$errors[] = lang("SQL_ERROR"); } } } //Remove permission level if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($remove, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPermission($add, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } $userdetails = fetchUserDetails(NULL, NULL, $userId); } } $userPermission = fetchUserPermissions($userId); $permissionData = fetchAllPermissions(); require_once "models/header.php"; echo "\r\n<div class='container'>\r\n<h1>PerunioCMS</h1>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminUser' action='" . $_SERVER['PHP_SELF'] . "?id=" . $userId . "' method='post'>\r\n<table class='admin'><tr><td>\r\n<h3>User Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $userdetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Username:</label>\r\n" . $userdetails['user_name'] . "\r\n</p>\r\n<p>\r\n<label>Display Name:</label>\r\n<input type='text' name='display' value='" . $userdetails['display_name'] . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='email' value='" . $userdetails['email'] . "' />\r\n</p>\r\n<p>\r\n<label>Active:</label>"; //Display activation link, if account inactive
} } } //Remove access to pages if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($permissionId, $remove)) { $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Add access to pages if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPermission($permissionId, $add)) { $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Remove access to pages if (!empty($_POST['removePage'])) { $remove = $_POST['removePage']; if ($deletion_count = removePage($remove, $permissionId)) { $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Add access to pages
} // verify given ini file exists $iniFile = $argv[1]; if (!file_exists($iniFile)) { echo "Cannot find file [{$iniFile}]\n"; exit(-1); } // bootstrap require_once dirname(__FILE__) . '/../../bootstrap.php'; // load configurations from ini file $ini = new Zend_Config_Ini($iniFile); // add new permissions $newPermissionsCfg = $ini->permissions; if ($newPermissionsCfg) { foreach ($newPermissionsCfg as $permCfg) { addPermission($permCfg); } } // add new api action permission items $newActionItemsCfg = $ini->action_permission_items; if ($newActionItemsCfg) { foreach ($newActionItemsCfg as $itemCfg) { addActionPermissionItem($itemCfg); } } // add new api parameters permission items $newParameterItemsCfg = $ini->parameter_permission_items; if ($newParameterItemsCfg) { foreach ($newParameterItemsCfg as $itemCfg) { addParameterPermissionItem($itemCfg); }
</style> <script language="javascript" src="javascripts/javaScriptFunctions.js"></script> <head> </head> <body> <form name="permissiongroups" action="managePermissionGroups.php" method="post" onsubmit="return confirmDelete()"> <?php // call function to show all the permissions groups and add group main page if (isset($_POST['deletePermission'])) { if (isset($_POST['selectedPermission'])) { deletePermission($_POST['selectedPermission']); } // call a function to delete the permission } if (isset($_POST['addPermission'])) { addPermission(); // call a function to delete the permission } new_draw_persmissions_page(); ?> </form> <?php // check which radio button was selected /******************************************************************************* *Name: addPermission *Discription: This functions adds a permission from the database *input: the global $_POST with the correct fields *output: none *Author: Amit Eitan *Date: 28/9/2008 00:42 ********************************************************************************/
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $permissionId = $_GET['id']; //Check if selected permission level exists if (!permissionIdExists($permissionId)) { header("Location: " . site_url('admin_permissions')); die; } $permissionDetails = fetchPermissionDetails($permissionId); //Fetch information specific to permission level //Forms posted if (!empty($_POST)) { //Delete selected permission level if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deletePermission($deletions)) { $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count)); header("Location: " . site_url('admin_permissions')); } else { $errors[] = lang("SQL_ERROR"); } } else { //Update permission level name if ($permissionDetails[0]['name'] != $_POST['name']) { $permission = trim($_POST['name']); //Validate new name if (permissionNameExists($permission)) { $errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission)); } elseif (minMaxRange(1, 50, $permission)) { $errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50)); } else { if (updatePermissionName($permissionId, $permission)) { $successes[] = lang("PERMISSION_NAME_UPDATE", array($permission)); } else { $errors[] = lang("SQL_ERROR"); } } } //Remove access to pages if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($permissionId, $remove)) { $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Add access to pages if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPermission($permissionId, $add)) { $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Remove access to pages if (!empty($_POST['removePage'])) { $remove = $_POST['removePage']; if ($deletion_count = removePage($remove, $permissionId)) { $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Add access to pages if (!empty($_POST['addPage'])) { $add = $_POST['addPage']; if ($addition_count = addPage($add, $permissionId)) { $successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } $permissionDetails = fetchPermissionDetails($permissionId); } } $pagePermissions = fetchPermissionPages($permissionId); //Retrieve list of accessible pages $permissionUsers = fetchPermissionUsers($permissionId); //Retrieve list of users with membership $userData = fetchAllUsers(); //Fetch all users $pageData = fetchAllPages(); //Fetch all pages require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminPermission' action='" . $_SERVER['PHP_SELF'] . "?id=" . $permissionId . "' method='post'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Permission Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $permissionDetails[0]['id'] . "\r\n</p>\r\n<p>\r\n<label>Name:</label>\r\n<input type='text' name='name' value='" . $permissionDetails[0]['name'] . "' />\r\n</p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $permissionDetails[0]['id'] . "]' id='delete[" . $permissionDetails[0]['id'] . "]' value='" . $permissionDetails[0]['id'] . "'>\r\n</p>\r\n</div></td><td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>\r\nRemove Members:"; //List users with permission level foreach ($userData as $v1) { if (isset($permissionUsers[$v1['id']])) { echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name']; } } echo "\r\n</p><p>Add Members:"; //List users without permission level foreach ($userData as $v1) { if (!isset($permissionUsers[$v1['id']])) { echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Access</h3>\r\n<div id='regbox'>\r\n<p>\r\nPublic Access:"; //List public pages foreach ($pageData as $v1) { if ($v1['private'] != 1) { echo "<br>" . $v1['page']; } } echo "\r\n</p>\r\n<p>\r\nRemove Access:"; //List pages accessible to permission level foreach ($pageData as $v1) { if (isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) { echo "<br><input type='checkbox' name='removePage[" . $v1['id'] . "]' id='removePage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page']; } } echo "\r\n</p><p>Add Access:"; //List pages inaccessible to permission level foreach ($pageData as $v1) { if (!isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) { echo "<br><input type='checkbox' name='addPage[" . $v1['id'] . "]' id='addPage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
/** * Add Permission to Group */ function addGroupPermission($group, $permission_key, $permission_description) { if (!is_array($group)) { $group = array($group); } foreach ($group as $grp) { $groupObj = findGroup($grp); if ($groupObj) { $groupObj->addPermission(addPermission($permission_key, $permission_description)); } } }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $userId = $_GET['id']; //Check if selected user exists if (!userIdExists($userId)) { header("Location: " . str_replace('index.php/', '', site_url('admin_users'))); die; } $userdetails = fetchUserDetails(NULL, NULL, $userId); //Fetch user details //Forms posted if (!empty($_POST)) { //Delete selected account if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deleteUsers($deletions)) { $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } else { //Update display name if ($userdetails['display_name'] != $_POST['display']) { $displayname = trim($_POST['display']); //Validate display name if (displayNameExists($displayname)) { $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE", array($displayname)); } elseif (minMaxRange(5, 25, $displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(5, 25)); } elseif (!ctype_alnum($displayname)) { $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"); } else { if (updateDisplayName($userId, $displayname)) { $successes[] = lang("ACCOUNT_DISPLAYNAME_UPDATED", array($displayname)); } else { $errors[] = lang("SQL_ERROR"); } } } else { $displayname = $userdetails['display_name']; } //Activate account if (isset($_POST['activate']) && $_POST['activate'] == "activate") { if (setUserActive($userdetails['activation_token'])) { $successes[] = lang("ACCOUNT_MANUALLY_ACTIVATED", array($displayname)); } else { $errors[] = lang("SQL_ERROR"); } } //Update email if ($userdetails['email'] != $_POST['email']) { $email = trim($_POST["email"]); //Validate email if (!isValidEmail($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } elseif (emailExists($email)) { $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); } else { if (updateEmail($userId, $email)) { $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); } else { $errors[] = lang("SQL_ERROR"); } } } //Update title if ($userdetails['title'] != $_POST['title']) { $title = trim($_POST['title']); //Validate title if (minMaxRange(1, 50, $title)) { $errors[] = lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 50)); } else { if (updateTitle($userId, $title)) { $successes[] = lang("ACCOUNT_TITLE_UPDATED", array($displayname, $title)); } else { $errors[] = lang("SQL_ERROR"); } } } //Remove permission level if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($remove, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_REMOVED", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPermission($add, $userId)) { $successes[] = lang("ACCOUNT_PERMISSION_ADDED", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } $userdetails = fetchUserDetails(NULL, NULL, $userId); } } $userPermission = fetchUserPermissions($userId); $permissionData = fetchAllPermissions(); require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin User</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminUser' action='" . $_SERVER['PHP_SELF'] . "?id=" . $userId . "' method='post'>\r\n<table class='admin'><tr><td>\r\n<h3>User Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $userdetails['id'] . "\r\n</p>\r\n<p>\r\n<label>Username:</label>\r\n" . $userdetails['user_name'] . "\r\n</p>\r\n<p>\r\n<label>Display Name:</label>\r\n<input type='text' name='display' value='" . $userdetails['display_name'] . "' />\r\n</p>\r\n<p>\r\n<label>Email:</label>\r\n<input type='text' name='email' value='" . $userdetails['email'] . "' />\r\n</p>\r\n<p>\r\n<label>Active:</label>"; //Display activation link, if account inactive if ($userdetails['active'] == '1') { echo "Yes"; } else { echo "No\r\n\t</p>\r\n\t<p>\r\n\t<label>Activate:</label>\r\n\t<input type='checkbox' name='activate' id='activate' value='activate'>\r\n\t"; } echo "\r\n</p>\r\n<p>\r\n<label>Title:</label>\r\n<input type='text' name='title' value='" . $userdetails['title'] . "' />\r\n</p>\r\n<p>\r\n<label>Sign Up:</label>\r\n" . date("j M, Y", $userdetails['sign_up_stamp']) . "\r\n</p>\r\n<p>\r\n<label>Last Sign In:</label>"; //Last sign in, interpretation if ($userdetails['last_sign_in_stamp'] == '0') { echo "Never"; } else { echo date("j M, Y", $userdetails['last_sign_in_stamp']); } echo "\r\n</p>\r\n<p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $userdetails['id'] . "]' id='delete[" . $userdetails['id'] . "]' value='" . $userdetails['id'] . "'>\r\n</p>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>Remove Permission:"; //List of permission levels user is apart of foreach ($permissionData as $v1) { if (isset($userPermission[$v1['id']])) { echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } //List of permission levels user is not apart of echo "</p><p>Add Permission:"; foreach ($permissionData as $v1) { if (!isset($userPermission[$v1['id']])) { echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['name']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
$role = $_GET['role']; } else { $role = null; } if (isset($_GET['action'])) { $action = $_GET['action']; } else { $action = null; } if (isset($_GET['value'])) { $value = $_GET['value']; } else { $value = null; } if ($action == "create") { $id = addPermission($value); echo json_encode(array("id" => $id)); return; } else { if ($action == "remove") { if ($role == "") { removePermission($value); } else { removePermissionFromRole($role, $value); } echo json_encode(array("message" => "done")); return; } else { if ($action == "user") { echo json_encode(list_permissions_for_user($value)); return;