Index: trunk/admin/users/addgroup.php =================================================================== diff -u -N --- trunk/admin/users/addgroup.php (revision 4358) +++ trunk/admin/users/addgroup.php (revision 0) @@ -1,161 +0,0 @@ -SourceTable = $objSession->GetEditTable("PortalGroup"); -$objEditItems->EnablePaging = FALSE; - -$objCustomFields = new clsCustomFieldList(6); -$objUserGroupsList = new clsUserGroupList(); -//$objRelList = new clsRelationshipList(); - -//Multiedit init -if ($_GET["new"] == 1) -{ - $c = new clsPortalGroup(NULL); - $c->Set("CreatedOn", adodb_mktime()); - $c->Set("EndOn", adodb_mktime()); - $en = 0; - $action = "m_add_group"; - $objGroups->CreateEmptyEditTable("GroupId"); -// $objRelList->CreateEmptyEditTable("RelationshipId"); -// $objCustomDataList->CreateEmptyEditTable('g'); - $objUserGroupsList->CreateEmptyEditTable("PortalUserId"); - } -else -{ - $en = (int)$_GET["en"]; - if (isset($_POST["itemlist"])) - { - $objGroups->CopyToEditTable("GroupId",$_POST["itemlist"]); - } - $objEditItems->Query_Item("SELECT * FROM ".$objEditItems->SourceTable); - if(isset($_POST["itemlist"])) - { - /* make a copy of the relationship records */ - $ids = $objEditItems->GetResourceIDList(); -// $objCustomDataList->CopyToEditTable('g', $ids); - - // map group ResourceIds to group ids (because from list we always get ResourceIds) - $db=&GetADODBConnection(); - $group_ids=$db->GetCol('SELECT GroupId FROM '.$objGroups->SourceTable.' WHERE ResourceId IN ('.implode($ids).')'); - - $objUserGroupsList->CopyToEditTable("GroupId", $group_ids); - } - - $itemcount=$objEditItems->NumItems(); - $c = $objEditItems->GetItemByIndex($en); - - if($itemcount>1) - { - if ($en+1 == $itemcount) - $en_next = -1; - else - $en_next = $en+1; - - if ($en == 0) - $en_prev = -1; - else - $en_prev = $en-1; - } - $action = "m_edit_group"; -} - -$envar = "env=" . BuildEnv() . "&en=$en"; - -$section = 'in-portal:editgroup_general'; - -if (strlen($c->Get("Name"))) - $editing_title = $c->Get("Name"); -else - $editing_title = ""; - - -$title = GetTitle("la_Text_Group", "la_tab_General", $c->Get('GroupId'), $editing_title);//prompt_language("la_Text_Editing")." ".prompt_language("la_Text_Group")." $editing_title- ".prompt_language("la_tab_General"); -//echo $envar."
\n"; - -//Display header -$sec = $objSections->GetSection($section); -$objCatToolBar = new clsToolBar(); -$objCatToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',1);","tool_select.gif"); -$objCatToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',2);","tool_cancel.gif"); - -if ( isset($en_prev) || isset($en_next) ) -{ - $url = $RootUrl.$admin."/users/addgroup.php"; - $StatusField = "GroupEditStatus"; - $form = "editgroup"; - MultiEditButtons($objCatToolBar,$en_next,$en_prev,$form,$StatusField,$url,$sec->Get("OnClick"),'','la_PrevGroup','la_NextGroup'); -} - - int_header($objCatToolBar,NULL,$title); -if ($objSession->GetVariable("HasChanges") == 1) { -?> - - - - -
- -
- - - - - - - > - - - - - > - - - - - - > - - - -
- "> -
- -  
- - "> - -
- - - - \ No newline at end of file Index: trunk/globals.php =================================================================== diff -u -N -r4596 -r4698 --- trunk/globals.php (.../globals.php) (revision 4596) +++ trunk/globals.php (.../globals.php) (revision 4698) @@ -2053,5 +2053,29 @@ } return GetVar($field_name); } + + function checkActionPermission($action_mapping, $action) + { + $application =& kApplication::Instance(); + + if (!isset($action_mapping[$action])) { + // if no permission mapping defined, then action is allowed in any case + return true; + } + + $perm_status = false; + $action_mapping = explode('|', $action_mapping[$action]); + foreach ($action_mapping as $perm_name) { + $perm_status = $application->CheckPermission($perm_name, 1); + if ($perm_status) { + break; + } + } + + if (!$perm_status) { + $application->Redirect($application->IsAdmin() ? 'no_permission' : $application->ConfigValue('NoPermissionTemplate'), null, '', 'index.php'); + } + return true; + } ?> Index: trunk/kernel/searchaction.php =================================================================== diff -u -N -r836 -r4698 --- trunk/kernel/searchaction.php (.../searchaction.php) (revision 836) +++ trunk/kernel/searchaction.php (.../searchaction.php) (revision 4698) @@ -36,14 +36,6 @@ $objSession->SetVariable("Page_Userlist",1); break; - case "m_usergroup_search": /* user list */ - $searchlist = trim($objSession->GetVariable("UserGroupSearchWord")); - if(strlen($searchlist)>0) - $searchlist = ","; - $searchlist = $_POST["list_search"]; - $objSession->SetVariable("UserGroupSearchWord",$searchlist); - $objSession->SetVariable("Page_Userlist",1); - break; case "m_usergroup_search_reset": /*user list */ $objSession->SetVariable("UserGroupSearchWord",""); $objSession->SetVariable("Page_Userlist",1); Index: