<?php #################################################################################################### ## File : items.php ## Author : Nils Laumaillé ## Description : Items page ## ## DON'T CHANGE !!! ## #################################################################################################### require_once "sources/NestedTree.class.php"; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree->rebuild(); $tst = $tree->getDescendants(); //Définir liste des utilisateurs existants $liste_utilisateurs = array(); $tmp = ""; $rows = $db->fetch_all_array("SELECT id,login,email FROM " . $pre . "users ORDER BY login ASC"); foreach ($rows as $record) { $liste_utilisateurs[$record['login']] = array("id" => $record['id'], "login" => $record['login'], "email" => $record['email']); $tmp .= $record['id'] . '.' . $record['login'] . ";"; } //Build list of visible folders $select_visible_folders_options = ""; //Choses cachées echo ' <input type="hidden" name="hid_cat" id="hid_cat" /> <input type="hidden" id="complexite_groupe" /> <input type="text" style="display:none;" name="selected_items" id="selected_items" /> <input type="hidden" name="input_liste_utilisateurs" id="input_liste_utilisateurs" value="' . $tmp . '" /> <input type="hidden" id="bloquer_creation_complexite" />
$mail->Subject = $txt['forgot_pw_email_subject_confirm']; $mail->AltBody = strip_tags($txt['forgot_pw_email_body']) . " " . $new_pw_not_crypted; $mail->Body = $txt['forgot_pw_email_body'] . " " . $new_pw_not_crypted; //send email if ($mail->Send()) { echo 'done'; } else { echo $mail->ErrorInfo; } } break; case "get_folders_list": /* Get full tree structure */ require_once "NestedTree.class.php"; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $folders = $tree->getDescendants(); $arrOutput = array(); /* Build list of all folders */ $folders_list = "\\'0\\':\\'" . $txt['root'] . "\\'"; foreach ($folders as $f) { //Be sure that user can only see folders he/she is allowed to if (!in_array($f->id, $_SESSION['forbiden_pfs'])) { $display_this_node = false; // Check if any allowed folder is part of the descendants of this node $node_descendants = $tree->getDescendants($f->id, true, false, true); foreach ($node_descendants as $node) { if (in_array($node, $_SESSION['groupes_visibles'])) { $display_this_node = true; break; } }
$db->query_update('misc', array('valeur' => $_POST['changer_complexite']), "type='complex' AND intitule = " . $id[1]); } //Get title to display it echo $mdp_complexite[$_POST['changer_complexite']][1]; //rebuild the tree grid $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree->rebuild(); } else { if (isset($_POST['type'])) { switch ($_POST['type']) { // CASE where DELETING a group case "supprimer_groupe": // this will delete all sub folders and items associated $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); // Get through each subfolder $folders = $tree->getDescendants($_POST['id'], true); foreach ($folders as $folder) { //delete folder $db->query("DELETE FROM " . $pre . "nested_tree WHERE id = " . $folder->id); //delete items & logs $items = $db->fetch_all_array("SELECT id FROM " . $pre . "items WHERE id_tree='" . $folder->id . "'"); foreach ($items as $item) { //Delete item $db->query("DELETE FROM " . $pre . "items WHERE id = " . $item['id']); //log $db->query("DELETE FROM " . $pre . "log_items WHERE id_item = " . $item['id']); } } //rebuild tree $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree->rebuild();
