | |||
68 | 151 | /* Users and Groups */ | ||
69 | 152 | CREATE TABLE IF NOT EXISTS `lkusergroup` ( | ||
70 | 153 | `LkUserGroupID` int(11) NOT NULL auto_increment, | ||
71 | 154 | `GroupID` int(11) NOT NULL, | ||
72 | 155 | `UserID` int(11) NOT NULL, | ||
73 | 156 | PRIMARY KEY (`LkUserGroupID`), | ||
74 | 157 | KEY `GroupID` (`GroupID`), | ||
75 | 158 | KEY `UserID` (`UserID`) | ||
76 | 159 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ; | ||
77 | 160 | |||
78 | 161 | /* Add the user specific flag to groups */ | ||
79 | 162 | ALTER TABLE `group` ADD `IsUserSpecific` TINYINT NOT NULL DEFAULT '0'; | ||
80 | 163 | |||
81 | 164 | |||
82 | 165 | /* Add contraints to the new table */ | ||
83 | 166 | ALTER TABLE `lkusergroup` ADD FOREIGN KEY ( `GroupID` ) REFERENCES `group` ( | ||
84 | 167 | `groupID` | ||
85 | 168 | ); | ||
86 | 169 | |||
87 | 170 | ALTER TABLE `lkusergroup` ADD FOREIGN KEY ( `UserID` ) REFERENCES `user` ( | ||
88 | 171 | `UserID` | ||
89 | 172 | ); | ||
90 | 173 | |||
91 | 174 | |||
92 | 150 | /* VERSION UPDATE */ | 175 | /* VERSION UPDATE */ |
93 | 151 | /* Set the version table, etc */ | 176 | /* Set the version table, etc */ |
94 | 152 | UPDATE `version` SET `app_ver` = '1.1.0'; | 177 | UPDATE `version` SET `app_ver` = '1.1.0'; |
95 | 153 | 178 | ||
96 | === modified file 'server/install/database/21.sql' | |||
97 | --- server/install/database/21.sql 2009-10-28 21:28:04 +0000 | |||
98 | +++ server/install/database/21.sql 2009-12-28 14:14:15 +0000 | |||
99 | @@ -8,6 +8,11 @@ | |||
100 | 8 | /* Request URI is too short of passing a lot of parameters in GET. Maybe we should use POST more? */ | 8 | /* Request URI is too short of passing a lot of parameters in GET. Maybe we should use POST more? */ |
101 | 9 | ALTER TABLE `log` CHANGE `RequestUri` `RequestUri` VARCHAR( 2000 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL; | 9 | ALTER TABLE `log` CHANGE `RequestUri` `RequestUri` VARCHAR( 2000 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL; |
102 | 10 | 10 | ||
103 | 11 | /* Remove the groupID from the user record. */ | ||
104 | 12 | ALTER TABLE `user` DROP FOREIGN KEY `user_ibfk_3` ; | ||
105 | 13 | |||
106 | 14 | ALTER TABLE `user` DROP `groupID` ; | ||
107 | 15 | |||
108 | 11 | /* VERSION UPDATE */ | 16 | /* VERSION UPDATE */ |
109 | 12 | /* Set the version table, etc */ | 17 | /* Set the version table, etc */ |
110 | 13 | UPDATE `setting` SET `value` = 0 WHERE `setting` = 'PHONE_HOME_DATE'; | 18 | UPDATE `setting` SET `value` = 0 WHERE `setting` = 'PHONE_HOME_DATE'; |
111 | 14 | 19 | ||
112 | === added file 'server/lib/data/usergroup.data.class.php' | |||
113 | --- server/lib/data/usergroup.data.class.php 1970-01-01 00:00:00 +0000 | |||
114 | +++ server/lib/data/usergroup.data.class.php 2009-12-28 14:14:15 +0000 | |||
115 | @@ -0,0 +1,259 @@ | |||
116 | 1 | <?php | ||
117 | 2 | /* | ||
118 | 3 | * Xibo - Digitial Signage - http://www.xibo.org.uk | ||
119 | 4 | * Copyright (C) 2009 Daniel Garner | ||
120 | 5 | * | ||
121 | 6 | * This file is part of Xibo. | ||
122 | 7 | * | ||
123 | 8 | * Xibo is free software: you can redistribute it and/or modify | ||
124 | 9 | * it under the terms of the GNU Affero General Public License as published by | ||
125 | 10 | * the Free Software Foundation, either version 3 of the License, or | ||
126 | 11 | * any later version. | ||
127 | 12 | * | ||
128 | 13 | * Xibo is distributed in the hope that it will be useful, | ||
129 | 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
130 | 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
131 | 16 | * GNU Affero General Public License for more details. | ||
132 | 17 | * | ||
133 | 18 | * You should have received a copy of the GNU Affero General Public License | ||
134 | 19 | * along with Xibo. If not, see <http://www.gnu.org/licenses/>. | ||
135 | 20 | */ | ||
136 | 21 | defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser."); | ||
137 | 22 | |||
138 | 23 | class UserGroup extends Data | ||
139 | 24 | { | ||
140 | 25 | public function __construct(database $db) | ||
141 | 26 | { | ||
142 | 27 | parent::__construct($db); | ||
143 | 28 | } | ||
144 | 29 | |||
145 | 30 | /** | ||
146 | 31 | * Adds a User Group to Xibo | ||
147 | 32 | * @return | ||
148 | 33 | * @param $UserGroup Object | ||
149 | 34 | * @param $isDisplaySpecific Object | ||
150 | 35 | * @param $description Object[optional] | ||
151 | 36 | */ | ||
152 | 37 | public function Add($group, $isUserSpecific) | ||
153 | 38 | { | ||
154 | 39 | $db =& $this->db; | ||
155 | 40 | |||
156 | 41 | Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Add'); | ||
157 | 42 | |||
158 | 43 | // Create the SQL | ||
159 | 44 | $SQL = ""; | ||
160 | 45 | $SQL .= "INSERT "; | ||
161 | 46 | $SQL .= "INTO `group` "; | ||
162 | 47 | $SQL .= " ( "; | ||
163 | 48 | $SQL .= " `group` , "; | ||
164 | 49 | $SQL .= " IsUserSpecific "; | ||
165 | 50 | $SQL .= " ) "; | ||
166 | 51 | $SQL .= " VALUES "; | ||
167 | 52 | $SQL .= " ( "; | ||
168 | 53 | $SQL .= sprintf(" '%s', ", $db->escape_string($group)); | ||
169 | 54 | $SQL .= sprintf(" %d ", $isUserSpecific); | ||
170 | 55 | $SQL .= " )"; | ||
171 | 56 | |||
172 | 57 | if (!$groupID = $db->insert_query($SQL)) | ||
173 | 58 | { | ||
174 | 59 | trigger_error($db->error()); | ||
175 | 60 | $this->SetError(25000, __('Could not add User Group')); | ||
176 | 61 | |||
177 | 62 | return false; | ||
178 | 63 | } | ||
179 | 64 | |||
180 | 65 | Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Add'); | ||
181 | 66 | |||
182 | 67 | return $groupID; | ||
183 | 68 | } | ||
184 | 69 | |||
185 | 70 | /** | ||
186 | 71 | * Edits an existing Xibo Display Group | ||
187 | 72 | * @return | ||
188 | 73 | * @param $userGroupID Object | ||
189 | 74 | * @param $UserGroup Object | ||
190 | 75 | */ | ||
191 | 76 | public function Edit($userGroupID, $userGroup) | ||
192 | 77 | { | ||
193 | 78 | $db =& $this->db; | ||
194 | 79 | |||
195 | 80 | Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Edit'); | ||
196 | 81 | |||
197 | 82 | // Create the SQL | ||
198 | 83 | $SQL = ""; | ||
199 | 84 | $SQL .= "UPDATE `group` "; | ||
200 | 85 | $SQL .= sprintf("SET `group` = '%s' ", $db->escape_string($userGroup)); | ||
201 | 86 | $SQL .= sprintf("WHERE GroupID = %d", $userGroupID); | ||
202 | 87 | |||
203 | 88 | if (!$db->query($SQL)) | ||
204 | 89 | { | ||
205 | 90 | trigger_error($db->error()); | ||
206 | 91 | $this->SetError(25005, __('Could not edit User Group')); | ||
207 | 92 | |||
208 | 93 | return false; | ||
209 | 94 | } | ||
210 | 95 | |||
211 | 96 | Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Edit'); | ||
212 | 97 | |||
213 | 98 | return true; | ||
214 | 99 | } | ||
215 | 100 | |||
216 | 101 | /** | ||
217 | 102 | * Deletes an Xibo User Group | ||
218 | 103 | * @return | ||
219 | 104 | * @param $userGroupID Object | ||
220 | 105 | */ | ||
221 | 106 | public function Delete($userGroupID) | ||
222 | 107 | { | ||
223 | 108 | $db =& $this->db; | ||
224 | 109 | |||
225 | 110 | Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Delete'); | ||
226 | 111 | |||
227 | 112 | $SQL = sprintf("DELETE FROM `group` WHERE GroupID = %d", $userGroupID); | ||
228 | 113 | |||
229 | 114 | Debug::LogEntry($db, 'audit', $SQL); | ||
230 | 115 | |||
231 | 116 | if (!$db->query($SQL)) | ||
232 | 117 | { | ||
233 | 118 | trigger_error($db->error()); | ||
234 | 119 | $this->SetError(25015,__('Unable to delete User Group.')); | ||
235 | 120 | return false; | ||
236 | 121 | } | ||
237 | 122 | |||
238 | 123 | Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Delete'); | ||
239 | 124 | |||
240 | 125 | return true; | ||
241 | 126 | } | ||
242 | 127 | |||
243 | 128 | /** | ||
244 | 129 | * Links a User to a User Group | ||
245 | 130 | * @return | ||
246 | 131 | * @param $userGroupID Object | ||
247 | 132 | * @param $userID Object | ||
248 | 133 | */ | ||
249 | 134 | public function Link($userGroupID, $userID) | ||
250 | 135 | { | ||
251 | 136 | $db =& $this->db; | ||
252 | 137 | |||
253 | 138 | Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Link'); | ||
254 | 139 | |||
255 | 140 | $SQL = ""; | ||
256 | 141 | $SQL .= "INSERT "; | ||
257 | 142 | $SQL .= "INTO lkusergroup "; | ||
258 | 143 | $SQL .= " ( "; | ||
259 | 144 | $SQL .= " GroupID, "; | ||
260 | 145 | $SQL .= " UserID "; | ||
261 | 146 | $SQL .= " ) "; | ||
262 | 147 | $SQL .= " VALUES "; | ||
263 | 148 | $SQL .= " ( "; | ||
264 | 149 | $SQL .= sprintf(" %d, %d ", $userGroupID, $userID); | ||
265 | 150 | $SQL .= " )"; | ||
266 | 151 | |||
267 | 152 | if (!$db->query($SQL)) | ||
268 | 153 | { | ||
269 | 154 | trigger_error($db->error()); | ||
270 | 155 | $this->SetError(25005, __('Could not Link User Group to User')); | ||
271 | 156 | |||
272 | 157 | return false; | ||
273 | 158 | } | ||
274 | 159 | |||
275 | 160 | Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Link'); | ||
276 | 161 | |||
277 | 162 | return true; | ||
278 | 163 | } | ||
279 | 164 | |||
280 | 165 | /** | ||
281 | 166 | * Unlinks a Display from a Display Group | ||
282 | 167 | * @return | ||
283 | 168 | * @param $userGroupID Object | ||
284 | 169 | * @param $userID Object | ||
285 | 170 | */ | ||
286 | 171 | public function Unlink($userGroupID, $userID) | ||
287 | 172 | { | ||
288 | 173 | $db =& $this->db; | ||