trunk/core/units/users/users_config.php =================================================================== diff -u -N -r4675 -r4698 --- trunk/core/units/users/users_config.php (.../users_config.php) (revision 4675) +++ trunk/core/units/users/users_config.php (.../users_config.php) (revision 4698) @@ -139,7 +139,7 @@ 'icon' => 'banlist', 'label' => 'la_tab_BanList', 'url' => Array('index_file' => 'config/edit_banlist.php', 'DataType' => 6, 'pass_section' => true, 'pass' => 'm'), - 'permissions' => Array('view', 'add', 'edit'), + 'permissions' => Array('view', 'add', 'edit', 'delete'), 'priority' => 6, 'type' => stTREE, ), Index: trunk/kernel/units/users/users_config.php =================================================================== diff -u -N -r4675 -r4698 --- trunk/kernel/units/users/users_config.php (.../users_config.php) (revision 4675) +++ trunk/kernel/units/users/users_config.php (.../users_config.php) (revision 4698) @@ -139,7 +139,7 @@ 'icon' => 'banlist', 'label' => 'la_tab_BanList', 'url' => Array('index_file' => 'config/edit_banlist.php', 'DataType' => 6, 'pass_section' => true, 'pass' => 'm'), - 'permissions' => Array('view', 'add', 'edit'), + 'permissions' => Array('view', 'add', 'edit', 'delete'), 'priority' => 6, 'type' => stTREE, ), Index: trunk/core/units/admin/admin_config.php =================================================================== diff -u -N -r4687 -r4698 --- trunk/core/units/admin/admin_config.php (.../admin_config.php) (revision 4687) +++ trunk/core/units/admin/admin_config.php (.../admin_config.php) (revision 4698) @@ -65,7 +65,7 @@ 'icon' => 'sessions_log', 'label' => 'la_tab_SessionLog', 'url' => Array('index_file' => 'logs/session_list.php', 'pass' => 'm'), - 'permissions' => Array('view', 'reset'), + 'permissions' => Array('view', 'delete'), 'priority' => 3, 'type' => stTREE, ), @@ -167,7 +167,7 @@ 'icon' => 'tool_import', 'label' => 'la_tab_QueryDB', 'url' => Array('index_file' => 'tools/sql_query.php', 'pass' => 'm'), - 'permissions' => Array('view'), + 'permissions' => Array('view', 'edit'), 'priority' => 5, 'type' => stTREE, ), Index: trunk/kernel/units/admin/admin_config.php =================================================================== diff -u -N -r4687 -r4698 --- trunk/kernel/units/admin/admin_config.php (.../admin_config.php) (revision 4687) +++ trunk/kernel/units/admin/admin_config.php (.../admin_config.php) (revision 4698) @@ -65,7 +65,7 @@ 'icon' => 'sessions_log', 'label' => 'la_tab_SessionLog', 'url' => Array('index_file' => 'logs/session_list.php', 'pass' => 'm'), - 'permissions' => Array('view', 'reset'), + 'permissions' => Array('view', 'delete'), 'priority' => 3, 'type' => stTREE, ), @@ -167,7 +167,7 @@ 'icon' => 'tool_import', 'label' => 'la_tab_QueryDB', 'url' => Array('index_file' => 'tools/sql_query.php', 'pass' => 'm'), - 'permissions' => Array('view'), + 'permissions' => Array('view', 'edit'), 'priority' => 5, 'type' => stTREE, ), Index: trunk/admin/users/addgroup_permissions.php =================================================================== diff -u -N --- trunk/admin/users/addgroup_permissions.php (revision 2853) +++ trunk/admin/users/addgroup_permissions.php (revision 0) @@ -1,125 +0,0 @@ -SourceTable = $objSession->GetEditTable("PortalGroup"); -$objEditItems->EnablePaging = FALSE; -$en = (int)$_GET["en"]; -$sql ="SELECT * FROM ".$objEditItems->SourceTable; -$objEditItems->Query_Item($sql); -//echo $sql."
\n"; -$itemcount=$objEditItems->NumItems(); -$c = $objEditItems->GetItemByIndex($en); - - if($itemcount>1) - { - if ($en+1 == $itemcount) - $en_next = -1; - else - $en_next = $en+1; - - if ($en == 0) - $en_prev = -1; - else - $en_prev = $en-1; - } - $action = "m_edit_group"; - -$envar = "env=" . BuildEnv() . "&en=$en"; - -$section = 'in-portal:editgroup_permissions'; - -//Display header -$sec = $objSections->GetSection($section); -$objCatToolBar = new clsToolBar(); -$objCatToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',1);","tool_select.gif"); -$objCatToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',2);","tool_cancel.gif"); - -$title = GetTitle("la_Text_Group", "la_tab_Permissions", $c->Get('GroupId'), $c->Get('Name'));//prompt_language("la_Text_Editing")." ".prompt_language("la_Text_Group")." '".$c->Get("Name")."' - ".prompt_language("la_tab_Permissions"); - -if ( isset($en_prev) || isset($en_next) ) -{ - $url = $RootUrl.$admin."/users/addgroup_permissions.php"; - $StatusField = "GroupEditStatus"; - $form = "editgroup"; - MultiEditButtons($objCatToolBar,$en_next,$en_prev,$form,$StatusField,$url,$sec->Get("OnClick"),'','la_PrevGroup','la_NextGroup'); -} - -int_header($objCatToolBar,NULL,$title); -if ($objSession->GetVariable("HasChanges") == 1) { -?> - - - - -
- -
- - - - - - - -
- - -
- - -Get("PortalUserId"); - - for($i=0;$i"; - echo ""; - echo ""; - } -?> - -"> - - - -
