switch ($subaction) { case ' ADD GROUP ': _page_sechead("exhibit.png", "Group Management"); _set_groups("add", $name, $description, 0); break; case ' DELETE ': _page_sechead("exhibit.png", "Group Management"); _set_groups("delete", $name, $description, $groupid); break; case ' UPDATE ': _page_sechead("exhibit.png", "Group Management"); _set_groups("update", $name, $description, $groupid); break; default: _page_sechead("exhibit.png", "Group Management"); _display_groups(); break; } break; case 'users': $groupid = $_REQUEST['groupid']; $userid = $_REQUEST['userid']; $subaction = $_REQUEST['subaction']; switch ($subaction) { case ' ADD GROUP ': _page_sechead("exhibit.png", "User Management"); _set_users("add", $userid, $groupid); break; case ' DELETE ': _page_sechead("exhibit.png", "User Management"); _set_users("delete", $userid, $groupid);
function _set_groups($action, $name, $description, $groupid) { switch ($action) { case 'add': if (isset($name) and isset($description)) { $add_query = "INSERT INTO exhibit_Groups (GroupName,GroupDescription) " . "VALUES ('" . $name . "', '" . $description . "')"; __query($add_query, "", ""); } else { _page_section("error.png", "Could not add group, invalid data."); } break; case 'delete': if (isset($groupid)) { $delete_query = "DELETE FROM exhibit_Groups WHERE ID=" . $groupid . " LIMIT 1"; __query($delete_query, "", ""); $delete_others = "UPDATE exhibit_Permissions SET GroupID='0' WHERE " . "GroupID='" . $groupid . "'"; } else { _page_section("error.png", "Could not delete group, no groupid given"); } break; case 'update': if (isset($groupid) and isset($name) and isset($description)) { $update_query = "UPDATE exhibit_Groups SET GroupName='" . $name . "'," . "GroupDescription='" . $description . "' WHERE ID='" . $groupid . "'"; __query($update_query, "", ""); } else { _page_section("error.png", "Could not update group, invalid data"); } break; default: _page_section("error.png", "Whoops. Did not understand what to do"); break; } _display_groups(); }