289 | 174 | |||
290 | 175 | Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'Unlink'); | ||
291 | 176 | |||
292 | 177 | $SQL = ""; | ||
293 | 178 | $SQL .= "DELETE FROM "; | ||
294 | 179 | $SQL .= " lkusergroup "; | ||
295 | 180 | $SQL .= sprintf(" WHERE GroupID = %d AND UserID = %d ", $userGroupID, $userID); | ||
296 | 181 | |||
297 | 182 | if (!$db->query($SQL)) | ||
298 | 183 | { | ||
299 | 184 | trigger_error($db->error()); | ||
300 | 185 | $this->SetError(25007, __('Could not Unlink User from User Group')); | ||
301 | 186 | |||
302 | 187 | return false; | ||
303 | 188 | } | ||
304 | 189 | |||
305 | 190 | Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'Unlink'); | ||
306 | 191 | |||
307 | 192 | return true; | ||
308 | 193 | } | ||
309 | 194 | |||
310 | 195 | /** | ||
311 | 196 | * Edits the User Group associated with a User | ||
312 | 197 | * @return | ||
313 | 198 | * @param $userID Object | ||
314 | 199 | * @param $userName Object | ||
315 | 200 | */ | ||
316 | 201 | public function EditUserGroup($userID, $userName) | ||
317 | 202 | { | ||
318 | 203 | $db =& $this->db; | ||
319 | 204 | |||
320 | 205 | Debug::LogEntry($db, 'audit', 'IN', 'UserGroup', 'EditUserGroup'); | ||
321 | 206 | |||
322 | 207 | // Get the UserGroupID for this UserID | ||
323 | 208 | $SQL = ""; | ||
324 | 209 | $SQL .= "SELECT `group`.GroupID "; | ||
325 | 210 | $SQL .= "FROM `group` "; | ||
326 | 211 | $SQL .= " INNER JOIN lkusergroup "; | ||
327 | 212 | $SQL .= " ON lkusergroup.GroupID = `group`.groupID "; | ||
328 | 213 | $SQL .= "WHERE `group`.IsUserSpecific = 1 "; | ||
329 | 214 | $SQL .= sprintf(" AND lkusergroup.UserID = %d", $userID); | ||
330 | 215 | |||
331 | 216 | if (!$result = $db->query($SQL)) | ||
332 | 217 | { | ||
333 | 218 | trigger_error($db->error()); | ||
334 | 219 | $this->SetError(25005, __('Unable to get the UserGroup for this User.')); | ||
335 | 220 | |||
336 | 221 | return false; | ||
337 | 222 | } | ||
338 | 223 | |||
339 | 224 | $row = $db->get_assoc_row($result); | ||
340 | 225 | $userGroupID = $row['GroupID']; | ||
341 | 226 | |||
342 | 227 | if ($userGroupID == '') | ||
343 | 228 | { | ||
344 | 229 | // We should always have 1 display specific UserGroup for a display. | ||
345 | 230 | // Do we a) Error here and give up? | ||
346 | 231 | // b) Create one and link it up? | ||
347 | 232 | // $this->SetError(25006, __('Unable to get the UserGroup for this Display')); | ||
348 | 233 | |||
349 | 234 | if (!$userGroupID = $this->Add($userName, 1)) | ||
350 | 235 | { | ||
351 | 236 | $this->SetError(25001, __('Could not add a user group for this user.')); | ||
352 | 237 | |||
353 | 238 | return false; | ||
354 | 239 | } | ||
355 | 240 | |||
356 | 241 | // Link the Two together | ||
357 | 242 | if (!$this->Link($userGroupID, $userID)) | ||
358 | 243 | { | ||
359 | 244 | $this->SetError(25001, __('Could not link the new user with its group.')); | ||
360 | 245 | |||
361 | 246 | return false; | ||
362 | 247 | } | ||
363 | 248 | } | ||
364 | 249 | else | ||
365 | 250 | { | ||
366 | 251 | if (!$this->Edit($userGroupID, $userName)) return false; | ||
367 | 252 | } | ||
368 | 253 | |||
369 | 254 | Debug::LogEntry($db, 'audit', 'OUT', 'UserGroup', 'EditUserGroup'); | ||
370 | 255 | |||
371 | 256 | return true; | ||
372 | 257 | } | ||
373 | 258 | } | ||
374 | 259 | ?> | ||
375 | 0 | \ No newline at end of file | 260 | \ No newline at end of file |
376 | 1 | 261 | ||
377 | === modified file 'server/lib/include.php' | |||
378 | --- server/lib/include.php 2009-05-16 18:40:19 +0000 | |||
379 | +++ server/lib/include.php 2009-12-28 14:14:15 +0000 | |||
380 | @@ -88,8 +88,15 @@ | |||
381 | 88 | // create a database class instance | 88 | // create a database class instance |
382 | 89 | $db = new database(); | 89 | $db = new database(); |
383 | 90 | 90 | ||
386 | 91 | if (!$db->connect_db($dbhost, $dbuser, $dbpass)) trigger_error($db->error(), E_USER_WARNING); | 91 | if (!$db->connect_db($dbhost, $dbuser, $dbpass)) |
387 | 92 | if (!$db->select_db($dbname)) trigger_error($db->error(), E_USER_WARNING); | 92 | { |
388 | 93 | die('Xibo has a database connection problem.'); | ||
389 | 94 | } | ||
390 | 95 | |||
391 | 96 | if (!$db->select_db($dbname)) | ||
392 | 97 | { | ||
393 | 98 | die('Xibo has a database connection problem.'); | ||
394 | 99 | } | ||
395 | 93 | 100 | ||
396 | 94 | date_default_timezone_set(Config::GetSetting($db, "defaultTimezone")); | 101 | date_default_timezone_set(Config::GetSetting($db, "defaultTimezone")); |
397 | 95 | 102 | ||
398 | 96 | 103 | ||
399 | === modified file 'server/lib/js/group.js' | |||
400 | --- server/lib/js/group.js 2009-01-04 12:59:11 +0000 | |||
401 | +++ server/lib/js/group.js 2009-12-28 14:14:15 +0000 | |||
402 | @@ -1,6 +1,6 @@ | |||
403 | 1 | /* | 1 | /* |
404 | 2 | * Xibo - Digitial Signage - http://www.xibo.org.uk | 2 | * Xibo - Digitial Signage - http://www.xibo.org.uk |
406 | 3 | * Copyright (C) 2006,2007,2008 Daniel Garner and James Packer | 3 | * Copyright (C) 2009 Daniel Garner |
407 | 4 | * | 4 | * |
408 | 5 | * This file is part of Xibo. | 5 | * This file is part of Xibo. |
409 | 6 | * | 6 | * |
410 | @@ -17,3 +17,29 @@ | |||
411 | 17 | * You should have received a copy of the GNU Affero General Public License | 17 | * You should have received a copy of the GNU Affero General Public License |
412 | 18 | * along with Xibo. If not, see <http://www.gnu.org/licenses/>. | 18 | * along with Xibo. If not, see <http://www.gnu.org/licenses/>. |
413 | 19 | */ | 19 | */ |
414 | 20 | function ManageMembersCallBack() | ||
415 | 21 | { | ||
416 | 22 | $("#usersIn, #usersOut").sortable({ | ||
417 | 23 | connectWith: '.connectedSortable', | ||
418 | 24 | dropOnEmpty: true | ||
419 | 25 | }).disableSelection(); | ||
420 | 26 | } | ||
421 | 27 | |||
422 | 28 | function MembersSubmit() { | ||
423 | 29 | // Serialise the form and then submit it via Ajax. | ||
424 | 30 | var href = $("#usersIn").attr('href') + "&ajax=true"; | ||
425 | 31 | |||
426 | 32 | // Get the two lists | ||
427 | 33 | serializedData = $("#usersIn").sortable('serialize'); | ||
428 | 34 | |||
429 | 35 | $.ajax({ | ||
430 | 36 | type: "post", | ||
431 | 37 | url: href, | ||
432 | 38 | cache: false, | ||
433 | 39 | dataType: "json", | ||
434 | 40 | data: serializedData, | ||
435 | 41 | success: XiboSubmitResponse | ||
436 | 42 | }); | ||
437 | 43 | |||
438 | 44 | return; | ||
439 | 45 | } | ||
440 | 20 | \ No newline at end of file | 46 | \ No newline at end of file |
441 | 21 | 47 | ||
442 | === modified file 'server/lib/pages/displaygroup.class.php' | |||
443 | --- server/lib/pages/displaygroup.class.php 2009-09-17 22:42:36 +0000 | |||
444 | +++ server/lib/pages/displaygroup.class.php 2009-12-28 14:14:15 +0000 | |||
445 | @@ -321,7 +321,7 @@ | |||
446 | 321 | if(!$resultIn = $db->query($SQL)) | 321 | if(!$resultIn = $db->query($SQL)) |
447 | 322 | { | 322 | { |
448 | 323 | trigger_error($db->error()); | 323 | trigger_error($db->error()); |
450 | 324 | trigger_error(__('Error getting Displays')); | 324 | trigger_error(__('Error getting Displays'), E_USER_ERROR); |
451 | 325 | } | 325 | } |
452 | 326 | 326 | ||
453 | 327 | // Displays not in group | 327 | // Displays not in group |
454 | @@ -340,7 +340,7 @@ | |||
455 | 340 | if(!$resultOut = $db->query($SQL)) | 340 | if(!$resultOut = $db->query($SQL)) |
456 | 341 | { | 341 | { |
457 | 342 | trigger_error($db->error()); | 342 | trigger_error($db->error()); |
459 | 343 | trigger_error(__('Error getting Displays')); | 343 | trigger_error(__('Error getting Displays'), E_USER_ERROR); |
460 | 344 | } | 344 | } |
461 | 345 | 345 | ||
462 | 346 | // Now we have an IN and an OUT results object which we can use to build our lists | 346 | // Now we have an IN and an OUT results object which we can use to build our lists |
463 | @@ -598,7 +598,7 @@ | |||
464 | 598 | if(!$resultIn = $db->query($SQL)) | 598 | if(!$resultIn = $db->query($SQL)) |
465 | 599 | { | 599 | { |
466 | 600 | trigger_error($db->error()); | 600 | trigger_error($db->error()); |
468 | 601 | trigger_error(__('Error getting Displays')); | 601 | trigger_error(__('Error getting Displays'), E_USER_ERROR); |
469 | 602 | } | 602 | } |
470 | 603 | 603 | ||
471 | 604 | while($row = $db->get_assoc_row($resultIn)) | 604 | while($row = $db->get_assoc_row($resultIn)) |
472 | 605 | 605 | ||
473 | === modified file 'server/lib/pages/group.class.php' | |||
474 | --- server/lib/pages/group.class.php 2009-07-10 19:45:55 +0000 | |||
475 | +++ server/lib/pages/group.class.php 2009-12-28 14:14:15 +0000 | |||
476 | @@ -1,7 +1,7 @@ | |||
477 | 1 | <?php | 1 | <?php |
478 | 2 | /* | 2 | /* |
479 | 3 | * Xibo - Digitial Signage - http://www.xibo.org.uk | 3 | * Xibo - Digitial Signage - http://www.xibo.org.uk |
481 | 4 | * Copyright (C) 2006,2007,2008 Daniel Garner and James Packer | 4 | * Copyright (C) 2006,2007,2008,2009 Daniel Garner and James Packer |
482 | 5 | * | 5 | * |
483 | 6 | * This file is part of Xibo. | 6 | * This file is part of Xibo. |
484 | 7 | * | 7 | * |
485 | @@ -25,7 +25,6 @@ | |||
486 | 25 | private $db; | 25 | private $db; |
487 | 26 | private $user; | 26 | private $user; |
488 | 27 | private $isadmin = false; | 27 | private $isadmin = false; |
489 | 28 | private $has_permissions = true; | ||
490 | 29 | 28 | ||