function IdentificationDesDroits($groupes_visibles_user, $groupes_interdits_user, $is_admin, $id_fonctions, $refresh) { global $server, $user, $pass, $database, $pre; //include librairies require_once "NestedTree.class.php"; require_once "class.database.php"; $db = new Database($server, $user, $pass, $database, $pre); $db->connect(); //Check if user is ADMINISTRATOR if ($is_admin == 1) { $groupes_visibles = array(); $_SESSION['groupes_visibles'] = array(); $_SESSION['groupes_interdits'] = array(); $_SESSION['personal_visible_groups'] = array(); $_SESSION['groupes_visibles_list'] = ""; $rows = $db->fetch_all_array("SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = '0'"); foreach ($rows as $record) { array_push($groupes_visibles, $record['id']); } $_SESSION['groupes_visibles'] = $groupes_visibles; //Exclude all PF $_SESSION['forbiden_pfs'] = array(); $sql = "SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = 1"; if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) { $sql .= " AND title != '" . $_SESSION['user_id'] . "'"; } //Get ID of personal folder $pf = $db->fetch_array("SELECT id FROM " . $pre . "nested_tree WHERE title = '" . $_SESSION['user_id'] . "'"); if (!empty($pf[0])) { if (!in_array($pf[0], $_SESSION['groupes_visibles'])) { array_push($_SESSION['groupes_visibles'], $pf[0]); array_push($_SESSION['personal_visible_groups'], $pf[0]); //get all descendants $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title', 'personal_folder'); $tree->rebuild(); $tst = $tree->getDescendants($pf[0]); foreach ($tst as $t) { array_push($_SESSION['groupes_visibles'], $t->id); array_push($_SESSION['personal_visible_groups'], $t->id); } } } $_SESSION['groupes_visibles_list'] = implode(',', $_SESSION['groupes_visibles']); $_SESSION['is_admin'] = $is_admin; //Check if admin has creating Folders and Roles $ret = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "nested_tree"); $_SESSION['nb_folders'] = $ret[0]; $ret = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "roles_title"); $_SESSION['nb_roles'] = $ret[0]; } else { //init $_SESSION['groupes_visibles'] = array(); $_SESSION['groupes_interdits'] = array(); $_SESSION['personal_visible_groups'] = array(); $groupes_visibles = array(); $groupes_interdits = array(); $groupes_interdits_user = explode(';', TrimElement($groupes_interdits_user, ";")); if (!empty($groupes_interdits_user) && count($groupes_interdits_user) > 0) { $groupes_interdits = $groupes_interdits_user; } $_SESSION['is_admin'] = $is_admin; $fonctions_associees = explode(';', TrimElement($id_fonctions, ";")); $new_liste_gp_visibles = array(); $liste_gp_interdits = array(); $list_allowed_folders = array(); $list_forbiden_folders = array(); //build Tree require_once "NestedTree.class.php"; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); //rechercher tous les groupes visibles en fonction des roles de l'utilisateur foreach ($fonctions_associees as $role_id) { if (!empty($role_id)) { //Get allowed folders for each Role $rows = $db->fetch_all_array("SELECT folder_id FROM " . $pre . "roles_values WHERE role_id=" . $role_id); foreach ($rows as $record) { if (isset($record['folder_id']) && !in_array($record['folder_id'], $list_allowed_folders)) { array_push($list_allowed_folders, $record['folder_id']); } } } } // => Build final lists //Clean arrays $allowed_folders_tmp = array(); $list_allowed_folders = array_unique($list_allowed_folders); //Add user allowed folders $allowed_folders_tmp = array_unique(array_merge($list_allowed_folders, explode(';', TrimElement($groupes_visibles_user, ";")))); //Exclude from allowed folders all the specific user forbidden folders $allowed_folders = array(); foreach ($allowed_folders_tmp as $id) { if (!in_array($id, $groupes_interdits_user)) { array_push($allowed_folders, $id); } } //Clean array $list_allowed_folders = array_filter(array_unique($list_allowed_folders)); //Exclude all PF $_SESSION['forbiden_pfs'] = array(); $sql = "SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = 1"; if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) { $sql .= " AND title != '" . $_SESSION['user_id'] . "'"; } $pfs = $db->fetch_all_array($sql); foreach ($pfs as $pf_id) { array_push($_SESSION['forbiden_pfs'], $pf_id['id']); } //Get ID of personal folder if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) { $pf = $db->fetch_row("SELECT id FROM " . $pre . "nested_tree WHERE title = '" . $_SESSION['user_id'] . "'"); if (!empty($pf[0])) { if (!in_array($pf[0], $list_allowed_folders)) { //get all descendants $ids = $tree->getDescendants($pf[0], true); foreach ($ids as $id) { array_push($list_allowed_folders, $id->id); array_push($_SESSION['personal_visible_groups'], $id->id); } } } } $_SESSION['groupes_visibles'] = $list_allowed_folders; $_SESSION['groupes_visibles_list'] = implode(',', $list_allowed_folders); } }
