Index: trunk/admin/users/addgroup.php
===================================================================
diff -u -N
--- trunk/admin/users/addgroup.php (revision 4358)
+++ trunk/admin/users/addgroup.php (revision 0)
@@ -1,161 +0,0 @@
-SourceTable = $objSession->GetEditTable("PortalGroup");
-$objEditItems->EnablePaging = FALSE;
-
-$objCustomFields = new clsCustomFieldList(6);
-$objUserGroupsList = new clsUserGroupList();
-//$objRelList = new clsRelationshipList();
-
-//Multiedit init
-if ($_GET["new"] == 1)
-{
- $c = new clsPortalGroup(NULL);
- $c->Set("CreatedOn", adodb_mktime());
- $c->Set("EndOn", adodb_mktime());
- $en = 0;
- $action = "m_add_group";
- $objGroups->CreateEmptyEditTable("GroupId");
-// $objRelList->CreateEmptyEditTable("RelationshipId");
-// $objCustomDataList->CreateEmptyEditTable('g');
- $objUserGroupsList->CreateEmptyEditTable("PortalUserId");
- }
-else
-{
- $en = (int)$_GET["en"];
- if (isset($_POST["itemlist"]))
- {
- $objGroups->CopyToEditTable("GroupId",$_POST["itemlist"]);
- }
- $objEditItems->Query_Item("SELECT * FROM ".$objEditItems->SourceTable);
- if(isset($_POST["itemlist"]))
- {
- /* make a copy of the relationship records */
- $ids = $objEditItems->GetResourceIDList();
-// $objCustomDataList->CopyToEditTable('g', $ids);
-
- // map group ResourceIds to group ids (because from list we always get ResourceIds)
- $db=&GetADODBConnection();
- $group_ids=$db->GetCol('SELECT GroupId FROM '.$objGroups->SourceTable.' WHERE ResourceId IN ('.implode($ids).')');
-
- $objUserGroupsList->CopyToEditTable("GroupId", $group_ids);
- }
-
- $itemcount=$objEditItems->NumItems();
- $c = $objEditItems->GetItemByIndex($en);
-
- if($itemcount>1)
- {
- if ($en+1 == $itemcount)
- $en_next = -1;
- else
- $en_next = $en+1;
-
- if ($en == 0)
- $en_prev = -1;
- else
- $en_prev = $en-1;
- }
- $action = "m_edit_group";
-}
-
-$envar = "env=" . BuildEnv() . "&en=$en";
-
-$section = 'in-portal:editgroup_general';
-
-if (strlen($c->Get("Name")))
- $editing_title = $c->Get("Name");
-else
- $editing_title = "";
-
-
-$title = GetTitle("la_Text_Group", "la_tab_General", $c->Get('GroupId'), $editing_title);//prompt_language("la_Text_Editing")." ".prompt_language("la_Text_Group")." $editing_title- ".prompt_language("la_tab_General");
-//echo $envar."
\n";
-
-//Display header
-$sec = $objSections->GetSection($section);
-$objCatToolBar = new clsToolBar();
-$objCatToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',1);","tool_select.gif");
-$objCatToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',2);","tool_cancel.gif");
-
-if ( isset($en_prev) || isset($en_next) )
-{
- $url = $RootUrl.$admin."/users/addgroup.php";
- $StatusField = "GroupEditStatus";
- $form = "editgroup";
- MultiEditButtons($objCatToolBar,$en_next,$en_prev,$form,$StatusField,$url,$sec->Get("OnClick"),'','la_PrevGroup','la_NextGroup');
-}
-
- int_header($objCatToolBar,NULL,$title);
-if ($objSession->GetVariable("HasChanges") == 1) {
-?>
-
-
-
-
-
-
-
\ No newline at end of file
Index: trunk/globals.php
===================================================================
diff -u -N -r4596 -r4698
--- trunk/globals.php (.../globals.php) (revision 4596)
+++ trunk/globals.php (.../globals.php) (revision 4698)
@@ -2053,5 +2053,29 @@
}
return GetVar($field_name);
}
+
+ function checkActionPermission($action_mapping, $action)
+ {
+ $application =& kApplication::Instance();
+
+ if (!isset($action_mapping[$action])) {
+ // if no permission mapping defined, then action is allowed in any case
+ return true;
+ }
+
+ $perm_status = false;
+ $action_mapping = explode('|', $action_mapping[$action]);
+ foreach ($action_mapping as $perm_name) {
+ $perm_status = $application->CheckPermission($perm_name, 1);
+ if ($perm_status) {
+ break;
+ }
+ }
+
+ if (!$perm_status) {
+ $application->Redirect($application->IsAdmin() ? 'no_permission' : $application->ConfigValue('NoPermissionTemplate'), null, '', 'index.php');
+ }
+ return true;
+ }
?>
Index: trunk/kernel/searchaction.php
===================================================================
diff -u -N -r836 -r4698
--- trunk/kernel/searchaction.php (.../searchaction.php) (revision 836)
+++ trunk/kernel/searchaction.php (.../searchaction.php) (revision 4698)
@@ -36,14 +36,6 @@
$objSession->SetVariable("Page_Userlist",1);
break;
- case "m_usergroup_search": /* user list */
- $searchlist = trim($objSession->GetVariable("UserGroupSearchWord"));
- if(strlen($searchlist)>0)
- $searchlist = ",";
- $searchlist = $_POST["list_search"];
- $objSession->SetVariable("UserGroupSearchWord",$searchlist);
- $objSession->SetVariable("Page_Userlist",1);
- break;
case "m_usergroup_search_reset": /*user list */
$objSession->SetVariable("UserGroupSearchWord","");
$objSession->SetVariable("Page_Userlist",1);