491 | 30 | private $sub_page = ""; | 29 | private $sub_page = ""; |
492 | 31 | 30 | ||
493 | @@ -33,9 +32,6 @@ | |||
494 | 33 | private $groupid; | 32 | private $groupid; |
495 | 34 | private $group = ""; | 33 | private $group = ""; |
496 | 35 | 34 | ||
497 | 36 | //lkpage group | ||
498 | 37 | private $lkpagegroupid; | ||
499 | 38 | private $pageid; | ||
500 | 39 | 35 | ||
501 | 40 | //init | 36 | //init |
502 | 41 | function __construct(database $db, user $user) | 37 | function __construct(database $db, user $user) |
503 | @@ -72,6 +68,9 @@ | |||
504 | 72 | 68 | ||
505 | 73 | $this->group = $aRow['Group']; | 69 | $this->group = $aRow['Group']; |
506 | 74 | } | 70 | } |
507 | 71 | |||
508 | 72 | // Include the group data classes | ||
509 | 73 | include_once('lib/data/usergroup.data.class.php'); | ||
510 | 75 | } | 74 | } |
511 | 76 | 75 | ||
512 | 77 | function on_page_load() | 76 | function on_page_load() |
513 | @@ -146,7 +145,7 @@ | |||
514 | 146 | SELECT group.group, | 145 | SELECT group.group, |
515 | 147 | group.groupID | 146 | group.groupID |
516 | 148 | FROM `group` | 147 | FROM `group` |
518 | 149 | WHERE 1 = 1 | 148 | WHERE IsUserSpecific = 0 |
519 | 150 | END; | 149 | END; |
520 | 151 | if ($filter_name != '') | 150 | if ($filter_name != '') |
521 | 152 | { | 151 | { |
522 | @@ -166,6 +165,7 @@ | |||
523 | 166 | $msgName = __('Name'); | 165 | $msgName = __('Name'); |
524 | 167 | $msgAction = __('Action'); | 166 | $msgAction = __('Action'); |
525 | 168 | $msgEdit = __('Edit'); | 167 | $msgEdit = __('Edit'); |
526 | 168 | $msgMembers = __('Group Members'); | ||
527 | 169 | $msgPageSec = __('Page Security'); | 169 | $msgPageSec = __('Page Security'); |
528 | 170 | $msgMenuSec = __('Menu Security'); | 170 | $msgMenuSec = __('Menu Security'); |
529 | 171 | $msgDispSec = __('Display Security'); | 171 | $msgDispSec = __('Display Security'); |
530 | @@ -200,9 +200,9 @@ | |||
531 | 200 | { | 200 | { |
532 | 201 | $buttons = <<<END | 201 | $buttons = <<<END |
533 | 202 | <button class="XiboFormButton" href="index.php?p=group&q=GroupForm&groupid=$groupid"><span>$msgEdit</span></button> | 202 | <button class="XiboFormButton" href="index.php?p=group&q=GroupForm&groupid=$groupid"><span>$msgEdit</span></button> |
534 | 203 | <button class="XiboFormButton" href="index.php?p=group&q=MembersForm&groupid=$groupid"><span>$msgMembers</span></button> | ||
535 | 203 | <button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=$groupid"><span>$msgPageSec</span></button> | 204 | <button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=$groupid"><span>$msgPageSec</span></button> |
536 | 204 | <button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=$groupid"><span>$msgMenuSec</span></button> | 205 | <button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=$groupid"><span>$msgMenuSec</span></button> |
537 | 205 | <button class="XiboFormButton" href="index.php?p=group&q=DisplayGroupSecurityForm&groupid=$groupid"><span>$msgDispSec</span></button> | ||
538 | 206 | <button class="XiboFormButton" href="index.php?p=group&q=delete_form&groupid=$groupid"><span>$msgDel</span></button> | 206 | <button class="XiboFormButton" href="index.php?p=group&q=delete_form&groupid=$groupid"><span>$msgDel</span></button> |
539 | 207 | END; | 207 | END; |
540 | 208 | } | 208 | } |
541 | @@ -471,32 +471,27 @@ | |||
542 | 471 | */ | 471 | */ |
543 | 472 | function add() | 472 | function add() |
544 | 473 | { | 473 | { |
571 | 474 | $db =& $this->db; | 474 | $db =& $this->db; |
572 | 475 | $group = Kit::GetParam('group', _POST, _STRING); | 475 | $response = new ResponseManager(); |
573 | 476 | $userid = $_SESSION['userid']; | 476 | |
574 | 477 | 477 | $group = Kit::GetParam('group', _POST, _STRING); | |
575 | 478 | //check on required fields | 478 | $userid = $_SESSION['userid']; |
576 | 479 | if ($group == "") | 479 | |
577 | 480 | { | 480 | //check on required fields |
578 | 481 | Kit::Redirect(array('success'=>false, 'message' => __('Group Name cannot be empty.'))); | 481 | if ($group == '') |
579 | 482 | } | 482 | { |
580 | 483 | 483 | trigger_error(__('Group Name cannot be empty.'), E_USER_ERROR); | |
581 | 484 | //add the group record | 484 | } |
582 | 485 | $SQL = "INSERT INTO `group` (`group`) "; | 485 | |
583 | 486 | $SQL .= sprintf(" VALUES ('%s') ", $db->escape_string($group)); | 486 | $userGroupObject = new UserGroup($db); |
584 | 487 | 487 | ||
585 | 488 | if (!$db->query($SQL)) | 488 | if (!$userGroupObject->Add($group, 0)) |
586 | 489 | { | 489 | { |
587 | 490 | trigger_error($db->error()); | 490 | trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR); |
588 | 491 | Kit::Redirect(array('success'=>false, 'message' => __('Error adding a new group.'))); | 491 | } |
589 | 492 | } | 492 | |
590 | 493 | 493 | $response->SetFormSubmitResponse(__('Added the Group'), false); | |
591 | 494 | // Construct the Response | 494 | $response->Respond(); |
566 | 495 | $response = array(); | ||
567 | 496 | $response['success'] = true; | ||
568 | 497 | $response['message'] = __('Added the Group'); | ||
569 | 498 | |||
570 | 499 | Kit::Redirect($response); | ||
592 | 500 | } | 495 | } |
593 | 501 | 496 | ||
594 | 502 | /** | 497 | /** |
595 | @@ -828,5 +823,150 @@ | |||
596 | 828 | 823 | ||
597 | 829 | Kit::Redirect($response); | 824 | Kit::Redirect($response); |
598 | 830 | } | 825 | } |
599 | 826 | |||
600 | 827 | /** | ||
601 | 828 | * Shows the Members of a Group | ||
602 | 829 | */ | ||
603 | 830 | public function MembersForm() | ||
604 | 831 | { | ||
605 | 832 | $db =& $this->db; | ||
606 | 833 | $response = new ResponseManager(); | ||
607 | 834 | $groupID = Kit::GetParam('groupid', _REQUEST, _INT); | ||
608 | 835 | |||
609 | 836 | // There needs to be two lists here. | ||
610 | 837 | |||
611 | 838 | // Users in group | ||
612 | 839 | $SQL = ""; | ||
613 | 840 | $SQL .= "SELECT user.UserID, "; | ||
614 | 841 | $SQL .= " user.UserName "; | ||
615 | 842 | $SQL .= "FROM `user` "; | ||
616 | 843 | $SQL .= " INNER JOIN lkusergroup "; | ||
617 | 844 | $SQL .= " ON lkusergroup.UserID = user.UserID "; | ||
618 | 845 | $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID); | ||
619 | 846 | |||
620 | 847 | if(!$resultIn = $db->query($SQL)) | ||
621 | 848 | { | ||
622 | 849 | trigger_error($db->error()); | ||
623 | 850 | trigger_error(__('Error getting Groups'), E_USER_ERROR); | ||
624 | 851 | } | ||
625 | 852 | |||
626 | 853 | // Users not in group | ||
627 | 854 | $SQL = ""; | ||
628 | 855 | $SQL .= "SELECT user.UserID, "; | ||
629 | 856 | $SQL .= " user.UserName "; | ||
630 | 857 | $SQL .= "FROM `user` "; | ||
631 | 858 | $SQL .= " WHERE user.UserID NOT IN ( "; | ||
632 | 859 | $SQL .= " SELECT user.UserID "; | ||
633 | 860 | $SQL .= " FROM `user` "; | ||
634 | 861 | $SQL .= " INNER JOIN lkusergroup "; | ||
635 | 862 | $SQL .= " ON lkusergroup.UserID = user.UserID "; | ||
636 | 863 | $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID); | ||
637 | 864 | $SQL .= " )"; | ||
638 | 865 | |||
639 | 866 | if(!$resultOut = $db->query($SQL)) | ||
640 | 867 | { | ||
641 | 868 | trigger_error($db->error()); | ||
642 | 869 | trigger_error(__('Error getting Users'), E_USER_ERROR); | ||
643 | 870 | } | ||
644 | 871 | |||
645 | 872 | // Now we have an IN and an OUT results object which we can use to build our lists | ||
646 | 873 | $listIn = '<ul id="usersIn" href="index.php?p=group&q=SetMembers&GroupID=' . $groupID . '" class="connectedSortable">'; | ||
647 | 874 | |||
648 | 875 | while($row = $db->get_assoc_row($resultIn)) | ||
649 | 876 | { | ||
650 | 877 | // For each item output a LI | ||
651 | 878 | $userID = Kit::ValidateParam($row['UserID'], _INT); | ||
652 | 879 | $userName = Kit::ValidateParam($row['UserName'], _STRING); | ||
653 | 880 | |||
654 | 881 | $listIn .= '<li id="UserID_' . $userID . '"class="li-sortable">' . $userName . '</li>'; | ||
655 | 882 | } | ||
656 | 883 | $listIn .= '</ul>'; | ||
657 | 884 | |||
658 | 885 | $listOut = '<ul id="usersOut" class="connectedSortable">'; | ||
659 | 886 | |||
660 | 887 | while($row = $db->get_assoc_row($resultOut)) | ||
661 | 888 | { | ||
662 | 889 | // For each item output a LI | ||
663 | 890 | $userID = Kit::ValidateParam($row['UserID'], _INT); | ||
664 | 891 | $userName = Kit::ValidateParam($row['UserName'], _STRING); | ||
665 | 892 | |||
666 | 893 | $listOut .= '<li id="UserID_' . $userID . '" class="li-sortable">' . $userName . '</li>'; | ||
667 | 894 | } | ||
668 | 895 | $listOut .= '</ul>'; | ||
669 | 896 | |||
670 | 897 | // Build the final form. | ||
671 | 898 | $form = '<div class="connectedlist"><h3>Members</h3>' . $listIn . '</div><div class="connectedlist"><h3>Non-members</h3>' . $listOut . '</div>'; | ||
672 | 899 | |||
673 | 900 | $response->SetFormRequestResponse($form, __('Manage Membership'), '400', '375', 'ManageMembersCallBack'); | ||
674 | 901 | $response->AddButton(__('Help'), "XiboHelpRender('index.php?p=help&q=Display&Topic=Users&Category=Groups')"); | ||
675 | 902 | $response->AddButton(__('Cancel'), 'XiboDialogClose()'); | ||
676 | 903 | $response->AddButton(__('Save'), 'MembersSubmit()'); | ||
677 | 904 | $response->Respond(); | ||
678 | 905 | } | ||
679 | 906 | |||
680 | 907 | /** | ||
681 | 908 | * Sets the Members of a group | ||
682 | 909 | * @return | ||