break; //CHANGE FORBIDDEN GROUPS //CHANGE FORBIDDEN GROUPS case "open_div_forgroups": //Check KEY if ($_POST['key'] != $_SESSION['key']) { //error exit; } $text = ""; //Refresh list of existing functions $data_user = $db->fetch_row("SELECT groupes_interdits FROM " . $pre . "users WHERE id = " . $_POST['id']); $user = explode(';', $data_user[0]); require_once "NestedTree.class.php"; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree_desc = $tree->getDescendants(); foreach ($tree_desc as $t) { if (in_array($t->id, $_SESSION['groupes_visibles']) && !in_array($t->id, $_SESSION['personal_visible_groups'])) { $text .= '<input type="checkbox" id="cb_change_forgroup-' . $t->id . '"'; $ident = ""; for ($y = 1; $y < $t->nlevel; $y++) { $ident .= " "; } if (in_array($t->id, $user)) { $text .= ' checked'; } $text .= '> ' . $ident . $t->title . '<br />'; $prev_level = $t->nlevel; } } //return data
########################################################### #CASE for deleting all items from DB that are linked to a folder that has been deleted ########################################################### #CASE for deleting all items from DB that are linked to a folder that has been deleted case "admin_action_db_clean_items": //Libraries call require_once "NestedTree.class.php"; require_once "main.functions.php"; //init $folders_ids = array(); $text = ""; $nb_items_deleted = 0; // prepare full tree $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); // Get an array of all folders $folders = $tree->getDescendants(); foreach ($folders as $folder) { if (!in_array($folder->id, $folders_ids)) { array_push($folders_ids, $folder->id); } } $items = $db->fetch_all_array("SELECT id,label FROM " . $pre . "items WHERE id_tree NOT IN(" . implode(',', $folders_ids) . ")"); foreach ($items as $item) { $text .= $item['label'] . "[" . $item['id'] . "] - "; //Delete item $db->query("DELETE FROM " . $pre . "items WHERE id = " . $item['id']); //log $db->query("DELETE FROM " . $pre . "log_items WHERE id_item = " . $item['id']); $nb_items_deleted++; } //Update CACHE table
* @licensing CC BY-ND (http://creativecommons.org/licenses/by-nd/3.0/legalcode) * @link http://cpassman.org * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) { die('Hacking attempt...'); } /* load help*/ require_once 'includes/language/' . $_SESSION['user_language'] . '_admin_help.php'; /* Get full tree structure */ require_once "sources/NestedTree.class.php"; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tst = $tree->getDescendants(); /* Build list of all folders */ if ($_SESSION['is_admin'] == 1 || $_SESSION['can_create_root_folder'] == 1) { $folders_list = "\\'0\\':\\'" . $txt['root'] . "\\'"; } else { $folders_list = ""; } $ident = ""; foreach ($tst as $t) { if (in_array($t->id, $_SESSION['groupes_visibles']) && !in_array($t->id, $_SESSION['personal_visible_groups'])) { if ($t->nlevel == 1) { $ident = ">"; } if ($t->nlevel == 2) { $ident = "->"; }
