/
usergroups.php
122 lines (102 loc) · 4.47 KB
/
usergroups.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
<?php
// usergroups.php - Manage user group membership
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//
// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>
$permission = 23; // Edit user
require ('core.php');
require (APPLICATION_LIBPATH . 'functions.inc.php');
$title = $strUserGroups;
// This page requires authentication
require (APPLICATION_LIBPATH . 'auth.inc.php');
$action = cleanvar($_REQUEST['action']);
switch ($action)
{
case 'savemembers':
$sql = "SELECT * FROM `{$dbUsers}` ORDER BY realname";
$result = mysql_query($sql);
if (mysql_error()) trigger_error(mysql_error(),E_USER_WARNING);
while ($user = mysql_fetch_object($result))
{
$usql = "UPDATE `{$dbUsers}` SET groupid = '".cleanvar($_POST["group{$user->id}"])."' WHERE id='{$user->id}'";
mysql_query($usql);
if (mysql_error()) trigger_error(mysql_error(),E_USER_ERROR);
}
html_redirect("usergroups.php");
break;
case 'addgroup':
$group = cleanvar($_REQUEST['group']);
if (empty($group))
{
html_redirect("usergroups.php", FALSE, sprintf($strFieldMustNotBeBlank, "'{$strName}'"));
exit;
}
$sql = "INSERT INTO `{$dbGroups}` (name) VALUES ('{$group}')";
mysql_query($sql);
if (mysql_error()) trigger_error(mysql_error(),E_USER_ERROR);
html_redirect("usergroups.php");
break;
case 'deletegroup':
$groupid = cleanvar($_REQUEST['groupid']);
// Remove group membership for all users currently assigned to this group
$sql = "UPDATE `{$dbUsers}` SET groupid = '' WHERE groupid = '{$groupid}'";
mysql_query($sql);
if (mysql_error()) trigger_error(mysql_error(),E_USER_ERROR);
// Remove the group
$sql = "DELETE FROM `{$dbGroups}` WHERE id='{$groupid}' LIMIT 1";
mysql_query($sql);
if (mysql_error()) trigger_error(mysql_error(),E_USER_ERROR);
html_redirect("usergroups.php");
break;
default:
include (APPLICATION_INCPATH . 'htmlheader.inc.php');
echo "<h2>{$strUserGroups}</h2>";
$gsql = "SELECT * FROM `{$dbGroups}` ORDER BY name";
$gresult = mysql_query($gsql);
if (mysql_error()) trigger_error(mysql_error(),E_USER_WARNING);
while ($group = mysql_fetch_object($gresult))
{
$grouparr[$group->id]=$group->name;
}
$numgroups = count($grouparr);
echo "<form action='{$_SERVER['PHP_SELF']}' method='post'>";
echo "<table summary=\"{$strUserGroups}\" align='center'>";
echo "<tr><th>{$strGroup}</th><th>{$strOperation}</th></tr>\n";
if ($numgroups > 0)
{
foreach ($grouparr AS $groupid => $groupname)
{
echo "<tr><td>$groupname</td><td><a href='usergroups.php?groupid={$groupid}&action=deletegroup'>{$strDelete}</a></td></tr>\n";
}
}
echo "<tr><td><input type='text' name='group' value='' size='10' maxlength='255' />";
echo "<input type='hidden' name='action' value='addgroup' />";
echo "</td><td><input type='submit' name='add' value='{$strAdd}' /></td></tr>\n";
echo "</table>";
echo "</form>";
if ($numgroups > 0)
{
echo "<h3>{$strGroupMembership}</h3>";
$sql = "SELECT * FROM `{$dbUsers}` WHERE status !=0 ORDER BY realname"; // status=0 means left company
$result = mysql_query($sql);
if (mysql_error()) trigger_error(mysql_error(),E_USER_WARNING);
echo "<form action='{$_SERVER['PHP_SELF']}' method='post'>";
echo "<table summary='{$strGroupMembership}' align='center'>";
echo "<tr><th>{$strUser}</th><th>{$strGroup}</th></tr>";
while ($user = mysql_fetch_object($result))
{
echo "<tr><td>{$user->realname} ({$user->username})</td>";
echo "<td>".group_drop_down("group{$user->id}",$user->groupid)."</td></tr>\n";
}
echo "</table>\n";
echo "<p><input type='hidden' name='action' value='savemembers' /><input type='submit' value='{$strSave}' /></p>";
echo "</form>";
}
include (APPLICATION_INCPATH . 'htmlfooter.inc.php');
}
?>