Index: trunk/core/units/users/users_config.php
===================================================================
diff -u -N -r4675 -r4698
--- trunk/core/units/users/users_config.php (.../users_config.php) (revision 4675)
+++ trunk/core/units/users/users_config.php (.../users_config.php) (revision 4698)
@@ -139,7 +139,7 @@
'icon' => 'banlist',
'label' => 'la_tab_BanList',
'url' => Array('index_file' => 'config/edit_banlist.php', 'DataType' => 6, 'pass_section' => true, 'pass' => 'm'),
- 'permissions' => Array('view', 'add', 'edit'),
+ 'permissions' => Array('view', 'add', 'edit', 'delete'),
'priority' => 6,
'type' => stTREE,
),
Index: trunk/kernel/units/users/users_config.php
===================================================================
diff -u -N -r4675 -r4698
--- trunk/kernel/units/users/users_config.php (.../users_config.php) (revision 4675)
+++ trunk/kernel/units/users/users_config.php (.../users_config.php) (revision 4698)
@@ -139,7 +139,7 @@
'icon' => 'banlist',
'label' => 'la_tab_BanList',
'url' => Array('index_file' => 'config/edit_banlist.php', 'DataType' => 6, 'pass_section' => true, 'pass' => 'm'),
- 'permissions' => Array('view', 'add', 'edit'),
+ 'permissions' => Array('view', 'add', 'edit', 'delete'),
'priority' => 6,
'type' => stTREE,
),
Index: trunk/core/units/admin/admin_config.php
===================================================================
diff -u -N -r4687 -r4698
--- trunk/core/units/admin/admin_config.php (.../admin_config.php) (revision 4687)
+++ trunk/core/units/admin/admin_config.php (.../admin_config.php) (revision 4698)
@@ -65,7 +65,7 @@
'icon' => 'sessions_log',
'label' => 'la_tab_SessionLog',
'url' => Array('index_file' => 'logs/session_list.php', 'pass' => 'm'),
- 'permissions' => Array('view', 'reset'),
+ 'permissions' => Array('view', 'delete'),
'priority' => 3,
'type' => stTREE,
),
@@ -167,7 +167,7 @@
'icon' => 'tool_import',
'label' => 'la_tab_QueryDB',
'url' => Array('index_file' => 'tools/sql_query.php', 'pass' => 'm'),
- 'permissions' => Array('view'),
+ 'permissions' => Array('view', 'edit'),
'priority' => 5,
'type' => stTREE,
),
Index: trunk/kernel/units/admin/admin_config.php
===================================================================
diff -u -N -r4687 -r4698
--- trunk/kernel/units/admin/admin_config.php (.../admin_config.php) (revision 4687)
+++ trunk/kernel/units/admin/admin_config.php (.../admin_config.php) (revision 4698)
@@ -65,7 +65,7 @@
'icon' => 'sessions_log',
'label' => 'la_tab_SessionLog',
'url' => Array('index_file' => 'logs/session_list.php', 'pass' => 'm'),
- 'permissions' => Array('view', 'reset'),
+ 'permissions' => Array('view', 'delete'),
'priority' => 3,
'type' => stTREE,
),
@@ -167,7 +167,7 @@
'icon' => 'tool_import',
'label' => 'la_tab_QueryDB',
'url' => Array('index_file' => 'tools/sql_query.php', 'pass' => 'm'),
- 'permissions' => Array('view'),
+ 'permissions' => Array('view', 'edit'),
'priority' => 5,
'type' => stTREE,
),
Index: trunk/admin/users/addgroup_permissions.php
===================================================================
diff -u -N
--- trunk/admin/users/addgroup_permissions.php (revision 2853)
+++ trunk/admin/users/addgroup_permissions.php (revision 0)
@@ -1,125 +0,0 @@
-SourceTable = $objSession->GetEditTable("PortalGroup");
-$objEditItems->EnablePaging = FALSE;
-$en = (int)$_GET["en"];
-$sql ="SELECT * FROM ".$objEditItems->SourceTable;
-$objEditItems->Query_Item($sql);
-//echo $sql."
\n";
-$itemcount=$objEditItems->NumItems();
-$c = $objEditItems->GetItemByIndex($en);
-
- if($itemcount>1)
- {
- if ($en+1 == $itemcount)
- $en_next = -1;
- else
- $en_next = $en+1;
-
- if ($en == 0)
- $en_prev = -1;
- else
- $en_prev = $en-1;
- }
- $action = "m_edit_group";
-
-$envar = "env=" . BuildEnv() . "&en=$en";
-
-$section = 'in-portal:editgroup_permissions';
-
-//Display header
-$sec = $objSections->GetSection($section);
-$objCatToolBar = new clsToolBar();
-$objCatToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',1);","tool_select.gif");
-$objCatToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',2);","tool_cancel.gif");
-
-$title = GetTitle("la_Text_Group", "la_tab_Permissions", $c->Get('GroupId'), $c->Get('Name'));//prompt_language("la_Text_Editing")." ".prompt_language("la_Text_Group")." '".$c->Get("Name")."' - ".prompt_language("la_tab_Permissions");
-
-if ( isset($en_prev) || isset($en_next) )
-{
- $url = $RootUrl.$admin."/users/addgroup_permissions.php";
- $StatusField = "GroupEditStatus";
- $form = "editgroup";
- MultiEditButtons($objCatToolBar,$en_next,$en_prev,$form,$StatusField,$url,$sec->Get("OnClick"),'','la_PrevGroup','la_NextGroup');
-}
-
-int_header($objCatToolBar,NULL,$title);
-if ($objSession->GetVariable("HasChanges") == 1) {
-?>
-
-
-
-
-
-
-
-
- |
-
-
-
-
-
-
-
Index: trunk/kernel/include/modules.php