683 | 910 | */ | ||
684 | 911 | public function SetMembers() | ||
685 | 912 | { | ||
686 | 913 | $db =& $this->db; | ||
687 | 914 | $response = new ResponseManager(); | ||
688 | 915 | $groupObject = new UserGroup($db); | ||
689 | 916 | |||
690 | 917 | $groupID = Kit::GetParam('GroupID', _REQUEST, _INT); | ||
691 | 918 | $users = Kit::GetParam('UserID', _POST, _ARRAY, array()); | ||
692 | 919 | $members = array(); | ||
693 | 920 | |||
694 | 921 | // Users in group | ||
695 | 922 | $SQL = ""; | ||
696 | 923 | $SQL .= "SELECT user.UserID, "; | ||
697 | 924 | $SQL .= " user.UserName "; | ||
698 | 925 | $SQL .= "FROM `user` "; | ||
699 | 926 | $SQL .= " INNER JOIN lkusergroup "; | ||
700 | 927 | $SQL .= " ON lkusergroup.UserID = user.UserID "; | ||
701 | 928 | $SQL .= sprintf("WHERE lkusergroup.GroupID = %d", $groupID); | ||
702 | 929 | |||
703 | 930 | if(!$resultIn = $db->query($SQL)) | ||
704 | 931 | { | ||
705 | 932 | trigger_error($db->error()); | ||
706 | 933 | trigger_error(__('Error getting Users')); | ||
707 | 934 | } | ||
708 | 935 | |||
709 | 936 | while($row = $db->get_assoc_row($resultIn)) | ||
710 | 937 | { | ||
711 | 938 | // Test whether this ID is in the array or not | ||
712 | 939 | $userID = Kit::ValidateParam($row['UserID'], _INT); | ||
713 | 940 | |||
714 | 941 | if(!in_array($userID, $users)) | ||
715 | 942 | { | ||
716 | 943 | // Its currently assigned but not in the $displays array | ||
717 | 944 | // so we unassign | ||
718 | 945 | if (!$groupObject->Unlink($groupID, $userID)) | ||
719 | 946 | { | ||
720 | 947 | trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR); | ||
721 | 948 | } | ||
722 | 949 | } | ||
723 | 950 | else | ||
724 | 951 | { | ||
725 | 952 | $members[] = $userID; | ||
726 | 953 | } | ||
727 | 954 | } | ||
728 | 955 | |||
729 | 956 | foreach($users as $userID) | ||
730 | 957 | { | ||
731 | 958 | // Add any that are missing | ||
732 | 959 | if(!in_array($userID, $members)) | ||
733 | 960 | { | ||
734 | 961 | if (!$groupObject->Link($groupID, $userID)) | ||
735 | 962 | { | ||
736 | 963 | trigger_error($groupObject->GetErrorMessage(), E_USER_ERROR); | ||
737 | 964 | } | ||
738 | 965 | } | ||
739 | 966 | } | ||
740 | 967 | |||
741 | 968 | $response->SetFormSubmitResponse(__('Group membership set'), false); | ||
742 | 969 | $response->Respond(); | ||
743 | 970 | } | ||
744 | 831 | } | 971 | } |
745 | 832 | ?> | 972 | ?> |
746 | 833 | \ No newline at end of file | 973 | \ No newline at end of file |
747 | 834 | 974 | ||
748 | === modified file 'server/lib/pages/schedule.class.php' | |||
749 | --- server/lib/pages/schedule.class.php 2009-10-28 20:03:37 +0000 | |||
750 | +++ server/lib/pages/schedule.class.php 2009-12-28 14:14:15 +0000 | |||
751 | @@ -1073,6 +1073,7 @@ | |||
752 | 1073 | 1073 | ||
753 | 1074 | $date = Kit::GetParam('date', _GET, _INT, mktime(date('H'), 0, 0, date('m'), date('d'), date('Y'))); | 1074 | $date = Kit::GetParam('date', _GET, _INT, mktime(date('H'), 0, 0, date('m'), date('d'), date('Y'))); |
754 | 1075 | $dateText = date("d/m/Y", $date); | 1075 | $dateText = date("d/m/Y", $date); |
755 | 1076 | $hiddenDateText = date("m/d/Y", $date); | ||
756 | 1076 | $displayGroupIDs = Kit::GetParam('DisplayGroupIDs', _SESSION, _ARRAY); | 1077 | $displayGroupIDs = Kit::GetParam('DisplayGroupIDs', _SESSION, _ARRAY); |
757 | 1077 | 1078 | ||
758 | 1078 | // need to do some user checking here | 1079 | // need to do some user checking here |
759 | @@ -1087,7 +1088,7 @@ | |||
760 | 1087 | 1088 | ||
761 | 1088 | $form = <<<END | 1089 | $form = <<<END |
762 | 1089 | <form id="AddEventForm" class="XiboForm" action="index.php?p=schedule&q=AddEvent" method="post"> | 1090 | <form id="AddEventForm" class="XiboForm" action="index.php?p=schedule&q=AddEvent" method="post"> |
764 | 1090 | <input type="hidden" id="fromdt" name="fromdt" value="" /> | 1091 | <input type="hidden" id="fromdt" name="fromdt" value="$hiddenDateText" /> |
765 | 1091 | <input type="hidden" id="todt" name="todt" value="" /> | 1092 | <input type="hidden" id="todt" name="todt" value="" /> |
766 | 1092 | <input type="hidden" id="rectodt" name="rectodt" value="" /> | 1093 | <input type="hidden" id="rectodt" name="rectodt" value="" /> |
767 | 1093 | <table style="width:100%;"> | 1094 | <table style="width:100%;"> |
768 | 1094 | 1095 | ||
769 | === modified file 'server/lib/pages/user.class.php' | |||
770 | --- server/lib/pages/user.class.php 2009-10-28 21:28:04 +0000 | |||
771 | +++ server/lib/pages/user.class.php 2009-12-28 14:14:15 +0000 | |||
772 | @@ -26,15 +26,6 @@ | |||
773 | 26 | private $user; | 26 | private $user; |
774 | 27 | private $sub_page; | 27 | private $sub_page; |
775 | 28 | 28 | ||
776 | 29 | //database fields | ||
777 | 30 | private $userid; | ||
778 | 31 | private $username; | ||
779 | 32 | private $password; | ||
780 | 33 | private $usertypeid; | ||
781 | 34 | private $email; | ||
782 | 35 | private $homepage; | ||
783 | 36 | private $groupid; | ||
784 | 37 | |||
785 | 38 | /** | 29 | /** |
786 | 39 | * Contructor | 30 | * Contructor |
787 | 40 | * | 31 | * |
788 | @@ -43,33 +34,11 @@ | |||
789 | 43 | */ | 34 | */ |
790 | 44 | function __construct(database $db, user $user) | 35 | function __construct(database $db, user $user) |
791 | 45 | { | 36 | { |
819 | 46 | $this->db =& $db; | 37 | $this->db =& $db; |
820 | 47 | $this->user =& $user; | 38 | $this->user =& $user; |
821 | 48 | 39 | ||
822 | 49 | $this->sub_page = Kit::GetParam('sp', _REQUEST, _WORD, 'view'); | 40 | // Include the group data classes |
823 | 50 | $userid = Kit::GetParam('userID', _REQUEST, _INT, 0); | 41 | include_once('lib/data/usergroup.data.class.php'); |
797 | 51 | |||
798 | 52 | if($userid != 0) | ||
799 | 53 | { | ||
800 | 54 | $this->sub_page = "edit"; | ||
801 | 55 | |||
802 | 56 | $this->userid = $userid; | ||
803 | 57 | |||
804 | 58 | $sql = " SELECT UserName, UserPassword, usertypeid, email, groupID, homepage FROM user"; | ||
805 | 59 | $sql .= sprintf(" WHERE userID = %d", $userid); | ||
806 | 60 | |||
807 | 61 | if(!$results = $db->query($sql)) trigger_error("Error excuting query".$db->error(), E_USER_ERROR); | ||
808 | 62 | |||
809 | 63 | while($aRow = $db->get_row($results)) | ||
810 | 64 | { | ||
811 | 65 | $this->username = Kit::ValidateParam($aRow[0], _USERNAME); | ||
812 | 66 | $this->password = Kit::ValidateParam($aRow[1], _PASSWORD); | ||
813 | 67 | $this->usertypeid = Kit::ValidateParam($aRow[2], _INT); | ||
814 | 68 | $this->email = Kit::ValidateParam($aRow[3], _STRING); | ||
815 | 69 | $this->groupid = Kit::ValidateParam($aRow[4], _INT); | ||
816 | 70 | $this->homepage = Kit::ValidateParam($aRow[5], _STRING); | ||
817 | 71 | } | ||
818 | 72 | } | ||
824 | 73 | } | 42 | } |
825 | 74 | 43 | ||
826 | 75 | function on_page_load() | 44 | function on_page_load() |
827 | @@ -90,61 +59,77 @@ | |||
828 | 90 | */ | 59 | */ |
829 | 91 | function AddUser () | 60 | function AddUser () |
830 | 92 | { | 61 | { |
886 | 93 | $db =& $this->db; | 62 | $db =& $this->db; |
887 | 94 | $response = new ResponseManager(); | 63 | $response = new ResponseManager(); |
888 | 95 | 64 | ||
889 | 96 | $user = Kit::GetParam('username', _POST, _USERNAME); | 65 | $username = Kit::GetParam('username', _POST, _STRING); |
890 | 97 | $password = md5(Kit::GetParam('password', _POST, _USERNAME)); | 66 | $password = Kit::GetParam('password', _POST, _STRING); |
891 | 98 | $usertypeid = Kit::GetParam('usertypeid', _POST, _INT); | 67 | $password = md5($password); |
892 | 99 | $email = Kit::GetParam('email', _POST, _STRING); | 68 | $email = Kit::GetParam('email', _POST, _STRING); |
893 | 100 | $groupid = Kit::GetParam('groupid', _POST, _INT); | 69 | $usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0); |
894 | 101 | 70 | $homepage = Kit::GetParam('homepage', _POST, _STRING); | |
895 | 102 | // Construct the Homepage | 71 | $pass_change = isset($_POST['pass_change']); |
896 | 103 | $homepage = "dashboard"; | 72 | |
897 | 104 | 73 | // Construct the Homepage | |
898 | 105 | // Validation | 74 | $homepage = "dashboard"; |
899 | 106 | if ($user=="") | 75 | |
900 | 107 | { | 76 | // Validation |
901 | 108 | trigger_error("Please enter a User Name.", E_USER_ERROR); | 77 | if ($username=="") |
902 | 109 | } | 78 | { |
903 | 110 | if ($password=="") | 79 | trigger_error("Please enter a User Name.", E_USER_ERROR); |
904 | 111 | { | 80 | } |
905 | 112 | trigger_error("Please enter a Password.", E_USER_ERROR); | 81 | if ($password=="") |
906 | 113 | } | 82 | { |
907 | 114 | if ($email == "") | 83 | trigger_error("Please enter a Password.", E_USER_ERROR); |
908 | 115 | { | 84 | } |
909 | 116 | trigger_error("Please enter an Email Address.", E_USER_ERROR); | 85 | if ($email == "") |
910 | 117 | } | 86 | { |
911 | 118 | 87 | trigger_error("Please enter an Email Address.", E_USER_ERROR); | |
912 | 119 | if ($homepage == "") $homepage = "dashboard"; | 88 | } |
913 | 120 | 89 | ||
914 | 121 | //Check for duplicate user name | 90 | if ($homepage == "") $homepage = "dashboard"; |
915 | 122 | $sqlcheck = " "; | 91 | |
916 | 123 | $sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($user)); | 92 | //Check for duplicate user name |
917 | 124 | 93 | $sqlcheck = " "; | |
918 | 125 | if(!$sqlcheckresult = $db->query($sqlcheck)) | 94 | $sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($username)); |