"; - $getvar = "?env=".BuildEnv()."&en=$en&module=$mod_id"; - echo "$module
- Index: trunk/kernel/include/modules.php =================================================================== diff -u -N -r3983 -r4698 --- trunk/kernel/include/modules.php (.../modules.php) (revision 3983) +++ trunk/kernel/include/modules.php (.../modules.php) (revision 4698) @@ -962,10 +962,10 @@ { $var_to_global = $key.'_var_list'; global $$var_to_global; - - if( $FrontEnd==0 || !is_numeric($FrontEnd) || $FrontEnd==2) - { - $rootURL="http://".ThisDomain().$objConfig->Get("Site_Path"); + + $application =& kApplication::Instance(); // just to sure, that object is here in all actions + if($FrontEnd == 0 || !is_numeric($FrontEnd) || $FrontEnd == 2) { + $rootURL = 'http://'.ThisDomain().$objConfig->Get('Site_Path'); $admin = $objConfig->Get("AdminDirectory"); if( !strlen($admin) ) $admin = "admin"; $adminURL = $rootURL.$admin; Index: trunk/kernel/action.php =================================================================== diff -u -N -r4689 -r4698 --- trunk/kernel/action.php (.../action.php) (revision 4689) +++ trunk/kernel/action.php (.../action.php) (revision 4698) @@ -21,12 +21,36 @@ unset($script, $skipDebug); // ====== Debugger related: end ====== - // Session expiration related - require_login( !admin_login() && $Action, 'expired=1', true ); - // End session exipration related - + // permission checking: begin + $action_mapping = Array( + 'm_add_user' => 'in-portal:user_list.add', + 'm_edit_user' => 'in-portal:user_list.edit', + 'm_delete_user' => 'in-portal:user_list.delete', + 'm_user_primarygroup' => 'in-portal:user_list.add|in-portal:user_list.edit', + 'm_approve_user' => 'in-portal:user_list.add|in-portal:user_list.edit', + 'm_deny_user' => 'in-portal:user_list.add|in-portal:user_list.edit', + 'm_clear_searchlog' => 'in-portal:searchlog.delete', + 'm_keyword_reset' => 'in-portal:searchlog.delete', + 'm_themes_rescan' => 'in-portal:configure_themes.add|in-portal:configure_themes.edit', + 'm_theme_primary' => 'in-portal:configure_themes.add|in-portal:configure_themes.edit', + 'm_theme_add' => 'in-portal:configure_themes.add', + 'm_theme_edit' => 'in-portal:configure_themes.edit', + 'm_theme_delete' => 'in-portal:configure_themes.delete', + 'm_sql_query' => 'in-portal:sql_query.edit', + 'm_purge_email_log' => 'in-portal:emaillog.delete', + 'm_session_delete' => 'in-portal:sessionlog.delete', + 'm_add_rule' => 'in-portal:user_banlist.add', + 'm_edit_rule' => 'in-portal:user_banlist.edit', + 'm_rule_move_up' => 'in-portal:user_banlist.add|in-portal:user_banlist.edit', + 'm_rule_move_down' => 'in-portal:user_banlist.add|in-portal:user_banlist.edit', + 'm_rule_delete' => 'in-portal:user_banlist.delete', + 'm_ban_user' => 'in-portal:user_list.add|in-portal:user_list.edit', + ); + checkActionPermission($action_mapping, $Action); + // permission checking: end + switch($Action) { case "m_save_import_config": @@ -184,13 +208,6 @@ } break; - case "m_edit_group": - $objEditItems = new clsGroupList(); - $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup"); - $objEditItems->Edit_Group($_POST["group_id"], $_POST["group_name"],$_POST["group_comments"]); - break; - - case 'm_group_edit': // when editing user membership in group $membership_expires = DateTimestamp( $_POST['membership_expires_date'], GetDateFormat(0, true) ); $membership_expires += SecondsSinceMidnight( $_POST['membership_expires_time'] ); @@ -200,42 +217,6 @@ $objEditItems->Edit_UserGroup($_POST['GroupId'], $_POST['PortalUserId'], $membership_expires); break; - case "m_add_group": - $objEditItems = new clsGroupList(); - $objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup"); - $objEditItems->Add_Group($_POST["group_name"], $_POST["group_comments"],0); - break; - case "m_group_sysperm": - if($ro_perm) break; - if ($_POST["GroupEditStatus"] == 0) { - $objSession->ResetSysPermCache(); - $GroupId = $_POST['GroupId']; - if ($GroupId) { - $objEditItems = new clsGroupList(); - $objEditItems->SourceTable = $objSession->GetEditTable('PortalGroup'); - $g = $objEditItems->GetItemByField('ResourceId', $GroupId); - if (is_object($g)) { - $PermList = explode(',', $_POST['PermList']); - $inheritance = GetVar('inherit') ? GetVar('inherit') : Array(); - $permission_values = GetVar('permvalue') ? GetVar('permvalue') : Array(); - for($i = 0; $i < count($PermList); $i++) { - if (@in_array($PermList[$i], $inheritance)) { - $value = -1; - } - else { - $value = 0; - if (@in_array($PermList[$i], $permission_values)) { - $value = 1; - } - } - - $g->SetSystemPermission($PermList[$i], $value); - } - } - } - } - break; - case "m_user_sysperm": if($ro_perm) break; if($_POST["UserEditStatus"]==0) @@ -307,14 +288,6 @@ $objUsers->Delete_User($userid); break; - case "m_delete_group": - if($ro_perm) break; - foreach($_POST["itemlist"] as $groupid) - { - $objGroups->Delete_Group($groupid); - } - break; - case "m_user_assign": // not sure if action is used anywhere if($ro_perm) break; $useridlist = implode("-", $userlist); @@ -461,26 +434,7 @@ } } break; - - case "m_group_add_user": - if($ro_perm) break; - $objSession->SetVariable("HasChanges", 1); - $group = $_POST["GroupId"]; - $EditGroups = new clsGroupList(); - $EditGroups->SourceTable = $objSession->GetEditTable($objGroups->SourceTable); - $g = $EditGroups->GetItem($group); -// echo "Group: $group