===================================================================
diff -u -N -r3983 -r4698
--- trunk/kernel/include/modules.php (.../modules.php) (revision 3983)
+++ trunk/kernel/include/modules.php (.../modules.php) (revision 4698)
@@ -962,10 +962,10 @@
{
$var_to_global = $key.'_var_list';
global $$var_to_global;
-
- if( $FrontEnd==0 || !is_numeric($FrontEnd) || $FrontEnd==2)
- {
- $rootURL="http://".ThisDomain().$objConfig->Get("Site_Path");
+
+ $application =& kApplication::Instance(); // just to sure, that object is here in all actions
+ if($FrontEnd == 0 || !is_numeric($FrontEnd) || $FrontEnd == 2) {
+ $rootURL = 'http://'.ThisDomain().$objConfig->Get('Site_Path');
$admin = $objConfig->Get("AdminDirectory");
if( !strlen($admin) ) $admin = "admin";
$adminURL = $rootURL.$admin;
Index: trunk/kernel/action.php
===================================================================
diff -u -N -r4689 -r4698
--- trunk/kernel/action.php (.../action.php) (revision 4689)
+++ trunk/kernel/action.php (.../action.php) (revision 4698)
@@ -21,12 +21,36 @@
unset($script, $skipDebug);
// ====== Debugger related: end ======
- // Session expiration related
-
require_login( !admin_login() && $Action, 'expired=1', true );
- // End session exipration related
-
+ // permission checking: begin
+ $action_mapping = Array(
+ 'm_add_user' => 'in-portal:user_list.add',
+ 'm_edit_user' => 'in-portal:user_list.edit',
+ 'm_delete_user' => 'in-portal:user_list.delete',
+ 'm_user_primarygroup' => 'in-portal:user_list.add|in-portal:user_list.edit',
+ 'm_approve_user' => 'in-portal:user_list.add|in-portal:user_list.edit',
+ 'm_deny_user' => 'in-portal:user_list.add|in-portal:user_list.edit',
+ 'm_clear_searchlog' => 'in-portal:searchlog.delete',
+ 'm_keyword_reset' => 'in-portal:searchlog.delete',
+ 'm_themes_rescan' => 'in-portal:configure_themes.add|in-portal:configure_themes.edit',
+ 'm_theme_primary' => 'in-portal:configure_themes.add|in-portal:configure_themes.edit',
+ 'm_theme_add' => 'in-portal:configure_themes.add',
+ 'm_theme_edit' => 'in-portal:configure_themes.edit',
+ 'm_theme_delete' => 'in-portal:configure_themes.delete',
+ 'm_sql_query' => 'in-portal:sql_query.edit',
+ 'm_purge_email_log' => 'in-portal:emaillog.delete',
+ 'm_session_delete' => 'in-portal:sessionlog.delete',
+ 'm_add_rule' => 'in-portal:user_banlist.add',
+ 'm_edit_rule' => 'in-portal:user_banlist.edit',
+ 'm_rule_move_up' => 'in-portal:user_banlist.add|in-portal:user_banlist.edit',
+ 'm_rule_move_down' => 'in-portal:user_banlist.add|in-portal:user_banlist.edit',
+ 'm_rule_delete' => 'in-portal:user_banlist.delete',
+ 'm_ban_user' => 'in-portal:user_list.add|in-portal:user_list.edit',
+ );
+ checkActionPermission($action_mapping, $Action);
+ // permission checking: end
+
switch($Action)
{
case "m_save_import_config":
@@ -184,13 +208,6 @@
}
break;
- case "m_edit_group":
- $objEditItems = new clsGroupList();
- $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
- $objEditItems->Edit_Group($_POST["group_id"], $_POST["group_name"],$_POST["group_comments"]);
- break;
-
-
case 'm_group_edit': // when editing user membership in group
$membership_expires = DateTimestamp( $_POST['membership_expires_date'], GetDateFormat(0, true) );
$membership_expires += SecondsSinceMidnight( $_POST['membership_expires_time'] );
@@ -200,42 +217,6 @@
$objEditItems->Edit_UserGroup($_POST['GroupId'], $_POST['PortalUserId'], $membership_expires);
break;
- case "m_add_group":
- $objEditItems = new clsGroupList();
- $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
- $objEditItems->Add_Group($_POST["group_name"], $_POST["group_comments"],0);
- break;
- case "m_group_sysperm":
- if($ro_perm) break;
- if ($_POST["GroupEditStatus"] == 0) {
- $objSession->ResetSysPermCache();
- $GroupId = $_POST['GroupId'];
- if ($GroupId) {
- $objEditItems = new clsGroupList();
- $objEditItems->SourceTable = $objSession->GetEditTable('PortalGroup');
- $g = $objEditItems->GetItemByField('ResourceId', $GroupId);
- if (is_object($g)) {
- $PermList = explode(',', $_POST['PermList']);
- $inheritance = GetVar('inherit') ? GetVar('inherit') : Array();
- $permission_values = GetVar('permvalue') ? GetVar('permvalue') : Array();
- for($i = 0; $i < count($PermList); $i++) {
- if (@in_array($PermList[$i], $inheritance)) {
- $value = -1;
- }
- else {
- $value = 0;
- if (@in_array($PermList[$i], $permission_values)) {
- $value = 1;
- }
- }
-
- $g->SetSystemPermission($PermList[$i], $value);
- }
- }
- }
- }
- break;
-
case "m_user_sysperm":
if($ro_perm) break;
if($_POST["UserEditStatus"]==0)
@@ -307,14 +288,6 @@
$objUsers->Delete_User($userid);
break;
- case "m_delete_group":
- if($ro_perm) break;
- foreach($_POST["itemlist"] as $groupid)
- {
- $objGroups->Delete_Group($groupid);
- }