919 | 126 | { | 95 | |
920 | 127 | trigger_error($db->error()); | 96 | if(!$sqlcheckresult = $db->query($sqlcheck)) |
921 | 128 | trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR); | 97 | { |
922 | 129 | } | 98 | trigger_error($db->error()); |
923 | 130 | 99 | trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR); | |
924 | 131 | if($db->num_rows($sqlcheckresult) != 0) | 100 | } |
925 | 132 | { | 101 | |
926 | 133 | trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR); | 102 | if($db->num_rows($sqlcheckresult) != 0) |
927 | 134 | } | 103 | { |
928 | 135 | 104 | trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR); | |
929 | 136 | //Ready to enter the user into the database | 105 | } |
930 | 137 | $query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage, groupid)"; | 106 | |
931 | 138 | $query .= " VALUES ('$user', '$password', $usertypeid, '$email', '$homepage', $groupid)"; | 107 | //Ready to enter the user into the database |
932 | 139 | 108 | $query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)"; | |
933 | 140 | if(!$id = $db->insert_query($query)) | 109 | $query .= " VALUES ('$username', '$password', $usertypeid, '$email', '$homepage')"; |
934 | 141 | { | 110 | |
935 | 142 | trigger_error($db->error()); | 111 | if(!$id = $db->insert_query($query)) |
936 | 143 | trigger_error("Error adding that user", E_USER_ERROR); | 112 | { |
937 | 144 | } | 113 | trigger_error($db->error()); |
938 | 145 | 114 | trigger_error("Error adding that user", E_USER_ERROR); | |
939 | 146 | $response->SetFormSubmitResponse('User Saved.'); | 115 | } |
940 | 147 | $response->Respond(); | 116 | |
941 | 117 | // Add the user group | ||
942 | 118 | $userGroupObject = new UserGroup($db); | ||
943 | 119 | |||
944 | 120 | if (!$groupID = $userGroupObject->Add($username, 1)) | ||
945 | 121 | { | ||
946 | 122 | // We really want to delete the new user... | ||
947 | 123 | //TODO: Delete the new user | ||
948 | 124 | |||
949 | 125 | // And then error | ||
950 | 126 | trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR); | ||
951 | 127 | } | ||
952 | 128 | |||
953 | 129 | $userGroupObject->Link($groupID, $id); | ||
954 | 130 | |||
955 | 131 | $response->SetFormSubmitResponse('User Saved.'); | ||
956 | 132 | $response->Respond(); | ||
957 | 148 | } | 133 | } |
958 | 149 | 134 | ||
959 | 150 | /** | 135 | /** |
960 | @@ -154,79 +139,90 @@ | |||
961 | 154 | */ | 139 | */ |
962 | 155 | function EditUser() | 140 | function EditUser() |
963 | 156 | { | 141 | { |
1037 | 157 | $db =& $this->db; | 142 | $db =& $this->db; |
1038 | 158 | $response = new ResponseManager(); | 143 | $response = new ResponseManager(); |
1039 | 159 | 144 | ||
1040 | 160 | $error = ""; | 145 | $userID = Kit::GetParam('userid', _POST, _INT, 0); |
1041 | 161 | 146 | $username = Kit::GetParam('username', _POST, _STRING); | |
1042 | 162 | $userID = Kit::GetParam('userid', _POST, _INT, 0); | 147 | $password = Kit::GetParam('password', _POST, _STRING); |
1043 | 163 | $username = $_POST['username']; | 148 | $password = md5($password); |
1044 | 164 | $password = md5($_POST['password']); | 149 | $email = Kit::GetParam('email', _POST, _STRING); |
1045 | 165 | $email = $_POST['email']; | 150 | $usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0); |
1046 | 166 | $usertypeid = $_POST['usertypeid']; | 151 | $homepage = Kit::GetParam('homepage', _POST, _STRING); |
1047 | 167 | $homepage = $_POST['homepage']; | 152 | $pass_change = isset($_POST['pass_change']); |
1048 | 168 | $groupid = $_POST['groupid']; | 153 | |
1049 | 169 | $pass_change = isset($_POST['pass_change']); | 154 | // Validation |
1050 | 170 | 155 | if ($username == "") | |
1051 | 171 | // Validation | 156 | { |
1052 | 172 | if ($username == "") | 157 | trigger_error("Please enter a User Name.", E_USER_ERROR); |
1053 | 173 | { | 158 | } |
1054 | 174 | trigger_error("Please enter a User Name.", E_USER_ERROR); | 159 | if ($password == "") |
1055 | 175 | } | 160 | { |
1056 | 176 | if ($password == "") | 161 | trigger_error("Please enter a Password.", E_USER_ERROR); |
1057 | 177 | { | 162 | } |
1058 | 178 | trigger_error("Please enter a Password.", E_USER_ERROR); | 163 | if ($email == "") |
1059 | 179 | } | 164 | { |
1060 | 180 | if ($email == "") | 165 | trigger_error("Please enter an Email Address.", E_USER_ERROR); |
1061 | 181 | { | 166 | } |
1062 | 182 | trigger_error("Please enter an Email Address.", E_USER_ERROR); | 167 | |
1063 | 183 | } | 168 | if ($homepage == "") $homepage = "dashboard"; |
1064 | 184 | 169 | ||
1065 | 185 | if ($homepage == "") $homepage = "dashboard"; | 170 | //Check for duplicate user name |
1066 | 186 | 171 | $sqlcheck = " "; | |
1067 | 187 | //Check for duplicate user name | 172 | $sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID "; |
1068 | 188 | $sqlcheck = " "; | 173 | |
1069 | 189 | $sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID "; | 174 | if (!$sqlcheckresult = $db->query($sqlcheck)) |
1070 | 190 | 175 | { | |
1071 | 191 | if (!$sqlcheckresult = $db->query($sqlcheck)) | 176 | trigger_error($db->error()); |
1072 | 192 | { | 177 | trigger_error(__("Cant get this user's name. Please try another."), E_USER_ERROR); |
1073 | 193 | trigger_error($db->error()); | 178 | } |
1074 | 194 | trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR); | 179 | |
1075 | 195 | } | 180 | if ($db->num_rows($sqlcheckresult) != 0) |
1076 | 196 | 181 | { | |
1077 | 197 | if ($db->num_rows($sqlcheckresult) != 0) | 182 | trigger_error(__("Could Not Complete, Duplicate User Name Exists"), E_USER_ERROR); |
1078 | 198 | { | 183 | } |
1079 | 199 | trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR); | 184 | |
1080 | 200 | } | 185 | //Everything is ok - run the update |
1081 | 201 | 186 | $sql = "UPDATE user SET UserName = '$username'"; | |
1082 | 202 | //Everything is ok - run the update | 187 | if ($pass_change) |
1083 | 203 | $sql = "UPDATE user SET UserName = '$username'"; | 188 | { |
1084 | 204 | if ($pass_change) | 189 | $sql .= ", UserPassword = '$password'"; |
1085 | 205 | { | 190 | } |
1086 | 206 | $sql .= ", UserPassword = '$password'"; | 191 | |
1087 | 207 | } | 192 | $sql .= ", email = '$email' "; |
1088 | 208 | 193 | if ($homepage == 'dashboard') | |
1089 | 209 | $sql .= ", email = '$email' "; | 194 | { |
1090 | 210 | if ($homepage == 'dashboard') | 195 | //acts as a reset |
1091 | 211 | { | 196 | $sql .= ", homepage='$homepage' "; |
1092 | 212 | //acts as a reset | 197 | } |
1093 | 213 | $sql .= ", homepage='$homepage' "; | 198 | |
1094 | 214 | } | 199 | if ($usertypeid != "") |
1095 | 215 | 200 | { | |
1096 | 216 | if ($usertypeid != "") | 201 | $sql .= ", usertypeid = " . $usertypeid; |
1097 | 217 | { | 202 | } |
1098 | 218 | $sql .= ", usertypeid = " . $usertypeid . ", groupID = $groupid "; | 203 | |
1099 | 219 | } | 204 | $sql .= " WHERE UserID = ". $userID . ""; |
1100 | 220 | $sql .= " WHERE UserID = ". $userID . ""; | 205 | |
1101 | 221 | 206 | if (!$db->query($sql)) | |
1102 | 222 | if (!$db->query($sql)) | 207 | { |
1103 | 223 | { | 208 | trigger_error($db->error()); |
1104 | 224 | trigger_error($db->error()); | 209 | trigger_error("Error updating that user", E_USER_ERROR); |
1105 | 225 | trigger_error("Error updating that user", E_USER_ERROR); | 210 | } |
1106 | 226 | } | 211 | |
1107 | 227 | 212 | // Update the group to follow suit | |
1108 | 228 | $response->SetFormSubmitResponse('User Saved.'); | 213 | $userGroupObject = new UserGroup($db); |
1109 | 229 | $response->Respond(); | 214 | |
1110 | 215 | if (!$userGroupObject->EditUserGroup($userID, $username)) | ||
1111 | 216 | { | ||
1112 | 217 | // We really want to delete the new user... | ||
1113 | 218 | //TODO: Delete the new user | ||
1114 | 219 | |||
1115 | 220 | // And then error | ||
1116 | 221 | trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR); | ||
1117 | 222 | } | ||
1118 | 223 | |||
1119 | 224 | $response->SetFormSubmitResponse('User Saved.'); | ||
1120 | 225 | $response->Respond(); | ||
1121 | 230 | } | 226 | } |
1122 | 231 | 227 | ||
1123 | 232 | /** | 228 | /** |
1124 | @@ -237,30 +233,44 @@ | |||
1125 | 237 | */ | 233 | */ |
1126 | 238 | function DeleteUser() | 234 | function DeleteUser() |
1127 | 239 | { | 235 | { |
1152 | 240 | $db =& $this->db; | 236 | $db =& $this->db; |
1153 | 241 | $response = new ResponseManager(); | 237 | $user =& $this->user; |
1154 | 242 | $userid = Kit::GetParam('userid', _POST, _INT, 0); | 238 | |
1155 | 243 | 239 | $response = new ResponseManager(); | |
1156 | 244 | $sqldel = "DELETE FROM user"; | 240 | $userid = Kit::GetParam('userid', _POST, _INT, 0); |
1157 | 245 | $sqldel .= " WHERE UserID = ". $userid . ""; | 241 | $groupID = $user->getGroupFromID($userid, true); |
1158 | 246 | 242 | ||
1159 | 247 | if (!$db->query($sqldel)) | 243 | // Firstly delete the group for this user |
1160 | 248 | { | 244 | $userGroupObject = new UserGroup($db); |
1161 | 249 | trigger_error($db->error()); | 245 | |
1162 | 250 | trigger_error("This user has been active, you may only retire them.", E_USER_ERROR); | 246 | $userGroupObject->Unlink($groupID, $userid); |
1163 | 251 | } | 247 | |
1164 | 252 | 248 | if (!$userGroupObject->Delete($groupID)) | |