\n"; - if(is_numeric($group)) - { - $users = explode(",",$_POST["userlist"]); - foreach($users as $userid) - { - $u = $objUsers->GetItemByField("ResourceId",$userid); - $g->AddUser($u->Get("PortalUserId")); - } - } - - break; + case "m_group_removeuser": if($ro_perm) break; $objSession->SetVariable("HasChanges", 1); @@ -841,67 +795,6 @@ $application->HandleEvent($event); break; - - case "m_SearchConfig_Edit": - if($ro_perm) break; - $SimpleValues = $_POST["simple"]; - $AdvValues = $_POST["advanced"]; - $module = $_POST["module"]; - $priority = $_POST["pri"]; - //phpinfo(INFO_VARIABLES); - $objSearchConfig = new clsSearchConfigList($module); - foreach($objSearchConfig->Items as $i) - { - $id = $i->Get("SearchConfigId"); - $objSearchConfig->EditFieldSettings($id,(int)$SimpleValues[$id],(int)$AdvValues[$id],$priority[$id]); - } - $objSearchConfig->Clear(); - /* save relevence settings */ - $vals = $_POST["req_increase"]; - foreach($vals as $var=>$value) - { - $cfg = "SearchRel_Increase_".$var; - $objConfig->Set($cfg,$value); - } - $vals = $_POST["rel_keyword"]; - foreach($vals as $var=>$value) - { - $cfg = "SearchRel_Keyword_".$var; - $objConfig->Set($cfg,$value); - } - $vals = $_POST["rel_pop"]; - foreach($vals as $var=>$value) - { - $cfg = "SearchRel_Pop_".$var; - $objConfig->Set($cfg,$value); - } - $vals = $_POST["rel_rating"]; - foreach($vals as $var=>$value) - { - $cfg = "SearchRel_Rating_".$var; - $objConfig->Set($cfg,$value); - } - - $vals = $_POST["multiple"]; - - if (count($vals) > 0) { - foreach($vals as $var=>$value) - { - $cfg = "Search_ShowMultiple_".$var; - $objConfig->Set($cfg,$value); - } - } - else { - $cfg = "Search_ShowMultiple_".$_POST['cfg_var']; - $objConfig->Set($cfg, 0); - } - - if (isset($_POST['minkeyword'])) { - $objConfig->Set("Search_MinKeyword_Length", $_POST['minkeyword']); - } - - $objConfig->Save(); - break; case "m_keyword_reset": if($ro_perm) break; $objSearchList = new clsSearchLogList(); @@ -913,6 +806,7 @@ break; case 'm_clear_searchlog': + if($ro_perm) break; $objSearchList = new clsSearchLogList(); $db =& GetADODBConnection(); $db->Execute('DELETE FROM '.$objSearchList->SourceTable ); @@ -1059,9 +953,6 @@ } break; - - - case "m_review_deny": if (isset($_POST["itemlist"])) { @@ -1089,10 +980,6 @@ } break; - - - - case "m_review_move_up": if (isset($_POST["itemlist"])) { @@ -1256,216 +1143,7 @@ $dummy->Delete(); } break; - - case "m_lang_add": - $ado = &GetADODBConnection(); - $objEditItems = new clsLanguageList(); - $objEditItems->SourceTable = $objSession->GetEditTable("Language"); - - $l = $objEditItems->AddLanguage($_POST["packname"],$_POST["localname"], - (int)$_POST["enabled"],(int)$_POST["primary"], - $_POST["icon"],$_POST["date_format"],$_POST["time_format"], - $_POST["decimal"],$_POST["thousand"],$_POST['charset']); - - $rs = $ado->Execute("SELECT MIN(LanguageId) as MinValue FROM ".$objEditItems->SourceTable); - $NewId = $rs->fields["MinValue"]-1; - $sql = "UPDATE ".$objEditItems->SourceTable." SET LanguageId=".$NewId." WHERE LanguageId=".$l->Get("LanguageId"); - if($objSession->HasSystemPermission("DEBUG.LIST")) - echo $sql."
\n"; - $ado->Execute($sql); - if($_POST["importlabels"]==1 && $_POST["srcpack"]>0) - { - // Phrase import -/* - $sql = "SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"]; - if($objSession->HasSystemPermission("DEBUG.LIST")) - echo $sql."
\n"; - - $rs = $ado->Execute($sql); - $plist = new clsPhraseList(); - $plist->SourceTable = $objSession->GetEditTable("Phrase"); - $sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable; - $as = $ado->Execute($sql); - if($as && !$as->EOF) - { - $MinId = (int)$as->fields["MinId"]; - } - else - $MinId = 0; - $MinId--; - while($rs && !$rs->EOF) - { - $data = $rs->fields; - $plist->AddPhrase($data["Phrase"],$NewId,$data["Translation"],$data["PhraseType"]); - $sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1"; - $ado->Execute($sql); - $MinId--; - $rs->MoveNext(); - } -*/ - $sql='INSERT INTO '.$objSession->GetEditTable('Phrase').' SELECT Phrase, Translation, PhraseType, 0-PhraseId, '.$NewId.' FROM '.GetTablePrefix().'Phrase WHERE LanguageId='.$_POST['srcpack']; - $ado->Execute($sql); - // Events import - $sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"]; - if($objSession->HasSystemPermission("DEBUG.LIST")) - echo $sql."