- break;
-
case "m_user_assign": // not sure if action is used anywhere
if($ro_perm) break;
$useridlist = implode("-", $userlist);
@@ -461,26 +434,7 @@
}
}
break;
-
- case "m_group_add_user":
- if($ro_perm) break;
- $objSession->SetVariable("HasChanges", 1);
- $group = $_POST["GroupId"];
- $EditGroups = new clsGroupList();
- $EditGroups->SourceTable = $objSession->GetEditTable($objGroups->SourceTable);
- $g = $EditGroups->GetItem($group);
-// echo "Group: $group
\n";
- if(is_numeric($group))
- {
- $users = explode(",",$_POST["userlist"]);
- foreach($users as $userid)
- {
- $u = $objUsers->GetItemByField("ResourceId",$userid);
- $g->AddUser($u->Get("PortalUserId"));
- }
- }
-
- break;
+
case "m_group_removeuser":
if($ro_perm) break;
$objSession->SetVariable("HasChanges", 1);
@@ -841,67 +795,6 @@
$application->HandleEvent($event);
break;
-
- case "m_SearchConfig_Edit":
- if($ro_perm) break;
- $SimpleValues = $_POST["simple"];
- $AdvValues = $_POST["advanced"];
- $module = $_POST["module"];
- $priority = $_POST["pri"];
- //phpinfo(INFO_VARIABLES);
- $objSearchConfig = new clsSearchConfigList($module);
- foreach($objSearchConfig->Items as $i)
- {
- $id = $i->Get("SearchConfigId");
- $objSearchConfig->EditFieldSettings($id,(int)$SimpleValues[$id],(int)$AdvValues[$id],$priority[$id]);
- }
- $objSearchConfig->Clear();
- /* save relevence settings */
- $vals = $_POST["req_increase"];
- foreach($vals as $var=>$value)
- {
- $cfg = "SearchRel_Increase_".$var;
- $objConfig->Set($cfg,$value);
- }
- $vals = $_POST["rel_keyword"];
- foreach($vals as $var=>$value)
- {
- $cfg = "SearchRel_Keyword_".$var;
- $objConfig->Set($cfg,$value);
- }
- $vals = $_POST["rel_pop"];
- foreach($vals as $var=>$value)
- {
- $cfg = "SearchRel_Pop_".$var;
- $objConfig->Set($cfg,$value);
- }
- $vals = $_POST["rel_rating"];
- foreach($vals as $var=>$value)
- {
- $cfg = "SearchRel_Rating_".$var;
- $objConfig->Set($cfg,$value);
- }
-
- $vals = $_POST["multiple"];
-
- if (count($vals) > 0) {
- foreach($vals as $var=>$value)
- {
- $cfg = "Search_ShowMultiple_".$var;
- $objConfig->Set($cfg,$value);
- }
- }
- else {
- $cfg = "Search_ShowMultiple_".$_POST['cfg_var'];
- $objConfig->Set($cfg, 0);
- }
-
- if (isset($_POST['minkeyword'])) {
- $objConfig->Set("Search_MinKeyword_Length", $_POST['minkeyword']);
- }
-
- $objConfig->Save();
- break;
case "m_keyword_reset":
if($ro_perm) break;
$objSearchList = new clsSearchLogList();
@@ -913,6 +806,7 @@
break;
case 'm_clear_searchlog':
+ if($ro_perm) break;
$objSearchList = new clsSearchLogList();
$db =& GetADODBConnection();
$db->Execute('DELETE FROM '.$objSearchList->SourceTable );
@@ -1059,9 +953,6 @@
}
break;
-
-
-
case "m_review_deny":
if (isset($_POST["itemlist"]))
{
@@ -1089,10 +980,6 @@
}
break;
-
-
-
-
case "m_review_move_up":
if (isset($_POST["itemlist"]))
{
@@ -1256,216 +1143,7 @@
$dummy->Delete();
}
break;
-
- case "m_lang_add":
- $ado = &GetADODBConnection();
- $objEditItems = new clsLanguageList();
- $objEditItems->SourceTable = $objSession->GetEditTable("Language");
-
- $l = $objEditItems->AddLanguage($_POST["packname"],$_POST["localname"],
- (int)$_POST["enabled"],(int)$_POST["primary"],
- $_POST["icon"],$_POST["date_format"],$_POST["time_format"],
- $_POST["decimal"],$_POST["thousand"],$_POST['charset']);
-
- $rs = $ado->Execute("SELECT MIN(LanguageId) as MinValue FROM ".$objEditItems->SourceTable);
- $NewId = $rs->fields["MinValue"]-1;
- $sql = "UPDATE ".$objEditItems->SourceTable." SET LanguageId=".$NewId." WHERE LanguageId=".$l->Get("LanguageId");
- if($objSession->HasSystemPermission("DEBUG.LIST"))
- echo $sql."
\n";
- $ado->Execute($sql);
- if($_POST["importlabels"]==1 && $_POST["srcpack"]>0)
- {
- // Phrase import
-/*
- $sql = "SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"];
- if($objSession->HasSystemPermission("DEBUG.LIST"))
- echo $sql."
\n";
-
- $rs = $ado->Execute($sql);
- $plist = new clsPhraseList();
- $plist->SourceTable = $objSession->GetEditTable("Phrase");
- $sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable;
- $as = $ado->Execute($sql);
- if($as && !$as->EOF)
- {
- $MinId = (int)$as->fields["MinId"];
- }
- else
- $MinId = 0;
- $MinId--;
- while($rs && !$rs->EOF)
- {
- $data = $rs->fields;
- $plist->AddPhrase($data["Phrase"],$NewId,$data["Translation"],$data["PhraseType"]);
- $sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1";
- $ado->Execute($sql);
- $MinId--;
- $rs->MoveNext();
- }
-*/
- $sql='INSERT INTO '.$objSession->GetEditTable('Phrase').' SELECT Phrase, Translation, PhraseType, 0-PhraseId, '.$NewId.' FROM '.GetTablePrefix().'Phrase WHERE LanguageId='.$_POST['srcpack'];
- $ado->Execute($sql);
- // Events import
- $sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"];
- if($objSession->HasSystemPermission("DEBUG.LIST"))
- echo $sql."