* @copyright (c) 2009-2011 Nils Laumaillé * @licensing CC BY-ND (http://creativecommons.org/licenses/by-nd/3.0/legalcode) * @link http://cpassman.org * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */ if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) { die('Hacking attempt...'); } //Call nestedtree library and load full tree require_once "sources/NestedTree.class.php"; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree->rebuild(); $full_tree = $tree->getDescendants(); echo ' <div style="line-height: 24px;margin-top:10px;min-height:220px;"> <span class="ui-icon ui-icon-person" style="float: left; margin-right: .3em;"> </span> ' . $txt['index_welcome'] . ' <b>' . $_SESSION['login'] . '</b><br />'; //Check if password is valid if (empty($_SESSION['last_pw_change']) || $_SESSION['validite_pw'] == false) { echo ' <div style="margin:auto;padding:4px;width:300px;" class="ui-state-focus ui-corner-all"> <h3>' . $txt['index_change_pw'] . '</h3> <div style="height:20px;text-align:center;margin:2px;display:none;" id="change_pwd_error" class=""></div> <div id="pw_strength" style="margin:0 0 10px 30px;"></div> <table> <tr> <td>' . $txt['index_new_pw'] . ' :</td><td><input type="password" size="10" name="new_pw" id="new_pw"/></td> </tr>
echo 'window.location.href = "index.php?page=items";'; } break; ############# ### CASE #### ### Delete a Group ############# ### CASE #### ### Delete a Group case "delete_rep": //Build tree require_once "NestedTree.class.php"; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); // this will delete all sub folders and items associated // Get through each subfolder $folders = $tree->getDescendants($_POST['groupe'], true); foreach ($folders as $folder) { //delete folder $db->query("DELETE FROM " . $pre . "nested_tree WHERE id = " . $folder->id); //delete items & logs $items = $db->fetch_all_array("SELECT id FROM " . $pre . "items WHERE id_tree='" . $folder->id . "'"); foreach ($items as $item) { //Delete item $db->query("DELETE FROM " . $pre . "items WHERE id = " . $item['id']); //log $db->query("DELETE FROM " . $pre . "log_items WHERE id_item = " . $item['id']); } } echo 'window.location.href = "index.php?page=items";'; break; #############
/** * IdentifyUserRights() * * @return */ function IdentifyUserRights($groupes_visibles_user, $groupes_interdits_user, $is_admin, $id_fonctions, $refresh) { global $server, $user, $pass, $database, $pre; //include librairies require_once "NestedTree.class.php"; require_once "class.database.php"; $db = new Database($server, $user, $pass, $database, $pre); $db->connect(); //Check if user is ADMINISTRATOR if ($is_admin == 1) { $groupes_visibles = array(); $_SESSION['groupes_visibles'] = array(); $_SESSION['groupes_interdits'] = array(); $_SESSION['personal_visible_groups'] = array(); $_SESSION['groupes_visibles_list'] = ""; $rows = $db->fetch_all_array("SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = '0'"); foreach ($rows as $record) { array_push($groupes_visibles, $record['id']); } $_SESSION['groupes_visibles'] = $groupes_visibles; $_SESSION['all_non_personal_folders'] = $groupes_visibles; //Exclude all PF $_SESSION['forbiden_pfs'] = array(); $sql = "SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = 1"; if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) { $sql .= " AND title != '" . $_SESSION['user_id'] . "'"; } //Get ID of personal folder $pf = $db->fetch_row("SELECT id FROM " . $pre . "nested_tree WHERE title = '" . $_SESSION['user_id'] . "'"); if (!empty($pf[0])) { if (!in_array($pf[0], $_SESSION['groupes_visibles'])) { array_push($_SESSION['groupes_visibles'], $pf[0]); array_push($_SESSION['personal_visible_groups'], $pf[0]); //get all descendants $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title', 'personal_folder'); $tree->rebuild(); $tst = $tree->getDescendants($pf[0]); foreach ($tst as $t) { array_push($_SESSION['groupes_visibles'], $t->id); array_push($_SESSION['personal_visible_groups'], $t->id); } } } $_SESSION['groupes_visibles_list'] = implode(',', $_SESSION['groupes_visibles']); $_SESSION['is_admin'] = $is_admin; //Check if admin has creating Folders and Roles $ret = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "nested_tree"); $_SESSION['nb_folders'] = $ret[0]; $ret = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "roles_title"); $_SESSION['nb_roles'] = $ret[0]; } else { //init $_SESSION['groupes_visibles'] = array(); $_SESSION['groupes_interdits'] = array(); $_SESSION['personal_visible_groups'] = array(); $groupes_visibles = array(); $groupes_interdits = array(); $groupes_interdits_user = explode(';', TrimElement($groupes_interdits_user, ";")); if (!empty($groupes_interdits_user) && count($groupes_interdits_user) > 0) { $groupes_interdits = $groupes_interdits_user; } $_SESSION['is_admin'] = $is_admin; $fonctions_associees = explode(';', TrimElement($id_fonctions, ";")); $new_liste_gp_visibles = array(); $liste_gp_interdits = array(); $list_allowed_folders = $list_forbiden_folders = $list_folders_limited = $list_folders_editable_by_role = array(); //build Tree require_once "NestedTree.class.php"; $tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); //rechercher tous les groupes visibles en fonction des roles de l'utilisateur foreach ($fonctions_associees as $role_id) { if (!empty($role_id)) { //Get allowed folders for each Role $rows = $db->fetch_all_array("\r\n\t\t\t\t\tSELECT folder_id\r\n\t\t\t\t\tFROM " . $pre . "roles_values\r\n\t\t\t\t\tWHERE role_id=" . $role_id); if (count($rows) > 0) { foreach ($rows as $reccord) { if (isset($reccord['folder_id']) && !in_array($reccord['folder_id'], $list_allowed_folders)) { array_push($list_allowed_folders, $reccord['folder_id']); } //Check if this group is allowed to modify any pw in allowed folders $tmp = $db->query_first("\r\n \t\t\t\tSELECT allow_pw_change\r\n\t\t \t\tFROM " . $pre . "roles_title\r\n\t\t \t\tWHERE id = " . $role_id); if ($tmp['allow_pw_change'] == 1 && !in_array($tmp['allow_pw_change'], $list_folders_editable_by_role)) { array_push($list_folders_editable_by_role, $reccord['folder_id']); } } //Check for the users roles if some specific rights exist on items $rows = $db->fetch_all_array("\r\n\t\t\t\t\t\tSELECT i.id_tree, r.item_id\r\n\t\t\t\t\t\tFROM " . $pre . "items AS i\r\n\t\t\t\t\t\tINNER JOIN " . $pre . "restriction_to_roles AS r ON (r.item_id=i.id)\r\n\t\t\t\t\t\tWHERE r.role_id=" . $role_id . "\r\n\t\t\t\t\t\tORDER BY i.id_tree ASC\r\n\t\t\t\t\t"); $x = 0; foreach ($rows as $reccord) { if (isset($reccord['id_tree'])) { $list_folders_limited[$reccord['id_tree']][$x] = $reccord['item_id']; $x++; } } } } } // => Build final lists //Clean arrays $allowed_folders_tmp = array(); $list_allowed_folders = array_unique($list_allowed_folders); //Add user allowed folders $allowed_folders_tmp = array_unique(array_merge($list_allowed_folders, explode(';', TrimElement($groupes_visibles_user, ";")))); //Exclude from allowed folders all the specific user forbidden folders $allowed_folders = array(); foreach ($allowed_folders_tmp as $id) { if (!in_array($id, $groupes_interdits_user)) { array_push($allowed_folders, $id); } } //Clean array $list_allowed_folders = array_filter(array_unique(array_merge($list_allowed_folders, $allowed_folders))); //Exclude all PF $_SESSION['forbiden_pfs'] = array(); $sql = "SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = 1"; if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1 && isset($_SESSION['personal_folder']) && $_SESSION['personal_folder'] == 1) { $sql .= " AND title != '" . $_SESSION['user_id'] . "'"; } $pfs = $db->fetch_all_array($sql); foreach ($pfs as $pf_id) { array_push($_SESSION['forbiden_pfs'], $pf_id['id']); } //Get ID of personal folder if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1 && isset($_SESSION['personal_folder']) && $_SESSION['personal_folder'] == 1) { $pf = $db->fetch_row("SELECT id FROM " . $pre . "nested_tree WHERE title = '" . $_SESSION['user_id'] . "'"); if (!empty($pf[0])) { if (!in_array($pf[0], $list_allowed_folders)) { //get all descendants $ids = $tree->getDescendants($pf[0], true); foreach ($ids as $id) { array_push($list_allowed_folders, $id->id); array_push($_SESSION['personal_visible_groups'], $id->id); } } } } $_SESSION['groupes_visibles'] = $list_allowed_folders; $_SESSION['groupes_visibles_list'] = implode(',', $list_allowed_folders); $_SESSION['list_folders_limited'] = $list_folders_limited; $_SESSION['list_folders_editable_by_role'] = $list_folders_editable_by_role; } }