function showUsers($result, $rowsFound, $query, $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $previousOffset, $nextOffset, $showMaxRow, $viewType, $displayType)
{
global $connection;
global $HeaderString;
global $loginWelcomeMsg;
global $loginStatus;
global $loginLinks;
global $loginEmail;
global $adminLoginEmail;
global $defaultCiteStyle;
global $maximumBrowseLinks;
global $loc;
// '$loc' is made globally available in 'core.php'
if ($rowsFound > 0) {
// BEGIN RESULTS HEADER --------------------
// 1) First, initialize some variables that we'll need later on
// Note: In contrast to 'search.php', we don't hide any columns but the user_id column (see below)
// However, in order to maintain a similar code structure to 'search.php' we define $CounterMax here as well & simply set it to 0:
$CounterMax = "0";
// count the number of fields
$fieldsFound = mysql_num_fields($result);
// hide those last columns that were added by the script and not by the user
$fieldsToDisplay = $fieldsFound - (1 + $CounterMax);
// (1+$CounterMax) -> $CounterMax is increased by 1 in order to hide the user_id column (which was added to make the checkbox work)
// Calculate the number of all visible columns (which is needed as colspan value inside some TD tags)
if ($showLinks == "1") {
$NoColumns = 1 + $fieldsToDisplay + 1;
} else {
$NoColumns = 1 + $fieldsToDisplay;
}
// add checkbox column
// Note: we omit the results header in print/mobile view! ('viewType=Print' or 'viewType=Mobile')
if (!preg_match("/^(Print|Mobile)\$/i", $viewType)) {
// Specify which colums are available in the popup menus of the results header:
$dropDownFieldsArray = array("first_name" => "first_name", "last_name" => "last_name", "title" => "title", "institution" => "institution", "abbrev_institution" => "abbrev_institution", "corporate_institution" => "corporate_institution", "address_line_1" => "address_line_1", "address_line_2" => "address_line_2", "address_line_3" => "address_line_3", "zip_code" => "zip_code", "city" => "city", "state" => "state", "country" => "country", "phone" => "phone", "email" => "email", "url" => "url", "language" => "language", "keywords" => "keywords", "notes" => "notes", "marked" => "marked", "last_login" => "last_login", "logins" => "logins", "user_id" => "user_id", "user_groups" => "user_groups", "created_date" => "created_date", "created_time" => "created_time", "created_by" => "created_by", "modified_date" => "modified_date", "modified_time" => "modified_time", "modified_by" => "modified_by");
// Extract the first field from the 'WHERE' clause:
if (preg_match("/ WHERE [ ()]*(\\w+)/i", $query)) {
$selectedField = preg_replace("/.+ WHERE [ ()]*(\\w+).*/i", "\\1", $query);
} else {
$selectedField = "last_name";
}
// in the 'Search within Results" form, we'll select the 'last_name' field by default
// Build a TABLE with forms containing options to show the user groups, refine the search results or change the displayed columns:
// - Build a FORM with a popup containing the user groups:
$formElementsGroup = buildGroupSearchElements("users.php", $queryURL, $query, $showQuery, $showLinks, $showRows, $defaultCiteStyle, "", $displayType);
// function 'buildGroupSearchElements()' is defined in 'include.inc.php'
// - Build a FORM containing options to refine the search results:
// Call the 'buildRefineSearchElements()' function (defined in 'include.inc.php') which does the actual work:
$formElementsRefine = buildRefineSearchElements("users.php", $queryURL, $showQuery, $showLinks, $showRows, $defaultCiteStyle, "", $dropDownFieldsArray, $selectedField, $displayType);
// - Build a FORM containing display options (show/hide columns or change the number of records displayed per page):
// Call the 'buildDisplayOptionsElements()' function (defined in 'include.inc.php') which does the actual work:
$formElementsDisplayOptions = buildDisplayOptionsElements("users.php", $queryURL, $showQuery, $showLinks, $rowOffset, $showRows, $defaultCiteStyle, "", $dropDownFieldsArray, $selectedField, $fieldsToDisplay, $displayType, "");
echo displayResultsHeader("users.php", $formElementsGroup, $formElementsRefine, $formElementsDisplayOptions, $displayType);
// function 'displayResultsHeader()' is defined in 'results_header.inc.php'
}
// and insert a divider line (which separates the results header from the browse links & results data below):
if (!preg_match("/^(Print|Mobile)\$/i", $viewType)) {