\n";
-
- $rs = $ado->Execute($sql);
-
- $eList = new clsEmailMessageList();
- //$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
-
- if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) {
- $eList->CreateEmptyEditTable("EmailMessageId", true);
- $eList->SourceTable = $objSession->GetEditTable("EmailMessage");
- }
- else {
- $eList->SourceTable = $objSession->GetEditTable("EmailMessage");
- }
-
- $sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable;
- $as = $ado->Execute($sql);
-
- if($as && !$as->EOF)
- {
- $MinId = (int)$as->fields["MinId"];
- }
- else {
- $MinId = 0;
- }
-
- $MinId--;
-
- while($rs && !$rs->EOF)
- {
- $data = $rs->fields;
- $eList->AddEmailEvent($data["Template"], $data["MessageType"], $NewId, $data["EventId"]);
-
- $sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1";
- $ado->Execute($sql);
-
- $MinId--;
-
- $rs->MoveNext();
- }
- }
- break;
- case "m_lang_export":
- if($ro_perm) break;
- include_once($pathtoroot."kernel/include/xml.php");
- $Ids = $_POST["LangList"]; // language ids list to export phrases from
-
- $phrase_types = GetVar('langtypes');
- $phrase_types = ($phrase_types !== false) ? implode(',',$phrase_types) : null;
-
- $filename=$_POST["filename"];
- if(strlen($filename)>0)
- {
- $ExportFilename = $pathtoroot.$admin."/export/".$filename;
- $ExportResult = $objLanguages->ExportPhrases($ExportFilename,$Ids, $phrase_types);
- }
- break;
-
- case "m_lang_edit":
- $ado = &GetADODBConnection();
- $objEditItems = new clsLanguageList();
- $objEditItems->SourceTable = $objSession->GetEditTable("Language");
-
- $objEditItems->EditLanguage($_POST["LanguageId"],$_POST["packname"],
- $_POST["localname"],(int)GetVar('enabled'),
- (int)GetVar('primary'), $_POST["icon"],$_POST["date_format"],
- $_POST["time_format"], $_POST["decimal"],$_POST["thousand"],
- $_POST['charset']);
-
- if( GetVar('importlabels') && $_POST["srcpack"]>0)
- {
- $rs = $ado->Execute("SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"]);
- $plist = new clsPhraseList();
- $plist->SourceTable = $objSession->GetEditTable("Phrase");
- $sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable;
- $as = $ado->Execute($sql);
- if($as && !$as->EOF)
- {
- $MinId = (int)$as->fields["MinId"];
- }
- else
- $MinId = 0;
- $MinId--;
- while($rs && !$rs->EOF)
- {
- $data = $rs->fields;
- $plist->AddPhrase($data["Phrase"],$_POST["LanguageId"],$data["Translation"],$data["PhraseType"]);
- $sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1";
- $ado->Execute($sql);
- $MinId--;
- $rs->MoveNext();
- }
- unset($plist);
-
- // Events import
- $sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"];
- if($objSession->HasSystemPermission("DEBUG.LIST"))
- echo $sql."
\n";
-
- $rs = $ado->Execute($sql);
-
- $eList = new clsEmailMessageList();
- //$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
- $l = new clsEmailMessage();
- if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) {
- $eList->CreateEmptyEditTable("EmailMessageId", true);
- $eList->SourceTable = $objSession->GetEditTable("EmailMessage");
- }
- else {
- $eList->SourceTable = $objSession->GetEditTable("EmailMessage");
- }
-
- $sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable;
- $as = $ado->Execute($sql);
-
- if($as && !$as->EOF)
- {
- $MinId = (int)$as->fields["MinId"];
- }
- else {
- $MinId = 0;
- }
-
- $MinId--;
-
- while($rs && !$rs->EOF)
- {
- $data = $rs->fields;
- $eList->AddEmailEvent($data["Template"], $data["MessageType"], $_POST["LanguageId"], $data["EventId"]);
-
- $sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1";
- $ado->Execute($sql);
-
- $MinId--;
-
- $rs->MoveNext();
- }
- unset($eList);
- }
-
- break;
- case "m_lang_delete":
- if($ro_perm) break;
- if (isset($_POST["itemlist"]))
- {
- $Phrases = new clsPhraseList();
- $Messages = new clsEmailMessageList();
- foreach($_POST["itemlist"] as $id)
- {
- $objLanguages->DeleteLanguage($id);
- $Phrases->DeleteLanguage($id);
- $Messages->DeleteLanguage($id);
- }
- unset($Phrases);
- unset($Messages);
- }
- break;
-
+
case "m_lang_select":
if($ro_perm) break;
$LangId = (int)$_POST["langselect"];
@@ -1561,52 +1239,12 @@
}
unset($objPhraseList);
break;
- case "m_emailevent_disable":
- if($ro_perm) break;
- $objEvents = new clsEventList();
- if (isset($_POST["itemlist"]))
- {
- foreach($_POST["itemlist"] as $id)
- {
- $m =& $objEvents->GetItem($id);
- $m->Set("Enabled",0);
- $m->Update();
- }
- }
- unset($objEvents);
- break;
- case "m_emailevent_enable":
- if($ro_perm) break;
- $objEvents = new clsEventList();
- if (isset($_POST["itemlist"]))
- {
- foreach($_POST["itemlist"] as $id)
- {
- $m =& $objEvents->GetItem($id);
- $m->Set("Enabled",1);
- $m->Update();
- }
- }
- unset($objEvents);
- break;
- case "m_emailevent_frontonly":
- if($ro_perm) break;
- $objEvents = new clsEventList();
