} else { echo 'ERROR'; } } else { echo 'ERROR'; } break; } } elseif (isset($_GET['c'], $_GET['module']) && $_GET['c'] == 'config' && $_GET['module'] != '') { if (isset($_POST['config'])) { if (permission('core', 'config', 'edit')) { $sql = new SQLObject(); $query = ''; foreach ($_POST['config'] as $module => $variables) { foreach ($variables as $name => $value) { $query .= "UPDATE " . $sql->table('config') . " SET value = '" . $sql->escape($value) . "' WHERE (module = '" . $sql->escape($module) . "' AND lower(name) = lower('" . $sql->escape($name) . "'));"; } } if ($query != '') { if ($sql->exec($query)) { echo 'OK'; } else { echo 'ERROR'; } } else { echo 'OK'; } } else { echo 'AUTH'; } }
TPL::add('ALERT_MESSAGE', '{L_PERMISSION_AUTH_DELETE_USER}'); TPL::pack(); } break; } } break; case 'groups': if (isset($_GET['mode'])) { switch ($_GET['mode']) { case 'add': if (permission('auth', 'group', 'add')) { if (isset($_POST['group']['name'])) { if (strlen($_POST['group']['name']) > 0 && strlen($_POST['group']['name']) <= 128) { $sql = new SQLObject(); if ($sql->exec("\r\nINSERT INTO " . $sql->table('auth_groups') . "\r\n(group_name,group_description)\r\nVALUES\r\n('" . $sql->escape($_POST['group']['name']) . "','" . $sql->escape($_POST['group']['description']) . "')")) { $group_id = $sql->last_insert_id(); $perm = 2; if (isset($_POST['group']['permissions'])) { $query = "\r\nINSERT INTO " . $sql->table('auth_permissions') . "\r\n(module,name,value,group_id)\r\nVALUES"; foreach ($_POST['group']['permissions'] as $module => $permissions) { foreach ($permissions as $name => $values) { if ($sql->exec($query . "\r\n('" . $sql->escape($module) . "','" . $sql->escape($name) . "','" . implode(';', $values) . "'," . $group_id . ")")) { if ($perm != 2) { $perm = 1; } } else { if ($perm != 1) { $perm = 0; } }