// Note: we omit the divider line in print/mobile view! ('viewType=Print' or 'viewType=Mobile')
echo "\n<hr class=\"resultsheader\" align=\"center\" width=\"93%\">";
}
// Build a TABLE with links for "previous" & "next" browsing, as well as links to intermediate pages
// call the 'buildBrowseLinks()' function (defined in 'include.inc.php'):
$BrowseLinks = buildBrowseLinks("users.php", $query, $NoColumns, $rowsFound, $showQuery, $showLinks, $showRows, $rowOffset, $previousOffset, $nextOffset, "1", $maximumBrowseLinks, "sqlSearch", $displayType, $defaultCiteStyle, "", "", "", $viewType);
// Note: we set the last 3 fields ('$citeOrder', '$orderBy' & $headerMsg') to "" since they aren't (yet) required here
echo $BrowseLinks;
// Start a FORM
echo "\n<form action=\"users.php\" method=\"GET\" name=\"queryResults\">" . "\n<input type=\"hidden\" name=\"formType\" value=\"queryResults\">" . "\n<input type=\"hidden\" name=\"submit\" value=\"Add\">" . "\n<input type=\"hidden\" name=\"showRows\" value=\"{$showRows}\">" . "\n<input type=\"hidden\" name=\"rowOffset\" value=\"{$rowOffset}\">" . "\n<input type=\"hidden\" name=\"sqlQuery\" value=\"{$queryURL}\">";
// And start a TABLE
echo "\n<table id=\"columns\" class=\"results\" align=\"center\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\" width=\"95%\" summary=\"This table displays users of this database\">";
// For the column headers, start another TABLE ROW ...
echo "\n<tr>";
// ... print a marker ('x') column (which will hold the checkboxes within the results part)
if (!preg_match("/^(Print|Mobile)\$/i", $viewType)) {
// Note: we omit the marker column in print/mobile view! ('viewType=Print' or 'viewType=Mobile')
echo "\n\t<th align=\"left\" valign=\"top\"> </th>";
}
// for each of the attributes in the result set...
for ($i = 0; $i < $fieldsToDisplay; $i++) {
// ...print out each of the attribute names
// in that row as a separate TH (Table Header)...
$HTMLbeforeLink = "\n\t<th align=\"left\" valign=\"top\">";
// start the table header tag
$HTMLafterLink = "</th>";
// close the table header tag
// call the 'buildFieldNameLinks()' function (defined in 'include.inc.php'), which will return a properly formatted table header tag holding the current field's name
// as well as the URL encoded query with the appropriate ORDER clause:
$tableHeaderLink = buildFieldNameLinks("users.php", $query, "", $result, $i, $showQuery, $showLinks, $rowOffset, $showRows, "1", $defaultCiteStyle, $HTMLbeforeLink, $HTMLafterLink, "sqlSearch", $displayType, "", "", "", $viewType);
echo $tableHeaderLink;
// print the attribute name as link
}
if ($showLinks == "1") {
$newORDER = "ORDER BY user_id";
// Build the appropriate ORDER BY clause to facilitate sorting by Links column
$HTMLbeforeLink = "\n\t<th align=\"left\" valign=\"top\">";
// start the table header tag
$HTMLafterLink = "</th>";
// close the table header tag
// call the 'buildFieldNameLinks()' function (defined in 'include.inc.php'), which will return a properly formatted table header tag holding the current field's name
// as well as the URL encoded query with the appropriate ORDER clause:
$tableHeaderLink = buildFieldNameLinks("users.php", $query, $newORDER, $result, $i, $showQuery, $showLinks, $rowOffset, $showRows, "1", $defaultCiteStyle, $HTMLbeforeLink, $HTMLafterLink, "sqlSearch", $displayType, $loc["Links"], "user_id", "", $viewType);
echo $tableHeaderLink;
// print the attribute name as link
}
// Finish the row
echo "\n</tr>";
// END RESULTS HEADER ----------------------
// display default user
echo "<tr class=\"odd\">";
echo "<td align=\"left\" valign=\"top\" width=\"10\"><input DISABLED type=\"checkbox\"</td>";
echo "<td valign=\"top\"colspan=2>Account options for anyone who isn't logged in</td>";
echo "<td valign=\"top\">-</td><td valign=\"top\">-</td><td valign=\"top\">-</td><td valign=\"top\">-</td>";
echo "<td><a href=\"user_options.php?userID=0" . "\"><img src=\"img/options.gif\" alt=\"" . $loc["options"] . "\" title=\"" . $loc["LinkTitle_EditOptions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a></td>";
echo "</tr>";
// BEGIN RESULTS DATA COLUMNS --------------
for ($rowCounter = 0; $rowCounter < $showRows && ($row = @mysql_fetch_array($result)); $rowCounter++) {
if (is_integer($rowCounter / 2)) {
// if we currently are at an even number of rows
$rowClass = "even";
} else {
$rowClass = "odd";
}
// ... start a TABLE ROW ...