- if (isset($_POST["itemlist"]))
- {
- foreach($_POST["itemlist"] as $id)
- {
- $m =& $objEvents->GetItem($id);
- $m->Set("Enabled",2);
- $m->Update();
- }
- }
- unset($objEvents);
- break;
+
case "m_dlid":
echo $Action.":".$DownloadId;
die();
break;
+
case "m_emailevent_user":
if($ro_perm) break;
$objEvents = new clsEventList();
@@ -1655,31 +1293,7 @@
$m->Update();
}
break;
- case "m_config_edit":
- //phpinfo(INFO_VARIABLES);
- if($ro_perm) break;
- $objAdmin = new clsConfigAdmin();
- $objAdmin->module = $_POST["module"];
- $objAdmin->section = $_POST["section"];
- if($objAdmin->section=="in-portal:configure_users")
- {
- if(strlen($_POST["RootPass"]) && strlen($_POST["RootPassVerify"]))
- {
- if($_POST["RootPass"]==$_POST["RootPassVerify"])
- {
- $_POST["RootPass"] = md5($_POST["RootPass"]);
- }
- }
- else
- {
- $_POST["RootPass"] = $objConfig->Get("RootPass");
- $_POST["RootPassVerify"] = $objConfig->Get("RootPassVerify");
- }
- }
- $objAdmin->LoadItems(FALSE);
- $objAdmin->SaveItems($_POST);
- break;
-
+
case "m_mod_enable":
if($ro_perm) break;
if (isset($_POST["itemlist"]))
@@ -2138,13 +1752,12 @@
$SqlErrorNum = $ado->ErrorNo();
}
break;
- case "m_purge_email_log":
- if($ro_perm) break;
- $ado = &GetADODBConnection();
-
- $sql = "DELETE FROM ".GetTablePrefix()."EmailLog";
- $ado->Execute($sql);
- break;
+
+ case 'm_purge_email_log':
+ $conn =& $application->GetADODBConnection();
+ $conn->Query('DELETE FROM '.TABLE_PREFIX.'EmailLog');
+ break;
+
case "m_session_delete":
if($ro_perm) break;
$ado = &GetADODBConnection();
@@ -2162,6 +1775,7 @@
$ado->Execute($sql);
}
break;
+
case "m_add_rule":
$objEditItems = new clsBanRuleList();
$objEditItems->SourceTable = $objSession->GetEditTable("BanRules");
@@ -2303,12 +1917,8 @@
//echo "==== BEGIN ====
";
$has_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY");
-//echo "PortalUserID: [".$objSession->Get("PortalUserId")."]
";
-//print_pre($objSession);
-//echo "PermSet: [".$has_perm."]
";
-if( !$has_perm )
-{
+if (!$has_perm) {
if( GetVar('ReviewEditStatus') == 1 )
{
$objReviews=new clsItemReviewList();
@@ -2391,28 +2001,6 @@
$objGroups->Clear();
}
- /* Group Edit */
- if( GetVar('GroupEditStatus') == 1 )
- {
- $objUserGroupsList = new clsUserGroupList();
- $objUserGroupsList->CopyFromEditTable("GroupId");
-
- $group_ids = $objGroups->CopyFromEditTable("GroupId");
- if ($group_ids) {
-// $objCustomDataList->CopyFromEditTable('g');
- }
-
- $objGroups->Clear();
- }
- if( GetVar('GroupEditStatus') == 2 )
- {
- $objUserGroupsList = new clsUserGroupList();
- $objGroups->PurgeEditTable("GroupId");
-// $objCustomDataList->PurgeEditTable('g');
- $objUserGroupsList->PurgeEditTable("PortalUserId");
- $objGroups->Clear();
- }
-
/* Theme Edit */
if( GetVar('ThemeEditStatus') == 1 )
{
@@ -2426,32 +2014,6 @@
$objThemes->Clear();
}
- /* Language Edit */
- if( GetVar('LangEditStatus') == 1 )
- {
- $objLanguages->CopyFromEditTable();
- $objLanguages->Clear();
- $objLanguages->PurgeEditTable();
-
- $Phrases = new clsPhraseList();
- $Phrases->CopyFromEditTable();
- $Phrases->Clear();
- $Phrases->PurgeEditTable();
-
- $Messages = new clsEmailMessageList();
- $Messages->CopyFromEditTable();
- $Messages->Clear();
- }
- if( GetVar('LangEditStatus') == 2 )
- {
- $objLanguages->PurgeEditTable();
- $objLanguages->Clear();
- $Phrases = new clsPhraseList();
- $Phrases->PurgeEditTable();
- $Messages = new clsEmailMessageList();
- $Messages->PurgeEditTable();
- }
-
if( GetVar('MissingLangEditStatus') == 1 )
{
$objPhraseList = new clsPhraseList();
Index: trunk/admin/users/addgroup_users.php
===================================================================
diff -u -N
--- trunk/admin/users/addgroup_users.php (revision 4476)
+++ trunk/admin/users/addgroup_users.php (revision 0)
@@ -1,307 +0,0 @@
-SourceTable = $objSession->GetEditTable("PortalGroup");
-$objEditItems->EnablePaging = FALSE;
-
-$en = (int)$_GET["en"];
-$objEditItems->Query_Item("SELECT * FROM ".$objEditItems->SourceTable);
-$itemcount=$objEditItems->NumItems();
-$c = $objEditItems->GetItemByIndex($en);
-
- if($itemcount>1)
- {
- if ($en+1 == $itemcount)
- $en_next = -1;
- else
- $en_next = $en+1;
-
- if ($en == 0)
- $en_prev = -1;
- else
- $en_prev = $en-1;
- }
- $action = "m_edit_group";
-
-$envar = "env=" . BuildEnv() . "&en=$en";
-
-/* -------------------------------------- Section configuration ------------------------------------------- */
-$section = 'in-portal:editgroup_users';
-$sec = $objSections->GetSection($section);
-$SortFieldVar = "User_SortField";
-$SortOrderVar = "User_SortOrder";
-$DefaultSortField = "Login";
-$PerPageVar = "Perpage_User";
-$CurrentPageVar = "Page_UserList";
-$CurrentFilterVar = "User_View";
-
-$ListForm = "editgroup";
-$CheckClass = "UserChecks";
-
