public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
$baseURL = getcwd();
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST)) {
if (!empty($_POST['delete']) || !empty($_POST['newPermission'])) {
//Delete permission levels
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deletePermission($deletions)) {
$successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));
}
}
//Create new permission level
if (!empty($_POST['newPermission'])) {
$permission = trim($_POST['newPermission']);
//Validate request
if (permissionNameExists($permission)) {
$errors[] = lang("PERMISSION_NAME_IN_USE", array($permission));
} elseif (minMaxRange(1, 50, $permission)) {
$errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50));
} else {
if (createPermission($permission)) {
$successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
} else {
$errors[] = lang("NO_PERMISSION_SELECTED");
}
}
$permissionData = fetchAllPermissions();
//Retrieve list of all permission levels
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminPermissions' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<table class='admin'>\r\n<tr>\r\n<th>Delete</th><th>Permission Name</th>\r\n</tr>";
//List each permission level
foreach ($permissionData as $v1) {
echo "\r\n\t<tr>\r\n\t<td><input type='checkbox' name='delete[" . $v1['id'] . "]' id='delete[" . $v1['id'] . "]' value='" . $v1['id'] . "'></td>\r\n\t<td><a href='" . str_replace('index.php/', '', site_url('admin_permission')) . "?id=" . $v1['id'] . "'>" . $v1['name'] . "</a></td>\r\n\t</tr>";
}
echo "\r\n</table>\r\n<p>\r\n<label>Permission Name:</label>\r\n<input type='text' name='newPermission' />\r\n</p> \r\n<input type='submit' name='Submit' value='Submit' />\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
<?php
require_once "models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST)) {
//Delete permission levels
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deletePermission($deletions)) {
$successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));
}
}
//Create new permission level
if (!empty($_POST['newPermission'])) {
$permission = trim($_POST['newPermission']);
//Validate request
if (permissionNameExists($permission)) {
$errors[] = lang("PERMISSION_NAME_IN_USE", array($permission));
} elseif (minMaxRange(1, 50, $permission)) {
$errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50));
} else {
if (createPermission($permission)) {
$successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
public function index()
{
/*
UserCake (Via CupCake) Version: 2.0.2
http://usercake.com
*/
global $baseURL;
require_once "{$baseURL}/application/third_party/user_cake/models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
$permissionId = $_GET['id'];
//Check if selected permission level exists
if (!permissionIdExists($permissionId)) {
header("Location: " . site_url('admin_permissions'));
die;
}
$permissionDetails = fetchPermissionDetails($permissionId);
//Fetch information specific to permission level
//Forms posted
if (!empty($_POST)) {
//Delete selected permission level
if (!empty($_POST['delete'])) {
$deletions = $_POST['delete'];
if ($deletion_count = deletePermission($deletions)) {
$successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));
header("Location: " . site_url('admin_permissions'));
} else {
$errors[] = lang("SQL_ERROR");
}
} else {
//Update permission level name
if ($permissionDetails[0]['name'] != $_POST['name']) {
$permission = trim($_POST['name']);
//Validate new name
if (permissionNameExists($permission)) {
$errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission));
} elseif (minMaxRange(1, 50, $permission)) {
$errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50));
} else {
if (updatePermissionName($permissionId, $permission)) {
$successes[] = lang("PERMISSION_NAME_UPDATE", array($permission));
} else {
$errors[] = lang("SQL_ERROR");
}
}
}
//Remove access to pages
if (!empty($_POST['removePermission'])) {
$remove = $_POST['removePermission'];
if ($deletion_count = removePermission($permissionId, $remove)) {
$successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Add access to pages
if (!empty($_POST['addPermission'])) {
$add = $_POST['addPermission'];
if ($addition_count = addPermission($permissionId, $add)) {
$successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Remove access to pages
if (!empty($_POST['removePage'])) {
$remove = $_POST['removePage'];
if ($deletion_count = removePage($remove, $permissionId)) {
$successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
//Add access to pages
if (!empty($_POST['addPage'])) {
$add = $_POST['addPage'];
if ($addition_count = addPage($add, $permissionId)) {
$successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));
} else {
$errors[] = lang("SQL_ERROR");
}
}
$permissionDetails = fetchPermissionDetails($permissionId);
}
}
$pagePermissions = fetchPermissionPages($permissionId);
//Retrieve list of accessible pages
$permissionUsers = fetchPermissionUsers($permissionId);
//Retrieve list of users with membership
$userData = fetchAllUsers();
//Fetch all users
$pageData = fetchAllPages();
//Fetch all pages
require_once "{$baseURL}/application/third_party/user_cake/models/header.php";
echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>";
include "{$baseURL}/application/third_party/user_cake/left-nav.php";
echo "\r\n</div>\r\n<div id='main'>";
echo resultBlock($errors, $successes);
echo "\r\n<form name='adminPermission' action='" . $_SERVER['PHP_SELF'] . "?id=" . $permissionId . "' method='post'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Permission Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $permissionDetails[0]['id'] . "\r\n</p>\r\n<p>\r\n<label>Name:</label>\r\n<input type='text' name='name' value='" . $permissionDetails[0]['name'] . "' />\r\n</p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $permissionDetails[0]['id'] . "]' id='delete[" . $permissionDetails[0]['id'] . "]' value='" . $permissionDetails[0]['id'] . "'>\r\n</p>\r\n</div></td><td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>\r\nRemove Members:";
//List users with permission level
foreach ($userData as $v1) {
if (isset($permissionUsers[$v1['id']])) {
echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name'];
}
}
echo "\r\n</p><p>Add Members:";
//List users without permission level
foreach ($userData as $v1) {
if (!isset($permissionUsers[$v1['id']])) {
echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Access</h3>\r\n<div id='regbox'>\r\n<p>\r\nPublic Access:";
//List public pages
foreach ($pageData as $v1) {
if ($v1['private'] != 1) {
echo "<br>" . $v1['page'];
}
}
echo "\r\n</p>\r\n<p>\r\nRemove Access:";
//List pages accessible to permission level
foreach ($pageData as $v1) {
if (isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) {
echo "<br><input type='checkbox' name='removePage[" . $v1['id'] . "]' id='removePage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page'];
}
}
echo "\r\n</p><p>Add Access:";
//List pages inaccessible to permission level
foreach ($pageData as $v1) {
if (!isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) {
echo "<br><input type='checkbox' name='addPage[" . $v1['id'] . "]' id='addPage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page'];
}
}
echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>";
}
//////// END OF VALIDATIONS ////////////////
?>
<html>
<style type="text/css">
@import url(zivStyle.css);
</style>
<script language="javascript" src="javascripts/javaScriptFunctions.js"></script>
<head>
</head>
<body>
<form name="permissiongroups" action="managePermissionGroups.php" method="post" onsubmit="return confirmDelete()">
<?php
// call function to show all the permissions groups and add group main page
if (isset($_POST['deletePermission'])) {
if (isset($_POST['selectedPermission'])) {
deletePermission($_POST['selectedPermission']);
}
// call a function to delete the permission
}
if (isset($_POST['addPermission'])) {
addPermission();
// call a function to delete the permission
}
new_draw_persmissions_page();
?>
</form>
<?php
// check which radio button was selected
/*******************************************************************************
*Name: addPermission
*Discription: This functions adds a permission from the database
/**
* Handles permission modification actions from the upper part of the
* permission manager index.
*/
public function action_quick()
{
global $context;
checkSession();
validateToken('admin-mpq', 'quick');
// we'll need to init illegal permissions, update permissions, etc.
require_once SUBSDIR . '/Permission.subs.php';
require_once SUBSDIR . '/ManagePermissions.subs.php';
loadIllegalPermissions();
loadIllegalGuestPermissions();
// Make sure only one of the quick options was selected.
if (!empty($_POST['predefined']) && (isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty' || !empty($_POST['permissions'])) || !empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])) {
fatal_lang_error('permissions_only_one_option', false);
}
if (empty($_POST['group']) || !is_array($_POST['group'])) {
$_POST['group'] = array();
}
// Only accept numeric values for selected membergroups.
foreach ($_POST['group'] as $id => $group_id) {
$_POST['group'][$id] = (int) $group_id;
}
$_POST['group'] = array_unique($_POST['group']);
if (empty($_REQUEST['pid'])) {
$_REQUEST['pid'] = 0;
} else {
$_REQUEST['pid'] = (int) $_REQUEST['pid'];
}
// Fix up the old global to the new default!
$bid = max(1, $_REQUEST['pid']);
// No modifying the predefined profiles.
if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5) {
fatal_lang_error('no_access', false);
}
// Clear out any cached authority.
updateSettings(array('settings_updated' => time()));
// No groups where selected.
if (empty($_POST['group'])) {
redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
}
// Set a predefined permission profile.
if (!empty($_POST['predefined'])) {
// Make sure it's a predefined permission set we expect.
if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance'))) {
redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
}
foreach ($_POST['group'] as $group_id) {
if (!empty($_REQUEST['pid'])) {
setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']);
} else {
setPermissionLevel($_POST['predefined'], $group_id);
}
}
} elseif ($_POST['copy_from'] != 'empty') {
// Just checking the input.
if (!is_numeric($_POST['copy_from'])) {
redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
}
// Make sure the group we're copying to is never included.
$_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from']));
// No groups left? Too bad.
if (empty($_POST['group'])) {
redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
}
if (empty($_REQUEST['pid'])) {
copyPermission($_POST['copy_from'], $_POST['group'], $context['illegal_permissions'], $context['non_guest_permissions']);
}
// Now do the same for the board permissions.
copyBoardPermission($_POST['copy_from'], $_POST['group'], $bid, $context['non_guest_permissions']);
// Update any children out there!
updateChildPermissions($_POST['group'], $_REQUEST['pid']);
} elseif (!empty($_POST['permissions'])) {
// Unpack two variables that were transported.
list($permissionType, $permission) = explode('/', $_POST['permissions']);
// Check whether our input is within expected range.
if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board'))) {
redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
}
if ($_POST['add_remove'] == 'clear') {
if ($permissionType == 'membergroup') {
deletePermission($_POST['group'], $permission, $context['illegal_permissions']);
} else {
deleteBoardPermission($_POST['group'], $bid, $permission);
}
} else {
$add_deny = $_POST['add_remove'] == 'add' ? '1' : '0';
$permChange = array();
foreach ($_POST['group'] as $groupID) {
if ($groupID == -1 && in_array($permission, $context['non_guest_permissions'])) {
continue;
}
if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) {
$permChange[] = array($permission, $groupID, $add_deny);
} elseif ($permissionType != 'membergroup') {
$permChange[] = array($permission, $groupID, $add_deny, $bid);
}
}
if (!empty($permChange)) {
if ($permissionType == 'membergroup') {
replacePermission($permChange);
} else {
replaceBoardPermission($permChange);
}
}
}
// Another child update!
updateChildPermissions($_POST['group'], $_REQUEST['pid']);
}
redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']);
}