echo "\n<tr class=\"" . $rowClass . "\">";
// ... print a column with a checkbox
if (!preg_match("/^(Print|Mobile)\$/i", $viewType)) {
// Note: we omit the marker column in print/mobile view! ('viewType=Print' or 'viewType=Mobile')
echo "\n\t<td align=\"left\" valign=\"top\" width=\"10\"><input type=\"checkbox\" name=\"marked[]\" value=\"" . $row["user_id"] . "\"></td>";
}
// ... and print out each of the attributes
// in that row as a separate TD (Table Data)
for ($i = 0; $i < $fieldsToDisplay; $i++) {
// fetch the current attribute name:
$orig_fieldname = getMySQLFieldInfo($result, $i, "name");
// function 'getMySQLFieldInfo()' is defined in 'include.inc.php'
if (preg_match("/^email\$/", $orig_fieldname)) {
echo "\n\t<td valign=\"top\"><a href=\"mailto:" . $row["email"] . "\">" . $row["email"] . "</a></td>";
} elseif (preg_match("/^url\$/", $orig_fieldname) and !empty($row["url"])) {
echo "\n\t<td valign=\"top\"><a href=\"" . $row["url"] . "\">" . $row["url"] . "</a></td>";
} else {
echo "\n\t<td valign=\"top\">" . encodeHTML($row[$i]) . "</td>";
}
}
// embed appropriate links (if available):
if ($showLinks == "1") {
echo "\n\t<td valign=\"top\">";
echo "\n\t\t<a href=\"user_receipt.php?userID=" . $row["user_id"] . "\"><img src=\"img/details.gif\" alt=\"" . $loc["details"] . "\" title=\"" . $loc["LinkTitle_ShowDetailsAndOptions"] . "\" width=\"9\" height=\"17\" hspace=\"0\" border=\"0\"></a> ";
echo "\n\t\t<a href=\"user_details.php?userID=" . $row["user_id"] . "\"><img src=\"img/edit.gif\" alt=\"" . $loc["edit"] . "\" title=\"" . $loc["LinkTitle_EditDetails"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a> ";
echo "\n\t\t<a href=\"user_options.php?userID=" . $row["user_id"] . "\"><img src=\"img/options.gif\" alt=\"" . $loc["options"] . "\" title=\"" . $loc["LinkTitle_EditOptions"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a> ";
$adminUserID = getUserID($adminLoginEmail);
// ...get the admin's 'user_id' using his/her 'adminLoginEmail' (function 'getUserID()' is defined in 'include.inc.php')
if ($row["user_id"] != $adminUserID) {
// we only provide a delete link if this user isn't the admin:
echo "\n\t\t<a href=\"user_receipt.php?userID=" . $row["user_id"] . "&userAction=Delete" . "\"><img src=\"img/delete.gif\" alt=\"" . $loc["delete"] . "\" title=\"" . $loc["LinkTitle_DeleteUser"] . "\" width=\"11\" height=\"17\" hspace=\"0\" border=\"0\"></a>";
}
echo "\n\t</td>";
}
// Finish the row
echo "\n</tr>";
}
// Then, finish the table
echo "\n</table>";
// END RESULTS DATA COLUMNS ----------------
// BEGIN RESULTS FOOTER --------------------
// Note: we omit the results footer in print/mobile view! ('viewType=Print' or 'viewType=Mobile')
if (!preg_match("/^(Print|Mobile)\$/i", $viewType)) {
// Again, insert the (already constructed) BROWSE LINKS
// (i.e., a TABLE with links for "previous" & "next" browsing, as well as links to intermediate pages)
echo $BrowseLinks;
// Insert a divider line (which separates the results data from the results footer):
echo "\n<hr class=\"resultsfooter\" align=\"center\" width=\"93%\">";
// Build a TABLE containing rows with buttons which will trigger actions that act on the selected users
// Call the 'buildUserResultsFooter()' function (which does the actual work):
$userResultsFooter = buildUserResultsFooter($NoColumns);
echo $userResultsFooter;
}
// END RESULTS FOOTER ----------------------
// Finally, finish the form
echo "\n</form>";
} else {
// Report that nothing was found:
echo "\n<table id=\"error\" class=\"results\" align=\"center\" border=\"0\" cellpadding=\"0\" cellspacing=\"10\" width=\"95%\" summary=\"This table displays users of this database\">" . "\n<tr>" . "\n\t<td valign=\"top\">Sorry, but your query didn't produce any results! <a href=\"javascript:history.back()\">Go Back</a></td>" . "\n</tr>" . "\n</table>";