\n"; - - $rs = $ado->Execute($sql); - - $eList = new clsEmailMessageList(); - //$eList->SourceTable = $objSession->GetEditTable("EmailMessage"); - - if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) { - $eList->CreateEmptyEditTable("EmailMessageId", true); - $eList->SourceTable = $objSession->GetEditTable("EmailMessage"); - } - else { - $eList->SourceTable = $objSession->GetEditTable("EmailMessage"); - } - - $sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable; - $as = $ado->Execute($sql); - - if($as && !$as->EOF) - { - $MinId = (int)$as->fields["MinId"]; - } - else { - $MinId = 0; - } - - $MinId--; - - while($rs && !$rs->EOF) - { - $data = $rs->fields; - $eList->AddEmailEvent($data["Template"], $data["MessageType"], $NewId, $data["EventId"]); - - $sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1"; - $ado->Execute($sql); - - $MinId--; - - $rs->MoveNext(); - } - } - break; - case "m_lang_export": - if($ro_perm) break; - include_once($pathtoroot."kernel/include/xml.php"); - $Ids = $_POST["LangList"]; // language ids list to export phrases from - - $phrase_types = GetVar('langtypes'); - $phrase_types = ($phrase_types !== false) ? implode(',',$phrase_types) : null; - - $filename=$_POST["filename"]; - if(strlen($filename)>0) - { - $ExportFilename = $pathtoroot.$admin."/export/".$filename; - $ExportResult = $objLanguages->ExportPhrases($ExportFilename,$Ids, $phrase_types); - } - break; - - case "m_lang_edit": - $ado = &GetADODBConnection(); - $objEditItems = new clsLanguageList(); - $objEditItems->SourceTable = $objSession->GetEditTable("Language"); - - $objEditItems->EditLanguage($_POST["LanguageId"],$_POST["packname"], - $_POST["localname"],(int)GetVar('enabled'), - (int)GetVar('primary'), $_POST["icon"],$_POST["date_format"], - $_POST["time_format"], $_POST["decimal"],$_POST["thousand"], - $_POST['charset']); - - if( GetVar('importlabels') && $_POST["srcpack"]>0) - { - $rs = $ado->Execute("SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"]); - $plist = new clsPhraseList(); - $plist->SourceTable = $objSession->GetEditTable("Phrase"); - $sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable; - $as = $ado->Execute($sql); - if($as && !$as->EOF) - { - $MinId = (int)$as->fields["MinId"]; - } - else - $MinId = 0; - $MinId--; - while($rs && !$rs->EOF) - { - $data = $rs->fields; - $plist->AddPhrase($data["Phrase"],$_POST["LanguageId"],$data["Translation"],$data["PhraseType"]); - $sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1"; - $ado->Execute($sql); - $MinId--; - $rs->MoveNext(); - } - unset($plist); - - // Events import - $sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"]; - if($objSession->HasSystemPermission("DEBUG.LIST")) - echo $sql."
\n"; - - $rs = $ado->Execute($sql); - - $eList = new clsEmailMessageList(); - //$eList->SourceTable = $objSession->GetEditTable("EmailMessage"); - $l = new clsEmailMessage(); - if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) { - $eList->CreateEmptyEditTable("EmailMessageId", true); - $eList->SourceTable = $objSession->GetEditTable("EmailMessage"); - } - else { - $eList->SourceTable = $objSession->GetEditTable("EmailMessage"); - } - - $sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable; - $as = $ado->Execute($sql); - - if($as && !$as->EOF) - { - $MinId = (int)$as->fields["MinId"]; - } - else { - $MinId = 0; - } - - $MinId--; - - while($rs && !$rs->EOF) - { - $data = $rs->fields; - $eList->AddEmailEvent($data["Template"], $data["MessageType"], $_POST["LanguageId"], $data["EventId"]); - - $sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1"; - $ado->Execute($sql); - - $MinId--; - - $rs->MoveNext(); - } - unset($eList); - } - - break; - case "m_lang_delete": - if($ro_perm) break; - if (isset($_POST["itemlist"])) - { - $Phrases = new clsPhraseList(); - $Messages = new clsEmailMessageList(); - foreach($_POST["itemlist"] as $id) - { - $objLanguages->DeleteLanguage($id); - $Phrases->DeleteLanguage($id); - $Messages->DeleteLanguage($id); - } - unset($Phrases); - unset($Messages); - } - break; - + case "m_lang_select": if($ro_perm) break; $LangId = (int)$_POST["langselect"]; @@ -1561,52 +1239,12 @@ } unset($objPhraseList); break; - case "m_emailevent_disable": - if($ro_perm) break; - $objEvents = new clsEventList(); - if (isset($_POST["itemlist"])) - { - foreach($_POST["itemlist"] as $id) - { - $m =& $objEvents->GetItem($id); - $m->Set("Enabled",0); - $m->Update(); - } - } - unset($objEvents); - break; - case "m_emailevent_enable": - if($ro_perm) break; - $objEvents = new clsEventList(); - if (isset($_POST["itemlist"])) - { - foreach($_POST["itemlist"] as $id) - { - $m =& $objEvents->GetItem($id); - $m->Set("Enabled",1); - $m->Update(); - } - } - unset($objEvents); - break; - case "m_emailevent_frontonly": - if($ro_perm) break; - $objEvents = new clsEventList(); - if (isset($_POST["itemlist"])) - { - foreach($_POST["itemlist"] as $id) - { - $m =& $objEvents->GetItem($id); - $m->Set("Enabled",2); - $m->Update(); - } - } - unset($objEvents); - break; + case "m_dlid": echo $Action.":".$DownloadId; die(); break; + case "m_emailevent_user": if($ro_perm) break; $objEvents = new clsEventList(); @@ -1655,31 +1293,7 @@ $m->Update(); } break; - case "m_config_edit": - //phpinfo(INFO_VARIABLES); - if($ro_perm) break; - $objAdmin = new clsConfigAdmin(); - $objAdmin->module = $_POST["module"]; - $objAdmin->section = $_POST["section"]; - if($objAdmin->section=="in-portal:configure_users") - { - if(strlen($_POST["RootPass"]) && strlen($_POST["RootPassVerify"])) - { - if($_POST["RootPass"]==$_POST["RootPassVerify"]) - { - $_POST["RootPass"] = md5($_POST["RootPass"]); - } - } - else - { - $_POST["RootPass"] = $objConfig->Get("RootPass"); - $_POST["RootPassVerify"] = $objConfig->Get("RootPassVerify"); - } - } - $objAdmin->LoadItems(FALSE); - $objAdmin->SaveItems($_POST); - break; - + case "m_mod_enable": if($ro_perm) break; if (isset($_POST["itemlist"])) @@ -2138,13 +1752,12 @@ $SqlErrorNum = $ado->ErrorNo(); } break; - case "m_purge_email_log": - if($ro_perm) break; - $ado = &GetADODBConnection(); - - $sql = "DELETE FROM ".GetTablePrefix()."EmailLog"; - $ado->Execute($sql); - break; + + case 'm_purge_email_log': + $conn =& $application->GetADODBConnection(); + $conn->Query('DELETE FROM '.TABLE_PREFIX.'EmailLog'); + break; + case "m_session_delete": if($ro_perm) break; $ado = &GetADODBConnection(); @@ -2162,6 +1775,7 @@ $ado->Execute($sql); } break; + case "m_add_rule": $objEditItems = new clsBanRuleList(); $objEditItems->SourceTable = $objSession->GetEditTable("BanRules"); @@ -2303,12 +1917,8 @@ //echo "==== BEGIN ====
"; $has_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY"); -//echo "PortalUserID: [".$objSession->Get("PortalUserId")."]