-/* ------------------------------------- Configure the toolbar ------------------------------------------- */
-$objListToolBar = new clsToolBar();
-
-$objListToolBar->Set("section",$section);
-$objListToolBar->Set("load_menu_func","");
-$objListToolBar->Set("CheckClass",$CheckClass);
-$objListToolBar->Set("CheckForm",$ListForm);
-$objListToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","do_edit_save('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',1);","tool_select.gif");
-$objListToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","do_edit_save('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',2);","tool_cancel.gif");
-if($itemcount == 1) $objListToolBar->Add("divider");
-
-if ( isset($en_prev) || isset($en_next) )
-{
- $url = $RootUrl.$admin."/users/addgroup_users.php";
- $StatusField = "GroupEditStatus";
- $form = "editgroup";
- MultiEditButtons($objListToolBar,$en_next,$en_prev,$form,$StatusField,$url,$sec->Get("OnClick"),'','la_PrevGroup','la_NextGroup');
- $objListToolBar->Add("divider");
-}
-
-
-$listImages = array();
- //$img, $alt, $link, $onMouseOver, $onMouseOut, $onClick
-
-$objListToolBar->Add("new_group", "la_ToolTip_AddUserToGroup","","swap('new_group','toolbar/tool_usertogroup_f2.gif');",
- "swap('new_group', 'toolbar/tool_usertogroup.gif');",
- "OpenUserSelector('','','$envar&source=addgroup_users&GroupId=".$c->Get("GroupId")."&destform=popup&destfield=userlist&Selector=radio&dosubmit=1');",
- "tool_usertogroup.gif");
-
-$objListToolBar->Add("user_del","la_ToolTip_RemoveUserFromGroup","#", "if (UserChecks.itemChecked()) swap('user_del','toolbar/tool_delete_f2.gif');",
- "if (UserChecks.itemChecked()) swap('user_del', 'toolbar/tool_delete.gif');","if (UserChecks.itemChecked()) UserChecks.check_submit('addgroup_users', 'm_group_removeuser');",
- "tool_delete.gif");
-$listImages[] = "UserChecks.addImage('user_del','$imagesURL/toolbar/tool_delete.gif','$imagesURL/toolbar/tool_delete_f3.gif',1); ";
-
-$objListToolBar->Add("divider");
-
-$objListToolBar->Add("user_print", "la_ToolTip_Print","#","swap('user_print','toolbar/tool_print_f2.gif');",
- "swap('user_print', 'toolbar/tool_print.gif');","window.print();","tool_print.gif");
-
-$objListToolBar->Add("viewmenubutton", "la_ToolTip_View","#","swap('viewmenubutton','toolbar/tool_view_f2.gif'); ",
- "swap('viewmenubutton', 'toolbar/tool_view.gif');",
- "ShowViewMenu();","tool_view.gif");
-
-$objListToolBar->AddToInitScript($listImages);
-$objListToolBar->AddToInitScript("fwLoadMenus();");
-
-/* ----------------------------------------- Set the View Filter ---------------------------------------- */
-
-/* bit place holders for category view menu */
-$Bit_Pending=4;
-$Bit_Disabled=2;
-$Bit_Valid=1;
-$Bit_All = 7;
-
-$FilterLabels = array();
-
-$FilterLabels[0] = admin_language("la_Text_Enabled");
-$FilterLabels[1] = admin_language("la_Text_Disabled");
-$FilterLabels[2] = admin_language("la_Text_Pending");
-
-/* determine current view menu settings */
-$UserView = $objConfig->Get("User_View");
-
-if(!is_numeric($UserView))
-{
- $UserView = $Bit_All; //Set all bits ON
- $UserFilter = "";
-}
- if($UserView & $Bit_Valid)
- $Status[] = 1;
-
- if($UserView & $Bit_Disabled)
- $Status[] = 0;
-
- if($UserView & $Bit_Pending)
- $Status[] = 2;
-
- if(count($Status)>0)
- {
- $UserFilter = "Status IN (".implode(",",$Status).")";
- }
- else
- $UserFilter = "Status = -1";
-
-
-$GroupUsers = $c->GetUserList(true);
-if($GroupUsers)
-{
- $list = implode(",", $GroupUsers);
- $where = "u.PortalUserId IN ($list) ";
-}
-else
-{
- $list=0;
- $where = "u.PortalUserId = -1 ";
-}
-$order = $objConfig->Get("User_SortOrder");
-$SearchWords = $objSession->GetVariable("UserGroupSearchWord");
-if(strlen($SearchWords))
-{
- $where .= ' AND '.$objUsers->AdminSearchWhereClause($SearchWords);
-}
-
-$orderBy = trim($objConfig->Get($SortFieldVar)." ".$order);
-
-if ($orderBy) {
- $orderBy = ' ORDER BY '.$orderBy;
-}
-
-$sql = "SELECT u.*,g.Name AS GroupName,ELT(u.status+1,'".admin_language("la_Text_Disabled")." ','".admin_language("la_Text_Enabled")." ','".admin_language("la_Text_Pending")."') as UserStatus, ";
-$sql .="FROM_UNIXTIME(u.CreatedOn,'%m-%d-%Y') AS DateCreated FROM ".GetTablePrefix()."PortalUser as u ";
-$sql .="LEFT JOIN ".GetTablePrefix()."UserGroup AS ug ON (u.PortalUserId=ug.PortalUserId) AND (ug.PrimaryGroup = 1) ";
-$sql .="LEFT JOIN ".GetTablePrefix()."PortalGroup as g ON (ug.GroupId=g.GroupId) WHERE 1";
-
-if($where) {
- $sql .= ' AND '.$where;
-}
-
-$sql .= $orderBy;
-
-//$sql .=" ".GetLimitSQL($objSession->GetVariable("Page_Userlist"),$objConfig->Get("Perpage_User"));
-$objListView = new clsListView($objListToolBar);
-$objListView->CurrentPageVar = "Page_Userlist";
-$objListView->PerPageVar = "Perpage_User";
-
-if($objSession->HasSystemPermission("DEBUG.LIST"))
- echo htmlentities($sql,ENT_NOQUOTES)."