}
// end if $rowsFound body
}
function findDuplicates($sqlQuery, $originalDisplayType)
{
global $tableRefs, $tableUserData;
// defined in 'db.inc.php'
global $alnum, $alpha, $cntrl, $dash, $digit, $graph, $lower, $print, $punct, $space, $upper, $word, $patternModifiers;
// defined in 'transtab_unicode_charset.inc.php' and 'transtab_latin1_charset.inc.php'
// re-assign the correct display type (i.e. the view that was active when the user clicked the 'dups' link in the header):
if (!empty($originalDisplayType)) {
$displayType = $originalDisplayType;
}
// Extract form variables provided by the 'duplicateSearch' form in 'duplicate_search.php':
if (isset($_REQUEST['matchFieldsSelector'])) {
if (is_string($_REQUEST['matchFieldsSelector'])) {
// we accept a string containing a (e.g. comma delimited) list of field names
$selectedFieldsArray = preg_split("/[^a-z_]+/", $_REQUEST['matchFieldsSelector'], -1, PREG_SPLIT_NO_EMPTY);
} else {
// the field list is already provided as array:
$selectedFieldsArray = $_REQUEST['matchFieldsSelector'];
}
} else {
$selectedFieldsArray = array();
}
if (isset($_REQUEST['ignoreWhitespace']) and $_REQUEST['ignoreWhitespace'] == "1") {
$ignoreWhitespace = "1";
} else {
$ignoreWhitespace = "0";
}
if (isset($_REQUEST['ignorePunctuation']) and $_REQUEST['ignorePunctuation'] == "1") {
$ignorePunctuation = "1";
} else {
$ignorePunctuation = "0";
}
if (isset($_REQUEST['ignoreCharacterCase']) and $_REQUEST['ignoreCharacterCase'] == "1") {
$ignoreCharacterCase = "1";
} else {
$ignoreCharacterCase = "0";
}
if (isset($_REQUEST['ignoreAuthorInitials']) and $_REQUEST['ignoreAuthorInitials'] == "1") {
$ignoreAuthorInitials = "1";
} else {
$ignoreAuthorInitials = "0";
}
if (isset($_REQUEST['nonASCIIChars'])) {
$nonASCIIChars = $_REQUEST['nonASCIIChars'];
} else {
$nonASCIIChars = "keep";
}
// VALIDATE FORM DATA:
$errors = array();
// Validate the field selector:
if (empty($selectedFieldsArray)) {
$errors["matchFieldsSelector"] = "You must select at least one field:";
}
// Validate the 'SQL Query' field:
if (empty($sqlQuery)) {
$errors["sqlQuery"] = "You must specify a query string:";
} elseif (!preg_match("/^SELECT/i", $sqlQuery)) {
$errors["sqlQuery"] = "You can only execute SELECT queries:";
}
// Check if there were any errors:
if (count($errors) > 0) {
// In case of an error, we write all form variables back to the '$formVars' array
// (which 'duplicate_search.php' requires to reload form values):
foreach ($_REQUEST as $varname => $value) {
$formVars[$varname] = $value;
}
// Since checkbox form fields do only get included in the '$_REQUEST' array if they were marked,
// we have to add appropriate array elements for all checkboxes that weren't set:
if (!isset($formVars["ignoreWhitespace"])) {
$formVars["ignoreWhitespace"] = "0";
}
if (!isset($formVars["ignorePunctuation"])) {
$formVars["ignorePunctuation"] = "0";
}
if (!isset($formVars["ignoreCharacterCase"])) {
$formVars["ignoreCharacterCase"] = "0";
}
if (!isset($formVars["ignoreAuthorInitials"])) {
$formVars["ignoreAuthorInitials"] = "0";
}
if (!isset($formVars["showLinks"])) {
$formVars["showLinks"] = "0";
}
// Write back session variables:
saveSessionVariable("errors", $errors);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("formVars", $formVars);
// There are errors. Relocate back to 'duplicate_search.php':
header("Location: duplicate_search.php");
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// CONSTRUCT SQL QUERY (1. DUPLICATE SEARCH):
// To identify any duplicates within the results of the original query, we build a new query based on the original SQL query:
$query = $sqlQuery;
// Replace SELECT list of columns with those from '$selectedFieldsArray' (plus the 'serial' column):