"; -//print_pre($objSession); -//echo "PermSet: [".$has_perm."]
"; -if( !$has_perm ) -{ +if (!$has_perm) { if( GetVar('ReviewEditStatus') == 1 ) { $objReviews=new clsItemReviewList(); @@ -2391,28 +2001,6 @@ $objGroups->Clear(); } - /* Group Edit */ - if( GetVar('GroupEditStatus') == 1 ) - { - $objUserGroupsList = new clsUserGroupList(); - $objUserGroupsList->CopyFromEditTable("GroupId"); - - $group_ids = $objGroups->CopyFromEditTable("GroupId"); - if ($group_ids) { -// $objCustomDataList->CopyFromEditTable('g'); - } - - $objGroups->Clear(); - } - if( GetVar('GroupEditStatus') == 2 ) - { - $objUserGroupsList = new clsUserGroupList(); - $objGroups->PurgeEditTable("GroupId"); -// $objCustomDataList->PurgeEditTable('g'); - $objUserGroupsList->PurgeEditTable("PortalUserId"); - $objGroups->Clear(); - } - /* Theme Edit */ if( GetVar('ThemeEditStatus') == 1 ) { @@ -2426,32 +2014,6 @@ $objThemes->Clear(); } - /* Language Edit */ - if( GetVar('LangEditStatus') == 1 ) - { - $objLanguages->CopyFromEditTable(); - $objLanguages->Clear(); - $objLanguages->PurgeEditTable(); - - $Phrases = new clsPhraseList(); - $Phrases->CopyFromEditTable(); - $Phrases->Clear(); - $Phrases->PurgeEditTable(); - - $Messages = new clsEmailMessageList(); - $Messages->CopyFromEditTable(); - $Messages->Clear(); - } - if( GetVar('LangEditStatus') == 2 ) - { - $objLanguages->PurgeEditTable(); - $objLanguages->Clear(); - $Phrases = new clsPhraseList(); - $Phrases->PurgeEditTable(); - $Messages = new clsEmailMessageList(); - $Messages->PurgeEditTable(); - } - if( GetVar('MissingLangEditStatus') == 1 ) { $objPhraseList = new clsPhraseList(); Index: trunk/admin/users/addgroup_users.php =================================================================== diff -u -N --- trunk/admin/users/addgroup_users.php (revision 4476) +++ trunk/admin/users/addgroup_users.php (revision 0) @@ -1,307 +0,0 @@ -SourceTable = $objSession->GetEditTable("PortalGroup"); -$objEditItems->EnablePaging = FALSE; - -$en = (int)$_GET["en"]; -$objEditItems->Query_Item("SELECT * FROM ".$objEditItems->SourceTable); -$itemcount=$objEditItems->NumItems(); -$c = $objEditItems->GetItemByIndex($en); - - if($itemcount>1) - { - if ($en+1 == $itemcount) - $en_next = -1; - else - $en_next = $en+1; - - if ($en == 0) - $en_prev = -1; - else - $en_prev = $en-1; - } - $action = "m_edit_group"; - -$envar = "env=" . BuildEnv() . "&en=$en"; - -/* -------------------------------------- Section configuration ------------------------------------------- */ -$section = 'in-portal:editgroup_users'; -$sec = $objSections->GetSection($section); -$SortFieldVar = "User_SortField"; -$SortOrderVar = "User_SortOrder"; -$DefaultSortField = "Login"; -$PerPageVar = "Perpage_User"; -$CurrentPageVar = "Page_UserList"; -$CurrentFilterVar = "User_View"; - -$ListForm = "editgroup"; -$CheckClass = "UserChecks"; - -/* ------------------------------------- Configure the toolbar ------------------------------------------- */ -$objListToolBar = new clsToolBar(); - -$objListToolBar->Set("section",$section); -$objListToolBar->Set("load_menu_func",""); -$objListToolBar->Set("CheckClass",$CheckClass); -$objListToolBar->Set("CheckForm",$ListForm); -$objListToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","do_edit_save('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',1);","tool_select.gif"); -$objListToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","do_edit_save('editgroup','GroupEditStatus','".$admin."/users/user_groups.php',2);","tool_cancel.gif"); -if($itemcount == 1) $objListToolBar->Add("divider"); - -if ( isset($en_prev) || isset($en_next) ) -{ - $url = $RootUrl.$admin."