\n";
-
-$objUsers->Query_Item($sql, $objListView->GetLimitSQL() );
-$itemcount = $list ? TableCount(GetTablePrefix().'PortalUser', 'PortalUserId IN ('.$list.')', 0) : 0;
-
-$objListView->SetListItems($objUsers);
-$objListView->IdField = "ResourceId";
-$objListView->PageLinkTemplate = $pathtoroot. $admin."/templates/user_page_link.tpl";
-
-$objListView->ColumnHeaders->Add("Login",admin_language("la_prompt_Username"),1,0,$order,"width=\"15%\"","User_SortField","User_SortOrder","Login");
-$objListView->ColumnHeaders->Add("LastName",admin_language("la_prompt_Last_Name"),1,0,$order,"width=\"15%\"","User_SortField","User_SortOrder","LastName");
-$objListView->ColumnHeaders->Add("FirstName",admin_language("la_prompt_First_Name"),1,0,$order,"width=\"15%\"","User_SortField","User_SortOrder","FirstName");
-$objListView->ColumnHeaders->Add("Email",admin_language("la_prompt_Email"),1,0,$order,"width=\"20%\"","User_SortField","User_SortOrder","Email");
-$objListView->ColumnHeaders->Add("GroupName",admin_language("la_prompt_PrimaryGroup"),1,0,$order,"width=\"20%\"","User_SortField","User_SortOrder","GroupName");
-$objListView->ColumnHeaders->Add("DateCreated",admin_language("la_prompt_CreatedOn"),1,0,$order,"width=\"15%\"","User_SortField","User_SortOrder","DateCreated");
-$objListView->ColumnHeaders->SetSort($objConfig->Get("User_SortField"),$order);
-
-$objListView->PrintToolBar = FALSE;
-$objListView->SearchBar = TRUE;
-$objListView->SearchKeywords = $SearchWords;
-$objListView->SearchAction="m_usergroup_search";
-$objListView->CheckboxName = "itemlist[]";
-$objListView->TotalItemCount = $itemcount;
-
-for($i=0;$iItems);$i++)
-{
- $u =& $objUsers->GetItemRefByIndex($i);
- $objListView->RowIcons[] = $u->StatusIcon();
-}
- $objListView->ConfigureViewMenu($SortFieldVar,$SortOrderVar,$DefaultSortField,
- $CurrentFilterVar,$UserView,$Bit_All);
-
- foreach($FilterLabels as $Bit=>$Label)
- {
- $objListView->AddViewMenuFilter($Label,$Bit);
- }
-
-
-$filter = false; // always initialize variables before use
-if($objSession->GetVariable("UserGroupSearchWord") != '') {
- $filter = true;
-}
-else {
- if ($UserView != $Bit_All) {
- $filter = true;
- }
-}
-
-
-$title = GetTitle("la_Text_Group", "la_tab_Users", $c->Get('GroupId'), $c->Get('Name'));//prompt_language("la_Text_Editing")." ".prompt_language("la_Text_Group")." '".$c->Get("Name")."' - ".prompt_language("la_tab_Users");
-$h = "\n\n\n";
-int_header($objListToolBar,NULL, $title,NULL,$h);
-if ($objSession->GetVariable("HasChanges") == 1) {
-?>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
Index: trunk/admin/users/group_addpermission.php
===================================================================
diff -u -N
--- trunk/admin/users/group_addpermission.php (revision 2853)
+++ trunk/admin/users/group_addpermission.php (revision 0)
@@ -1,147 +0,0 @@
-SourceTable = $objSession->GetEditTable("PortalGroup");
-$objEditItems->EnablePaging = FALSE;
-$en = (int)$_GET["en"];
-$objEditItems->Query_Item("SELECT * FROM ".$objEditItems->SourceTable);
-$itemcount=$objEditItems->NumItems();
-$c = $objEditItems->GetItemByIndex($en);
-
- if($itemcount>1)
- {
- if ($en+1 == $itemcount)
- $en_next = -1;
- else
- $en_next = $en+1;
-
- if ($en == 0)
- $en_prev = -1;
- else
- $en_prev = $en-1;
- }
- $action = "m_edit_group";
-
-$envar = "env=" . BuildEnv() . "&en=$en";
-
-$section = 'in-portal:editgroup_permissions';
-
-//Display header
-$sec = $objSections->GetSection($section);
-$objCatToolBar = new clsToolBar();
-$objCatToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/addgroup_permissions.php',0);","tool_select.gif");
-$objCatToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/addgroup_permissions.php',-1);","tool_cancel.gif");
-
-$PermModule = $_GET["module"];
-
-$title = GetTitle("la_Text_Group", "la_tab_Permissions", $c->Get('GroupId'), $c->Get('Name'));//prompt_language("la_Text_Editing")." ".prompt_language("la_Text_Group")." '".$c->Get("Name")."' - ".prompt_language("la_tab_Permissions");
-
-if ( isset($en_prev) || isset($en_next) )
-{
- $url = $RootUrl.$admin."/users/group_addpermission.php";
- $StatusField = "GroupEditStatus";
- $form = "editgroup";
- MultiEditButtons($objCatToolBar,$en_next,$en_prev,$form,$StatusField,$url,$sec->Get("OnClick"),'&module='.$_REQUEST['module'],'la_PrevGroup','la_NextGroup');
-}
-
-int_header($objCatToolBar,NULL,$title);
-if ($objSession->GetVariable("HasChanges") == 1) {
-?>
-
-
-
-
-
-
-
- >
- |
-
-
-
-
-