1165 | 253 | // We should delete this users sessions record. | 249 | { |
1166 | 254 | $SQL = "DELETE FROM session WHERE userID = $userid "; | 250 | trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR); |
1167 | 255 | 251 | } | |
1168 | 256 | if (!$db->query($sqldel)) | 252 | |
1169 | 257 | { | 253 | // Delete the user |
1170 | 258 | trigger_error($db->error()); | 254 | $sqldel = "DELETE FROM user"; |
1171 | 259 | trigger_error("If logged in, this user will be deleted once they log out.", E_USER_ERROR); | 255 | $sqldel .= " WHERE UserID = ". $userid . ""; |
1172 | 260 | } | 256 | |
1173 | 261 | 257 | if (!$db->query($sqldel)) | |
1174 | 262 | $response->SetFormSubmitResponse('User Deleted.'); | 258 | { |
1175 | 263 | $response->Respond(); | 259 | trigger_error($db->error()); |
1176 | 260 | trigger_error(__("This user has been active, you may only retire them."), E_USER_ERROR); | ||
1177 | 261 | } | ||
1178 | 262 | |||
1179 | 263 | // We should delete this users sessions record. | ||
1180 | 264 | $SQL = "DELETE FROM session WHERE userID = $userid "; | ||
1181 | 265 | |||
1182 | 266 | if (!$db->query($sqldel)) | ||
1183 | 267 | { | ||
1184 | 268 | trigger_error($db->error()); | ||
1185 | 269 | trigger_error(__("If logged in, this user will be deleted once they log out."), E_USER_ERROR); | ||
1186 | 270 | } | ||
1187 | 271 | |||
1188 | 272 | $response->SetFormSubmitResponse(__('User Deleted.')); | ||
1189 | 273 | $response->Respond(); | ||
1190 | 264 | } | 274 | } |
1191 | 265 | 275 | ||
1192 | 266 | /** | 276 | /** |
1193 | @@ -276,21 +286,20 @@ | |||
1194 | 276 | $itemName = $_REQUEST['usertypeid']; | 286 | $itemName = $_REQUEST['usertypeid']; |
1195 | 277 | $username = $_REQUEST['username']; | 287 | $username = $_REQUEST['username']; |
1196 | 278 | 288 | ||
1198 | 279 | $sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage, group.group "; | 289 | $sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage "; |
1199 | 280 | $sql .= " FROM user "; | 290 | $sql .= " FROM user "; |
1200 | 281 | $sql .= " INNER JOIN `group` ON user.groupid = group.groupID "; | ||
1201 | 282 | $sql .= " WHERE 1=1 "; | 291 | $sql .= " WHERE 1=1 "; |
1202 | 283 | if ($_SESSION['usertype']==3) | 292 | if ($_SESSION['usertype']==3) |
1203 | 284 | { | 293 | { |
1205 | 285 | $sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " "; | 294 | $sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " "; |
1206 | 286 | } | 295 | } |
1207 | 287 | if($itemName!="all") | 296 | if($itemName!="all") |
1208 | 288 | { | 297 | { |
1210 | 289 | $sql .= " AND usertypeid=\"" . $itemName . "\""; | 298 | $sql .= " AND usertypeid=\"" . $itemName . "\""; |
1211 | 290 | } | 299 | } |
1212 | 291 | if ($username != "") | 300 | if ($username != "") |
1213 | 292 | { | 301 | { |
1215 | 293 | $sql .= " AND UserName LIKE '%$username%' "; | 302 | $sql .= " AND UserName LIKE '%$username%' "; |
1216 | 294 | } | 303 | } |
1217 | 295 | $sql .= " ORDER by UserName"; | 304 | $sql .= " ORDER by UserName"; |
1218 | 296 | 305 | ||
1219 | @@ -310,7 +319,6 @@ | |||
1220 | 310 | <th>Homepage</th> | 319 | <th>Homepage</th> |
1221 | 311 | <th>Layout</th> | 320 | <th>Layout</th> |
1222 | 312 | <th>Email</th> | 321 | <th>Email</th> |
1223 | 313 | <th>Group</th> | ||
1224 | 314 | <th>Action</th> | 322 | <th>Action</th> |
1225 | 315 | </tr> | 323 | </tr> |
1226 | 316 | </thead> | 324 | </thead> |
1227 | @@ -321,12 +329,12 @@ | |||
1228 | 321 | { | 329 | { |
1229 | 322 | $userID = $aRow[0]; | 330 | $userID = $aRow[0]; |
1230 | 323 | $userName = $aRow[1]; | 331 | $userName = $aRow[1]; |
1232 | 324 | $usertypeid = $aRow[2]; | 332 | $usertypeid = $aRow[2]; |
1233 | 325 | $loggedin = $aRow[3]; | 333 | $loggedin = $aRow[3]; |
1235 | 326 | $lastaccessed = $aRow[4]; | 334 | $lastaccessed = $aRow[4]; |
1236 | 327 | $email = $aRow[5]; | 335 | $email = $aRow[5]; |
1237 | 328 | $homepage = $aRow[6]; | 336 | $homepage = $aRow[6]; |
1239 | 329 | $group = $aRow[7]; | 337 | $groupid = $user->getGroupFromID($userID, true); |
1240 | 330 | 338 | ||
1241 | 331 | if($loggedin==1) | 339 | if($loggedin==1) |
1242 | 332 | { | 340 | { |
1243 | @@ -372,18 +380,19 @@ | |||
1244 | 372 | $table .= "<td>" . $homepageArray[0] . "</td>"; | 380 | $table .= "<td>" . $homepageArray[0] . "</td>"; |
1245 | 373 | $table .= "<td>" . $layout . "</td>"; | 381 | $table .= "<td>" . $layout . "</td>"; |
1246 | 374 | $table .= "<td>" . $email . "</td>"; | 382 | $table .= "<td>" . $email . "</td>"; |
1247 | 375 | $table .= "<td>" . $group . "</td>"; | ||
1248 | 376 | $table .= "<td>"; | 383 | $table .= "<td>"; |
1249 | 377 | 384 | ||
1250 | 378 | if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid'])) | 385 | if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid'])) |
1251 | 379 | { | 386 | { |
1259 | 380 | $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>'; | 387 | $msgPageSec = __('Page Security'); |
1260 | 381 | $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button></div></td>'; | 388 | $msgMenuSec = __('Menu Security'); |
1261 | 382 | } | 389 | |
1262 | 383 | else | 390 | $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>'; |
1263 | 384 | { | 391 | $table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button>'; |
1264 | 385 | $table .= "</td>"; | 392 | $table .= '<button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=' . $groupid . '"><span>' . $msgPageSec . '</span></button>'; |
1265 | 386 | } | 393 | $table .= '<button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=' . $groupid . '"><span>' . $msgMenuSec . '</span></button>'; |
1266 | 394 | } | ||
1267 | 395 | $table .= "</td>"; | ||
1268 | 387 | $table .= "</tr>"; | 396 | $table .= "</tr>"; |
1269 | 388 | } | 397 | } |
1270 | 389 | $table .= "</tbody></table></div>"; | 398 | $table .= "</tbody></table></div>"; |
1271 | @@ -398,18 +407,8 @@ | |||
1272 | 398 | */ | 407 | */ |
1273 | 399 | function displayPage() | 408 | function displayPage() |
1274 | 400 | { | 409 | { |
1287 | 401 | $db =& $this->db; | 410 | $db =& $this->db; |
1288 | 402 | 411 | include('template/pages/user_view.php'); | |
1277 | 403 | switch ($this->sub_page) | ||
1278 | 404 | { | ||
1279 | 405 | |||
1280 | 406 | case 'view': | ||
1281 | 407 | include('template/pages/user_view.php'); | ||
1282 | 408 | break; | ||
1283 | 409 | |||
1284 | 410 | default: | ||
1285 | 411 | break; | ||
1286 | 412 | } | ||
1289 | 413 | } | 412 | } |
1290 | 414 | 413 | ||
1291 | 415 | /** | 414 | /** |
1292 | @@ -454,140 +453,148 @@ | |||
1293 | 454 | } | 453 | } |
1294 | 455 | 454 | ||
1295 | 456 | /** | 455 | /** |
1297 | 457 | * Displays the Add user form (from Ajax) | 456 | * Displays the User form (from Ajax) |
1298 | 458 | * @return | 457 | * @return |
1299 | 459 | */ | 458 | */ |
1300 | 460 | function DisplayForm() | 459 | function DisplayForm() |
1301 | 461 | { | 460 | { |
1355 | 462 | $db =& $this->db; | 461 | $db =& $this->db; |
1356 | 463 | $user =& $this->user; | 462 | $user =& $this->user; |
1357 | 464 | $response = new ResponseManager(); | 463 | $response = new ResponseManager(); |
1358 | 465 | 464 | $helpManager = new HelpManager($db, $user); | |
1359 | 466 | $helpManager = new HelpManager($db, $user); | 465 | |
1360 | 467 | 466 | $userid = Kit::GetParam('userID', _GET, _INT); | |
1361 | 468 | //ajax request handler | 467 | |
1362 | 469 | 468 | $SQL = ""; | |
1363 | 470 | $userid = $this->userid; | 469 | $SQL .= "SELECT UserName , "; |
1364 | 471 | $username = $this->username; | 470 | $SQL .= " UserPassword, "; |
1365 | 472 | $password = $this->password; | 471 | $SQL .= " usertypeid , "; |
1366 | 473 | $usertypeid = $this->usertypeid; | 472 | $SQL .= " email , "; |
1367 | 474 | $email = $this->email; | 473 | $SQL .= " homepage "; |
1368 | 475 | $homepage = $this->homepage; | 474 | $SQL .= "FROM `user`"; |
1369 | 476 | $groupid = $this->groupid; | 475 | $SQL .= sprintf(" WHERE userID = %d", $userid); |
1370 | 477 | 476 | ||
1371 | 478 | // Help UI | 477 | if(!$results = $db->query($SQL)) |
1372 | 479 | $nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true); | 478 | { |
1373 | 480 | $passHelp = $helpManager->HelpIcon("The Password for this user.", true); | 479 | trigger_error($db->error()); |
1374 | 481 | $emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true); | 480 | trigger_error(__('Error getting user information.'), E_USER_ERROR); |
1375 | 482 | $homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true); | 481 | } |
1376 | 483 | $overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true); | 482 | |
1377 | 484 | $usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true); | 483 | while($aRow = $db->get_row($results)) |
1378 | 485 | $groupHelp = $helpManager->HelpIcon("Which group does this user belong to? User groups control media sharing and access to functional areas of Xibo.", true); | 484 | { |
1379 | 486 | 485 | $username = Kit::ValidateParam($aRow[0], _USERNAME); | |
1380 | 487 | $homepageOption = ''; | 486 | $password = Kit::ValidateParam($aRow[1], _PASSWORD); |
1381 | 488 | $override_option = ''; | 487 | $usertypeid = Kit::ValidateParam($aRow[2], _INT); |
1382 | 489 | 488 | $email = Kit::ValidateParam($aRow[3], _STRING); | |
1383 | 490 | //What form are we displaying | 489 | $homepage = Kit::ValidateParam($aRow[4], _STRING); |
1384 | 491 | if ($userid == "") | 490 | } |