/users/addgroup_users.php"; - $StatusField = "GroupEditStatus"; - $form = "editgroup"; - MultiEditButtons($objListToolBar,$en_next,$en_prev,$form,$StatusField,$url,$sec->Get("OnClick"),'','la_PrevGroup','la_NextGroup'); - $objListToolBar->Add("divider"); -} - - -$listImages = array(); - //$img, $alt, $link, $onMouseOver, $onMouseOut, $onClick - -$objListToolBar->Add("new_group", "la_ToolTip_AddUserToGroup","","swap('new_group','toolbar/tool_usertogroup_f2.gif');", - "swap('new_group', 'toolbar/tool_usertogroup.gif');", - "OpenUserSelector('','','$envar&source=addgroup_users&GroupId=".$c->Get("GroupId")."&destform=popup&destfield=userlist&Selector=radio&dosubmit=1');", - "tool_usertogroup.gif"); - -$objListToolBar->Add("user_del","la_ToolTip_RemoveUserFromGroup","#", "if (UserChecks.itemChecked()) swap('user_del','toolbar/tool_delete_f2.gif');", - "if (UserChecks.itemChecked()) swap('user_del', 'toolbar/tool_delete.gif');","if (UserChecks.itemChecked()) UserChecks.check_submit('addgroup_users', 'm_group_removeuser');", - "tool_delete.gif"); -$listImages[] = "UserChecks.addImage('user_del','$imagesURL/toolbar/tool_delete.gif','$imagesURL/toolbar/tool_delete_f3.gif',1); "; - -$objListToolBar->Add("divider"); - -$objListToolBar->Add("user_print", "la_ToolTip_Print","#","swap('user_print','toolbar/tool_print_f2.gif');", - "swap('user_print', 'toolbar/tool_print.gif');","window.print();","tool_print.gif"); - -$objListToolBar->Add("viewmenubutton", "la_ToolTip_View","#","swap('viewmenubutton','toolbar/tool_view_f2.gif'); ", - "swap('viewmenubutton', 'toolbar/tool_view.gif');", - "ShowViewMenu();","tool_view.gif"); - -$objListToolBar->AddToInitScript($listImages); -$objListToolBar->AddToInitScript("fwLoadMenus();"); - -/* ----------------------------------------- Set the View Filter ---------------------------------------- */ - -/* bit place holders for category view menu */ -$Bit_Pending=4; -$Bit_Disabled=2; -$Bit_Valid=1; -$Bit_All = 7; - -$FilterLabels = array(); - -$FilterLabels[0] = admin_language("la_Text_Enabled"); -$FilterLabels[1] = admin_language("la_Text_Disabled"); -$FilterLabels[2] = admin_language("la_Text_Pending"); - -/* determine current view menu settings */ -$UserView = $objConfig->Get("User_View"); - -if(!is_numeric($UserView)) -{ - $UserView = $Bit_All; //Set all bits ON - $UserFilter = ""; -} - if($UserView & $Bit_Valid) - $Status[] = 1; - - if($UserView & $Bit_Disabled) - $Status[] = 0; - - if($UserView & $Bit_Pending) - $Status[] = 2; - - if(count($Status)>0) - { - $UserFilter = "Status IN (".implode(",",$Status).")"; - } - else - $UserFilter = "Status = -1"; - - -$GroupUsers = $c->GetUserList(true); -if($GroupUsers) -{ - $list = implode(",", $GroupUsers); - $where = "u.PortalUserId IN ($list) "; -} -else -{ - $list=0; - $where = "u.PortalUserId = -1 "; -} -$order = $objConfig->Get("User_SortOrder"); -$SearchWords = $objSession->GetVariable("UserGroupSearchWord"); -if(strlen($SearchWords)) -{ - $where .= ' AND '.$objUsers->AdminSearchWhereClause($SearchWords); -} - -$orderBy = trim($objConfig->Get($SortFieldVar)." ".$order); - -if ($orderBy) { - $orderBy = ' ORDER BY '.$orderBy; -} - -$sql = "SELECT u.*,g.Name AS GroupName,ELT(u.status+1,'".admin_language("la_Text_Disabled")." ','".admin_language("la_Text_Enabled")." ','".admin_language("la_Text_Pending")."') as UserStatus, "; -$sql .="FROM_UNIXTIME(u.CreatedOn,'%m-%d-%Y') AS DateCreated FROM ".GetTablePrefix()."PortalUser as u "; -$sql .="LEFT JOIN ".GetTablePrefix()."UserGroup AS ug ON (u.PortalUserId=ug.PortalUserId) AND (ug.PrimaryGroup = 1) "; -$sql .="LEFT JOIN ".GetTablePrefix()."PortalGroup as g ON (ug.GroupId=g.GroupId) WHERE 1"; - -if($where) { - $sql .= ' AND '.$where; -} - -$sql .= $orderBy; - -//$sql .=" ".GetLimitSQL($objSession->GetVariable("Page_Userlist"),$objConfig->Get("Perpage_User")); -$objListView = new clsListView($objListToolBar); -$objListView->CurrentPageVar = "Page_Userlist"; -$objListView->PerPageVar = "Perpage_User"; - -if($objSession->HasSystemPermission("DEBUG.LIST")) - echo htmlentities($sql,ENT_NOQUOTES)."