$selectedFieldsString = implode(", ", $selectedFieldsArray);
$query = newSELECTclause("SELECT " . $selectedFieldsString . ", serial", $query, false);
// function 'newSELECTclause()' is defined in 'include.inc.php'
// Replace any existing ORDER BY clause with the list of columns given in '$selectedFieldsArray':
$query = newORDERclause("ORDER BY " . $selectedFieldsString, $query, false);
// function 'newORDERclause()' is defined in 'include.inc.php'
// Fix escape sequences within the SQL query:
$query = stripSlashesIfMagicQuotes($query);
// RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
// PROCESS RESULTS:
$recordSerialsArray = array();
$duplicateRecordSerialsArray = array();
$rowsFound = @mysql_num_rows($result);
// Identify any records with matching field data:
if ($rowsFound > 0) {
// Count the number of fields:
$fieldsFound = mysql_num_fields($result);
// Loop over each row in the result set:
for ($rowCounter = 0; $row = @mysql_fetch_array($result); $rowCounter++) {
$recordIdentifier = "";
// make sure our buffer variable is empty
// For each row, loop over each field (except for the last one which is the 'serial' field):
for ($i = 0; $i < $fieldsFound - 1; $i++) {
// fetch the current attribute name:
$fieldName = getMySQLFieldInfo($result, $i, "name");
// function 'getMySQLFieldInfo()' is defined in 'include.inc.php'
// normalize author names:
if ($fieldName == "author" and $ignoreAuthorInitials == "1") {
// this is a stupid hack that maps the names of the '$row' array keys to those used
// by the '$formVars' array (which is required by function 'parsePlaceholderString()')
// (eventually, the '$formVars' array should use the MySQL field names as names for its array keys)
$formVars = buildFormVarsArray($row);
// function 'buildFormVarsArray()' is defined in 'include.inc.php'
// ignore initials in author names:
$row[$i] = parsePlaceholderString($formVars, "<:authors[0||]:>", "");
// function 'parsePlaceholderString()' is defined in 'include.inc.php'
}
$recordIdentifier .= $row[$i];
// merge all field values to form a unique record identifier string
}
// Normalize record identifier string:
if ($ignoreWhitespace == "1") {
// ignore whitespace
$recordIdentifier = preg_replace("/\\s+/", "", $recordIdentifier);
}
if ($ignorePunctuation == "1") {
// ignore punctuation
$recordIdentifier = preg_replace("/[{$punct}]+/{$patternModifiers}", "", $recordIdentifier);
}
if ($ignoreCharacterCase == "1") {
// ignore character case
$recordIdentifier = strtolower($recordIdentifier);
}
if ($nonASCIIChars == "strip") {
// strip non-ASCII characters
$recordIdentifier = handleNonASCIIAndUnwantedCharacters($recordIdentifier, "\\S\\s", "strip");
} elseif ($nonASCIIChars == "transliterate") {
// transliterate non-ASCII characters
$recordIdentifier = handleNonASCIIAndUnwantedCharacters($recordIdentifier, "\\S\\s", "transliterate");
}
// Check whether the record identifier string has occurred already:
if (isset($recordSerialsArray[$recordIdentifier])) {
// this record identifier string has already been seen
$recordSerialsArray[$recordIdentifier][] = $row["serial"];
} else {
// new record identifier string
$recordSerialsArray[$recordIdentifier] = array($row["serial"]);
}
// add a new array element for this record's identifier string (and store its serial number as value within a sub-array)
}
// Collect all array elements from '$recordSerialsArray' where their sub-array contains more than one serial number:
foreach ($recordSerialsArray as $recordSerials) {
if (count($recordSerials) > 1) {
foreach ($recordSerials as $recordSerial) {
$duplicateRecordSerialsArray[] = $recordSerial;
}
}
// add this record's serial number to the array of duplicate record serials
}
} else {
// TODO!