1385 | 492 | { | 491 | |
1386 | 493 | //add form | 492 | // Help UI |
1387 | 494 | $action = "index.php?p=user&q=AddUser"; | 493 | $nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true); |
1388 | 495 | } | 494 | $passHelp = $helpManager->HelpIcon("The Password for this user.", true); |
1389 | 496 | else | 495 | $emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true); |
1390 | 497 | { | 496 | $homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true); |
1391 | 498 | //edit form | 497 | $overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true); |
1392 | 499 | $action = "index.php?p=user&q=EditUser"; | 498 | $usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true); |
1393 | 500 | 499 | ||
1394 | 501 | //split the homepage into its component parts (if it needs to be) | 500 | $homepageOption = ''; |
1395 | 502 | if (strpos($homepage,'&') !== false) | 501 | $override_option = ''; |
1396 | 503 | { | 502 | |
1397 | 504 | $homepage = substr($homepage, 0, strpos($homepage,'&')); | 503 | //What form are we displaying |
1398 | 505 | } | 504 | if ($userid == "") |
1399 | 506 | 505 | { | |
1400 | 507 | //make the homepage dropdown | 506 | //add form |
1401 | 508 | $homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage); | 507 | $action = "index.php?p=user&q=AddUser"; |
1402 | 509 | 508 | } | |
1403 | 510 | $homepageOption = <<<END | 509 | else |
1404 | 511 | <tr> | 510 | { |
1405 | 512 | <td><label for="homepage">Homepage<span class="required">*</span></label></td> | 511 | //edit form |
1406 | 513 | <td>$homepageHelp $homepage_list</td> | 512 | $action = "index.php?p=user&q=EditUser"; |
1407 | 514 | </tr> | 513 | |
1408 | 514 | //split the homepage into its component parts (if it needs to be) | ||
1409 | 515 | if (strpos($homepage,'&') !== false) | ||
1410 | 516 | { | ||
1411 | 517 | $homepage = substr($homepage, 0, strpos($homepage,'&')); | ||
1412 | 518 | } | ||
1413 | 519 | |||
1414 | 520 | //make the homepage dropdown | ||
1415 | 521 | $homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage); | ||
1416 | 522 | |||
1417 | 523 | $homepageOption = <<<END | ||
1418 | 524 | <tr> | ||
1419 | 525 | <td><label for="homepage">Homepage<span class="required">*</span></label></td> | ||
1420 | 526 | <td>$homepageHelp $homepage_list</td> | ||
1421 | 527 | </tr> | ||
1422 | 515 | END; | 528 | END; |
1427 | 516 | 529 | ||
1428 | 517 | $override_option = <<<FORM | 530 | $override_option = <<<FORM |
1429 | 518 | <td>Override Password?</td> | 531 | <td>Override Password?</td> |
1430 | 519 | <td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td> | 532 | <td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td> |
1431 | 520 | FORM; | 533 | FORM; |
1502 | 521 | } | 534 | } |
1503 | 522 | 535 | ||
1504 | 523 | //get us the user type if we dont have it (for the default value) | 536 | //get us the user type if we dont have it (for the default value) |
1505 | 524 | if($usertypeid=="") | 537 | if($usertypeid=="") |
1506 | 525 | { | 538 | { |
1507 | 526 | $usertype = Config::GetSetting($db,"defaultUsertype"); | 539 | $usertype = Config::GetSetting($db,"defaultUsertype"); |
1508 | 527 | 540 | ||
1509 | 528 | $SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'"; | 541 | $SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'"; |
1510 | 529 | if(!$results = $db->query($SQL)) | 542 | if(!$results = $db->query($SQL)) |
1511 | 530 | { | 543 | { |
1512 | 531 | trigger_error($db->error()); | 544 | trigger_error($db->error()); |
1513 | 532 | trigger_error("Can not get Usertype information", E_USER_ERROR); | 545 | trigger_error("Can not get Usertype information", E_USER_ERROR); |
1514 | 533 | } | 546 | } |
1515 | 534 | $row = $db->get_row($results); | 547 | $row = $db->get_row($results); |
1516 | 535 | $usertypeid = $row['0']; | 548 | $usertypeid = $row['0']; |
1517 | 536 | } | 549 | } |
1518 | 537 | 550 | ||
1519 | 538 | //group list | 551 | |
1520 | 539 | $group_list = dropdownlist("SELECT groupID, `group` FROM `group` ORDER BY `group`", "groupid", $groupid); | 552 | if ($_SESSION['usertype']==1) |
1521 | 540 | 553 | { | |
1522 | 541 | if ($_SESSION['usertype']==1) | 554 | //usertype list |
1523 | 542 | { | 555 | $usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid); |
1524 | 543 | //usertype list | 556 | |
1525 | 544 | $usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid); | 557 | $usertypeOption = <<<END |
1526 | 545 | 558 | <tr> | |
1527 | 546 | $usertypeOption = <<<END | 559 | <td><label for="usertypeid">User Type <span class="required">*</span></label></td> |
1528 | 547 | <tr> | 560 | <td>$usertypeHelp $usertype_list</td> |
1529 | 548 | <td><label for="usertypeid">User Type <span class="required">*</span></label></td> | 561 | </tr> |
1530 | 549 | <td>$usertypeHelp $usertype_list</td> | 562 | END; |
1531 | 550 | </tr> | 563 | } |
1532 | 551 | <tr> | 564 | else |
1533 | 552 | <td><label for="groupid">Group <span class="required">*</span></label></td> | 565 | { |
1534 | 553 | <td>$groupHelp $group_list</td> | 566 | $usertypeOption = ""; |
1535 | 554 | </tr> | 567 | } |
1536 | 555 | END; | 568 | |
1537 | 556 | } | 569 | |
1538 | 557 | else | 570 | $form = <<<END |
1539 | 558 | { | 571 | <form id="UserForm" class="XiboForm" method='post' action='$action'> |
1540 | 559 | $usertypeOption = ""; | 572 | <input type='hidden' name='userid' value='$userid'> |
1541 | 560 | } | 573 | <table> |
1542 | 561 | 574 | <tr> | |
1543 | 562 | 575 | <td><label for="username">User Name<span class="required">*</span></label></td> | |
1544 | 563 | $form = <<<END | 576 | <td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td> |
1545 | 564 | <form id="UserForm" class="XiboForm" method='post' action='$action'> | 577 | </tr> |
1546 | 565 | <input type='hidden' name='userid' value='$userid'> | 578 | <tr> |
1547 | 566 | <table> | 579 | <td><label for="password">Password<span class="required">*</span></label></td> |
1548 | 567 | <tr> | 580 | <td>$passHelp <input type="password" id="password" name="password" value="$password" /></td> |
1549 | 568 | <td><label for="username">User Name<span class="required">*</span></label></td> | 581 | $override_option |
1550 | 569 | <td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td> | 582 | </tr> |
1551 | 570 | </tr> | 583 | <tr> |
1552 | 571 | <tr> | 584 | <td><label for="email">Email Address<span class="required email">*</span></label></td> |
1553 | 572 | <td><label for="password">Password<span class="required">*</span></label></td> | 585 | <td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td> |
1554 | 573 | <td>$passHelp <input type="password" id="password" name="password" value="$password" /></td> | 586 | </tr> |
1555 | 574 | $override_option | 587 | $homepageOption |
1556 | 575 | </tr> | 588 | $usertypeOption |
1557 | 576 | <tr> | 589 | </table> |
1558 | 577 | <td><label for="email">Email Address<span class="required">*</span></label></td> | 590 | </form> |
1559 | 578 | <td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td> | 591 | END; |
1560 | 579 | </tr> | 592 | |
1561 | 580 | $homepageOption | 593 | $response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px'); |
1562 | 581 | $usertypeOption | 594 | $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")'); |
1563 | 582 | </table> | 595 | $response->AddButton(__('Cancel'), 'XiboDialogClose()'); |
1564 | 583 | </form> | 596 | $response->AddButton(__('Save'), '$("#UserForm").submit()'); |
1565 | 584 | END; | 597 | $response->Respond(); |
1496 | 585 | |||
1497 | 586 | $response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px'); | ||
1498 | 587 | $response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")'); | ||
1499 | 588 | $response->AddButton(__('Cancel'), 'XiboDialogClose()'); | ||
1500 | 589 | $response->AddButton(__('Save'), '$("#UserForm").submit()'); | ||
1501 | 590 | $response->Respond(); | ||
1566 | 591 | } | 598 | } |
1567 | 592 | 599 | ||
1568 | 593 | /** | 600 | /** |
1569 | 594 | 601 | ||
1570 | === modified file 'server/modules/module_user_general.php' | |||
1571 | --- server/modules/module_user_general.php 2009-10-28 21:28:04 +0000 | |||
1572 | +++ server/modules/module_user_general.php 2009-12-28 14:14:15 +0000 | |||
1573 | @@ -93,7 +93,7 @@ | |||
1574 | 93 | $db =& $this->db; | 93 | $db =& $this->db; |
1575 | 94 | global $session; | 94 | global $session; |
1576 | 95 | 95 | ||
1578 | 96 | $sql = sprintf("SELECT UserID, UserName, UserPassword, usertypeid, groupID FROM user WHERE UserName = '%s' AND UserPassword = '%s'", $db->escape_string($username), $db->escape_string($password)); | 96 | $sql = sprintf("SELECT UserID, UserName, UserPassword, usertypeid FROM user WHERE UserName = '%s' AND UserPassword = '%s'", $db->escape_string($username), $db->escape_string($password)); |
1579 | 97 | 97 | ||
1580 | 98 | if(!$result = $db->query($sql)) trigger_error('A database error occurred while checking your login details.', E_USER_ERROR); | 98 | if(!$result = $db->query($sql)) trigger_error('A database error occurred while checking your login details.', E_USER_ERROR); |
1581 | 99 | 99 | ||
1582 | @@ -114,7 +114,6 @@ | |||
1583 | 114 | $_SESSION['userid'] = Kit::ValidateParam($results[0], _INT); | 114 | $_SESSION['userid'] = Kit::ValidateParam($results[0], _INT); |