\n"; - -$objUsers->Query_Item($sql, $objListView->GetLimitSQL() ); -$itemcount = $list ? TableCount(GetTablePrefix().'PortalUser', 'PortalUserId IN ('.$list.')', 0) : 0; - -$objListView->SetListItems($objUsers); -$objListView->IdField = "ResourceId"; -$objListView->PageLinkTemplate = $pathtoroot. $admin."/templates/user_page_link.tpl"; - -$objListView->ColumnHeaders->Add("Login",admin_language("la_prompt_Username"),1,0,$order,"width=\"15%\"","User_SortField","User_SortOrder","Login"); -$objListView->ColumnHeaders->Add("LastName",admin_language("la_prompt_Last_Name"),1,0,$order,"width=\"15%\"","User_SortField","User_SortOrder","LastName"); -$objListView->ColumnHeaders->Add("FirstName",admin_language("la_prompt_First_Name"),1,0,$order,"width=\"15%\"","User_SortField","User_SortOrder","FirstName"); -$objListView->ColumnHeaders->Add("Email",admin_language("la_prompt_Email"),1,0,$order,"width=\"20%\"","User_SortField","User_SortOrder","Email"); -$objListView->ColumnHeaders->Add("GroupName",admin_language("la_prompt_PrimaryGroup"),1,0,$order,"width=\"20%\"","User_SortField","User_SortOrder","GroupName"); -$objListView->ColumnHeaders->Add("DateCreated",admin_language("la_prompt_CreatedOn"),1,0,$order,"width=\"15%\"","User_SortField","User_SortOrder","DateCreated"); -$objListView->ColumnHeaders->SetSort($objConfig->Get("User_SortField"),$order); - -$objListView->PrintToolBar = FALSE; -$objListView->SearchBar = TRUE; -$objListView->SearchKeywords = $SearchWords; -$objListView->SearchAction="m_usergroup_search"; -$objListView->CheckboxName = "itemlist[]"; -$objListView->TotalItemCount = $itemcount; - -for($i=0;$iItems);$i++) -{ - $u =& $objUsers->GetItemRefByIndex($i); - $objListView->RowIcons[] = $u->StatusIcon(); -} - $objListView->ConfigureViewMenu($SortFieldVar,$SortOrderVar,$DefaultSortField, - $CurrentFilterVar,$UserView,$Bit_All); - - foreach($FilterLabels as $Bit=>$Label) - { - $objListView->AddViewMenuFilter($Label,$Bit); - } - - -$filter = false; // always initialize variables before use -if($objSession->GetVariable("UserGroupSearchWord") != '') { - $filter = true; -} -else { - if ($UserView != $Bit_All) { - $filter = true; - } -} - - -$title = GetTitle("la_Text_Group", "la_tab_Users", $c->Get('GroupId'), $c->Get('Name'));//prompt_language("la_Text_Editing")." ".prompt_language("la_Text_Group")." '".$c->Get("Name")."' - ".prompt_language("la_tab_Users"); -$h = "\n\n\n"; -int_header($objListToolBar,NULL, $title,NULL,$h); -if ($objSession->GetVariable("HasChanges") == 1) { -?> - - - - -
- -
- - - - - - -
- -
- -
-PrintList(); -?> - -"> - -
- - - - -
- - - - -
-
- - -
-
- > - - - - - -
- - - - \ No newline at end of file Index: trunk/admin/users/group_addpermission.php =================================================================== diff -u -N --- trunk/admin/users/group_addpermission.php (revision 2853) +++ trunk/admin/users/group_addpermission.php (revision 0) @@ -1,147 +0,0 @@ -SourceTable = $objSession->GetEditTable("PortalGroup"); -$objEditItems->EnablePaging = FALSE; -$en = (int)$_GET["en"]; -$objEditItems->Query_Item("SELECT * FROM ".$objEditItems->SourceTable); -$itemcount=$objEditItems->NumItems(); -$c = $objEditItems->GetItemByIndex($en); - - if($itemcount>1) - { - if ($en+1 == $itemcount) - $en_next = -1; - else - $en_next = $en+1; - - if ($en == 0) - $en_prev = -1; - else - $en_prev = $en-1; - } - $action = "m_edit_group"; - -$envar = "env=" . BuildEnv() . "&en=$en"; - -$section = 'in-portal:editgroup_permissions'; - -//Display header -$sec = $objSections->GetSection($section); -$objCatToolBar = new clsToolBar(); -$objCatToolBar->Add("img_save", "la_Save","#","swap('img_save','toolbar/tool_select_f2.gif');", "swap('img_save', 'toolbar/tool_select.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/addgroup_permissions.php',0);","tool_select.gif"); -$objCatToolBar->Add("img_cancel", "la_Cancel","#","swap('img_cancel','toolbar/tool_cancel_f2.gif');", "swap('img_cancel', 'toolbar/tool_cancel.gif');","edit_submit('editgroup','GroupEditStatus','".$admin."/users/addgroup_permissions.php',-1);","tool_cancel.gif"); - -$PermModule = $_GET["module"]; - -$title = GetTitle("la_Text_Group", "la_tab_Permissions", $c->Get('GroupId'), $c->Get('Name'));//prompt_language("la_Text_Editing")." ".prompt_language("la_Text_Group")." '".$c->Get("Name")."' - ".prompt_language("la_tab_Permissions"); - -if ( isset($en_prev) || isset($en_next) ) -{ - $url = $RootUrl.$admin."/users/group_addpermission.php"; - $StatusField = "GroupEditStatus"; - $form = "editgroup"; - MultiEditButtons($objCatToolBar,$en_next,$en_prev,$form,$StatusField,$url,$sec->Get("OnClick"),'&module='.$_REQUEST['module'],'la_PrevGroup','la_NextGroup'); -} - -int_header($objCatToolBar,NULL,$title); -if ($objSession->GetVariable("HasChanges") == 1) { -?> - - - - -
- -
- - - - - - - -
- - > -
- - - - ".prompt_language("la_prompt_Description")."\n"; - ?> - -Get("GroupId"); - $ado = &GetADODBConnection(); - $sql = "SELECT * FROM ".GetTablePrefix()."PermissionConfig WHERE ModuleId='$PermModule'"; - if($objSession->HasSystemPermission("DEBUG.LIST")) - echo htmlentities($sql,ENT_NOQUOTES)."
\n"; - - $permlist = array(); - $rs = $ado->Execute($sql); - while($rs && !$rs->EOF) - { - $Permission = $rs->fields["PermissionName"]; - echo "\n"; - echo " \n"; - $checked = ""; - $value = $c->HasSystemPermission($Permission); - $disabled = ""; - if($value==-1) - { - $checked = " checked"; - // $disabled = "DISABLED=\"true\""; - } - //echo " \n"; - $checked = ""; - if($value==1) - { - $checked = "checked"; - $imgsrc = "green"; - } - else - $imgsrc = "red"; - echo " "; - echo ""; - $permlist[]=$Permission; - $rs->MoveNext(); - } -?> - -"> -"> - - -
".prompt_language("la_ColHeader_PermAccess")."
".prompt_language($rs->fields["Description"]).""; - echo "
-