}
if (empty($duplicateRecordSerialsArray)) {
$duplicateRecordSerialsArray[] = "0";
}
// if no duplicate records were found, the non-existing serial number '0' will result in a "nothing found" feedback
// CONSTRUCT SQL QUERY (2. DUPLICATES DISPLAY):
// To display any duplicates that were found within the results of the original query, we build again a new query based on the original SQL query:
$query = $sqlQuery;
// Replace WHERE clause:
// TODO: maybe make this into a generic function? (compare with function 'extractWHEREclause()' in 'include.inc.php')
$duplicateRecordSerialsString = implode("|", $duplicateRecordSerialsArray);
$query = preg_replace("/(?<=WHERE )(.+?)(?= ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|[ ;]+(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|FILE)\\b|\$)/i", "serial RLIKE \"^(" . $duplicateRecordSerialsString . ")\$\"", $query);
// Replace any existing ORDER BY clause with the list of columns given in '$selectedFieldsArray':
$query = newORDERclause("ORDER BY " . $selectedFieldsString, $query, false);
return array($query, $displayType);
}
function getPermissions($user_OR_groupID, $permissionType, $savePermissionsToSessionVariable)
{
global $tableUserPermissions;
// defined in 'db.inc.php'
// NOTE: the group permissions feature (table 'group_permissions') has not been implemented yet, i.e., currently, only '$permissionType=user' is recognized!
// global $tableGroupPermissions;
// if ($permissionType == "group")
// $tablePermissions = $tableGroupPermissions;
// else
$tablePermissions = $tableUserPermissions;
connectToMySQLDatabase();
// CONSTRUCT SQL QUERY:
// Fetch all permission settings from the 'user_permissions' (or 'group_permissions') table for the current user:
$query = "SELECT allow_add, allow_edit, allow_delete, allow_download, allow_upload, allow_list_view, allow_details_view, allow_print_view, allow_browse_view, allow_sql_search, allow_user_groups, allow_user_queries, allow_rss_feeds, allow_import, allow_export, allow_cite, allow_batch_import, allow_batch_export, allow_modify_options FROM " . $tablePermissions . " WHERE " . $permissionType . "_id = " . quote_smart($user_OR_groupID);
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection
if (mysql_num_rows($result) == 1) {
$userPermissionsArray = array();
// initialize array variables
$userPermissionsFieldNameArray = array();
$row = mysql_fetch_array($result);
// fetch the one row into the array '$row'
$fieldsFound = mysql_num_fields($result);
// count the number of fields
for ($i = 0; $i < $fieldsFound; $i++) {
// Fetch the current attribute name:
$fieldName = getMySQLFieldInfo($result, $i, "name");
$userPermissionsArray[$fieldName] = $row[$i];
// ... append this field's permission value using the field's permission name as key
if ($row[$i] == "yes") {
// if the current permission is set to 'yes'...
$userPermissionsFieldNameArray[] = $fieldName;
}
// ... append this field's permission name (as value) to the array of allowed user actions
}
// join array of allowed user actions with '; ' as separator:
$allowedUserActionsString = implode('; ', $userPermissionsFieldNameArray);
if ($savePermissionsToSessionVariable) {
// Write the resulting string of allowed user actions into a session variable:
saveSessionVariable("user_permissions", $allowedUserActionsString);
}
return $userPermissionsArray;
} else {
if ($savePermissionsToSessionVariable) {
// since no (or more than one) user/group was found with the given ID, we fall back to the default permissions which apply when no user is logged in, i.e.,
// we assume 'user_id' or 'group_id' is zero! (the 'start_session()' function will take care of setting up permissions when no user is logged in)
deleteSessionVariable("user_permissions");
}
// therefore, we delete any existing 'user_permissions' session variable (which is now outdated)
return array();
}
}