1584 | 115 | $_SESSION['username'] = Kit::ValidateParam($results[1], _USERNAME); | 115 | $_SESSION['username'] = Kit::ValidateParam($results[1], _USERNAME); |
1585 | 116 | $_SESSION['usertype'] = Kit::ValidateParam($results[3], _INT); | 116 | $_SESSION['usertype'] = Kit::ValidateParam($results[3], _INT); |
1586 | 117 | $_SESSION['groupid'] = Kit::ValidateParam($results[4], _INT); | ||
1587 | 118 | 117 | ||
1588 | 119 | $this->usertypeid = $_SESSION['usertype']; | 118 | $this->usertypeid = $_SESSION['usertype']; |
1589 | 120 | $this->userid = $_SESSION['userid']; | 119 | $this->userid = $_SESSION['userid']; |
1590 | @@ -230,32 +229,52 @@ | |||
1591 | 230 | 229 | ||
1592 | 231 | function getGroupFromID($id, $returnID = false) | 230 | function getGroupFromID($id, $returnID = false) |
1593 | 232 | { | 231 | { |
1620 | 233 | $db =& $this->db; | 232 | $db =& $this->db; |
1621 | 234 | 233 | ||
1622 | 235 | $SQL = sprintf("SELECT group.group, group.groupID FROM user INNER JOIN `group` ON group.groupID = user.groupID WHERE userid = %d", $id); | 234 | $SQL = ""; |
1623 | 236 | 235 | $SQL .= "SELECT group.group, "; | |
1624 | 237 | if(!$results = $db->query($SQL)) | 236 | $SQL .= " group.groupID "; |
1625 | 238 | { | 237 | $SQL .= "FROM `user` "; |
1626 | 239 | trigger_error("Error looking up user information (group)"); | 238 | $SQL .= " INNER JOIN lkusergroup "; |
1627 | 240 | trigger_error($db->error()); | 239 | $SQL .= " ON lkusergroup.UserID = user.UserID "; |
1628 | 241 | } | 240 | $SQL .= " INNER JOIN `group` "; |
1629 | 242 | 241 | $SQL .= " ON group.groupID = lkusergroup.GroupID "; | |
1630 | 243 | if ($db->num_rows($results)==0) | 242 | $SQL .= sprintf("WHERE `user`.userid = %d ", $id); |
1631 | 244 | { | 243 | $SQL .= "AND `group`.IsUserSpecific = 1"; |
1632 | 245 | if ($returnID) | 244 | |
1633 | 246 | { | 245 | if(!$results = $db->query($SQL)) |
1634 | 247 | return "1"; | 246 | { |
1635 | 248 | } | 247 | trigger_error($db->error()); |
1636 | 249 | return "Users"; | 248 | trigger_error("Error looking up user information (group)", E_USER_ERROR); |
1637 | 250 | } | 249 | } |
1638 | 251 | 250 | ||
1639 | 252 | $row = $db->get_row($results); | 251 | if ($db->num_rows($results) == 0) |
1640 | 253 | 252 | { | |
1641 | 254 | if ($returnID) | 253 | // Every user should have a group? |
1642 | 255 | { | 254 | // Add one in! |
1643 | 256 | return $row[1]; | 255 | include_once('lib/data/usergroup.data.class.php'); |
1644 | 257 | } | 256 | |
1645 | 258 | return $row[0]; | 257 | $userGroupObject = new UserGroup($db); |
1646 | 258 | if (!$groupID = $userGroupObject->Add('Unknown user id: ' . $id, 1)) | ||
1647 | 259 | { | ||
1648 | 260 | // Error | ||
1649 | 261 | trigger_error(__('User does not have a group and Xibo is unable to add one.'), E_USER_ERROR); | ||
1650 | 262 | } | ||
1651 | 263 | |||
1652 | 264 | // Link the two | ||
1653 | 265 | $userGroupObject->Link($groupID, $id); | ||
1654 | 266 | |||
1655 | 267 | if ($returnID) return $groupID; | ||
1656 | 268 | return 'Unknown'; | ||
1657 | 269 | } | ||
1658 | 270 | |||
1659 | 271 | $row = $db->get_row($results); | ||
1660 | 272 | |||
1661 | 273 | if ($returnID) | ||
1662 | 274 | { | ||
1663 | 275 | return $row[1]; | ||
1664 | 276 | } | ||
1665 | 277 | return $row[0]; | ||
1666 | 259 | } | 278 | } |
1667 | 260 | 279 | ||
1668 | 261 | function getUserTypeFromID($id, $returnID = false) | 280 | function getUserTypeFromID($id, $returnID = false) |
1669 | @@ -426,7 +445,6 @@ | |||
1670 | 426 | $userid =& $this->userid; | 445 | $userid =& $this->userid; |
1671 | 427 | 446 | ||
1672 | 428 | $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0); | 447 | $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0); |
1673 | 429 | $groupid = $this->getGroupFromID($userid, true); | ||
1674 | 430 | 448 | ||
1675 | 431 | // Check the security | 449 | // Check the security |
1676 | 432 | if ($usertype == 1) | 450 | if ($usertype == 1) |
1677 | @@ -447,14 +465,16 @@ | |||
1678 | 447 | 465 | ||
1679 | 448 | // we have access to only the pages assigned to this group | 466 | // we have access to only the pages assigned to this group |
1680 | 449 | $SQL = "SELECT pages.pageID FROM pages INNER JOIN lkpagegroup ON lkpagegroup.pageid = pages.pageid "; | 467 | $SQL = "SELECT pages.pageID FROM pages INNER JOIN lkpagegroup ON lkpagegroup.pageid = pages.pageid "; |
1682 | 450 | $SQL .= sprintf(" WHERE lkpagegroup.groupid = %d AND pages.name = '%s' ", $groupid, $db->escape_string($page)); | 468 | $SQL .= " INNER JOIN lkusergroup "; |
1683 | 469 | $SQL .= " ON lkpagegroup.groupID = lkusergroup.GroupID "; | ||
1684 | 470 | $SQL .= sprintf(" WHERE lkusergroup.UserID = %d AND pages.name = '%s' ", $userid, $db->escape_string($page)); | ||
1685 | 451 | 471 | ||
1686 | 452 | Debug::LogEntry($db, 'audit', $SQL); | 472 | Debug::LogEntry($db, 'audit', $SQL); |
1687 | 453 | 473 | ||
1688 | 454 | if (!$results = $db->query($SQL)) | 474 | if (!$results = $db->query($SQL)) |
1689 | 455 | { | 475 | { |
1690 | 456 | trigger_error($db->error()); | 476 | trigger_error($db->error()); |
1692 | 457 | trigger_error('Can not get the page security for this group [' . $groupid . '] and page [' . $page . ']'); | 477 | trigger_error('Can not get the page security for this user [' . $userid . '] and page [' . $page . ']'); |
1693 | 458 | } | 478 | } |
1694 | 459 | 479 | ||
1695 | 460 | if ($db->num_rows($results) < 1) | 480 | if ($db->num_rows($results) < 1) |
1696 | @@ -477,8 +497,7 @@ | |||
1697 | 477 | { | 497 | { |
1698 | 478 | $db =& $this->db; | 498 | $db =& $this->db; |
1699 | 479 | $userid =& $this->userid; | 499 | $userid =& $this->userid; |
1702 | 480 | $usertypeid = Kit::GetParam('usertype', _SESSION, _INT); | 500 | $usertypeid = Kit::GetParam('usertype', _SESSION, _INT); |
1701 | 481 | $groupid = $this->getGroupFromID($userid, true); | ||
1703 | 482 | 501 | ||
1704 | 483 | Debug::LogEntry($db, 'audit', sprintf('Authing the menu for usertypeid [%d]', $usertypeid)); | 502 | Debug::LogEntry($db, 'audit', sprintf('Authing the menu for usertypeid [%d]', $usertypeid)); |
1705 | 484 | 503 | ||
1706 | @@ -497,15 +516,17 @@ | |||
1707 | 497 | $SQL .= " ON pages.pageID = menuitem.PageID "; | 516 | $SQL .= " ON pages.pageID = menuitem.PageID "; |
1708 | 498 | if ($usertypeid != 1) | 517 | if ($usertypeid != 1) |
1709 | 499 | { | 518 | { |
1714 | 500 | $SQL .= " INNER JOIN lkmenuitemgroup "; | 519 | $SQL .= " INNER JOIN lkmenuitemgroup "; |
1715 | 501 | $SQL .= " ON lkmenuitemgroup.MenuItemID = menuitem.MenuItemID "; | 520 | $SQL .= " ON lkmenuitemgroup.MenuItemID = menuitem.MenuItemID "; |
1716 | 502 | $SQL .= " INNER JOIN `group` "; | 521 | $SQL .= " INNER JOIN `group` "; |
1717 | 503 | $SQL .= " ON lkmenuitemgroup.GroupID = group.GroupID "; | 522 | $SQL .= " ON lkmenuitemgroup.GroupID = group.GroupID "; |
1718 | 523 | $SQL .= " INNER JOIN lkusergroup "; | ||
1719 | 524 | $SQL .= " ON group.groupID = lkusergroup.GroupID "; | ||
1720 | 504 | } | 525 | } |
1721 | 505 | $SQL .= sprintf("WHERE menu.Menu = '%s' ", $db->escape_string($menu)); | 526 | $SQL .= sprintf("WHERE menu.Menu = '%s' ", $db->escape_string($menu)); |
1722 | 506 | if ($usertypeid != 1) | 527 | if ($usertypeid != 1) |
1723 | 507 | { | 528 | { |
1725 | 508 | $SQL .= sprintf(" AND group.groupid = %d", $groupid); | 529 | $SQL .= sprintf(" AND lkusergroup.UserID = %d", $userid); |
1726 | 509 | } | 530 | } |
1727 | 510 | $SQL .= " ORDER BY menuitem.Sequence"; | 531 | $SQL .= " ORDER BY menuitem.Sequence"; |
1728 | 511 | 532 | ||
1729 | @@ -596,7 +617,6 @@ | |||
1730 | 596 | 617 | ||
1731 | 597 | // Populate the array of display group ids we are authed against | 618 | // Populate the array of display group ids we are authed against |
1732 | 598 | $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0); | 619 | $usertype = Kit::GetParam('usertype', _SESSION, _INT, 0); |
1733 | 599 | $groupid = $this->getGroupFromID($userid, true); | ||
1734 | 600 | 620 | ||
1735 | 601 | $SQL = "SELECT DISTINCT displaygroup.DisplayGroupID, displaygroup.DisplayGroup, IsDisplaySpecific "; | 621 | $SQL = "SELECT DISTINCT displaygroup.DisplayGroupID, displaygroup.DisplayGroup, IsDisplaySpecific "; |
1736 | 602 | $SQL .= " FROM displaygroup "; | 622 | $SQL .= " FROM displaygroup "; |
1737 | @@ -607,10 +627,15 @@ | |||
1738 | 607 | if ($usertype != 1) | 627 | if ($usertype != 1) |
1739 | 608 | { | 628 | { |
1740 | 609 | $SQL .= " INNER JOIN lkgroupdg ON lkgroupdg.DisplayGroupID = displaygroup.DisplayGroupID "; | 629 | $SQL .= " INNER JOIN lkgroupdg ON lkgroupdg.DisplayGroupID = displaygroup.DisplayGroupID "; |
1742 | 610 | $SQL .= sprintf(" WHERE lkgroupdg.GroupID = %d ", $groupid); | 630 | $SQL .= " INNER JOIN lkusergroup ON lkgroupdg.GroupID = lkusergroup.GroupID "; |
1743 | 611 | } | 631 | } |
1745 | 612 | 632 | ||
1746 | 613 | $SQL .= " WHERE display.licensed = 1 "; | 633 | $SQL .= " WHERE display.licensed = 1 "; |
1747 | 634 | |||
1748 | 635 | if ($usertype != 1) | ||
1749 | 636 | { | ||
1750 | 637 | $SQL .= sprintf(" AND lkusergroup.UserID = %d ", $userid); | ||
1751 | 638 | } | ||
1752 | 614 | 639 | ||
1753 | 615 | Debug::LogEntry($db, 'audit', $SQL, 'User', 'DisplayGroupAuth'); | 640 | Debug::LogEntry($db, 'audit', $SQL, 'User', 'DisplayGroupAuth'); |
1754 | 616 | 641 |