} else {
echo 'ERROR';
}
} else {
echo 'ERROR';
}
break;
}
} elseif (isset($_GET['c'], $_GET['module']) && $_GET['c'] == 'config' && $_GET['module'] != '') {
if (isset($_POST['config'])) {
if (permission('core', 'config', 'edit')) {
$sql = new SQLObject();
$query = '';
foreach ($_POST['config'] as $module => $variables) {
foreach ($variables as $name => $value) {
$query .= "UPDATE " . $sql->table('config') . " SET value = '" . $sql->escape($value) . "' WHERE (module = '" . $sql->escape($module) . "' AND lower(name) = lower('" . $sql->escape($name) . "'));";
}
}
if ($query != '') {
if ($sql->exec($query)) {
echo 'OK';
} else {
echo 'ERROR';
}
} else {
echo 'OK';
}
} else {
echo 'AUTH';
}
}
TPL::add('ALERT_MESSAGE', '{L_PERMISSION_AUTH_DELETE_USER}');
TPL::pack();
}
break;
}
}
break;
case 'groups':
if (isset($_GET['mode'])) {
switch ($_GET['mode']) {
case 'add':
if (permission('auth', 'group', 'add')) {
if (isset($_POST['group']['name'])) {
if (strlen($_POST['group']['name']) > 0 && strlen($_POST['group']['name']) <= 128) {
$sql = new SQLObject();
if ($sql->exec("\r\nINSERT INTO " . $sql->table('auth_groups') . "\r\n(group_name,group_description)\r\nVALUES\r\n('" . $sql->escape($_POST['group']['name']) . "','" . $sql->escape($_POST['group']['description']) . "')")) {
$group_id = $sql->last_insert_id();
$perm = 2;
if (isset($_POST['group']['permissions'])) {
$query = "\r\nINSERT INTO " . $sql->table('auth_permissions') . "\r\n(module,name,value,group_id)\r\nVALUES";
foreach ($_POST['group']['permissions'] as $module => $permissions) {
foreach ($permissions as $name => $values) {
if ($sql->exec($query . "\r\n('" . $sql->escape($module) . "','" . $sql->escape($name) . "','" . implode(';', $values) . "'," . $group_id . ")")) {
if ($perm != 2) {
$perm = 1;
}
} else {
if ($perm != 1) {
$perm = 0;
}
}
