<?php
####################################################################################################
## File : items.php
## Author : Nils Laumaillé
## Description : Items page
##
## DON'T CHANGE !!!
##
####################################################################################################
require_once "sources/NestedTree.class.php";
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
$tst = $tree->getDescendants();
//Définir liste des utilisateurs existants
$liste_utilisateurs = array();
$tmp = "";
$rows = $db->fetch_all_array("SELECT id,login,email FROM " . $pre . "users ORDER BY login ASC");
foreach ($rows as $record) {
$liste_utilisateurs[$record['login']] = array("id" => $record['id'], "login" => $record['login'], "email" => $record['email']);
$tmp .= $record['id'] . '.' . $record['login'] . ";";
}
//Build list of visible folders
$select_visible_folders_options = "";
//Choses cachées
echo '
<input type="hidden" name="hid_cat" id="hid_cat" />
<input type="hidden" id="complexite_groupe" />
<input type="text" style="display:none;" name="selected_items" id="selected_items" />
<input type="hidden" name="input_liste_utilisateurs" id="input_liste_utilisateurs" value="' . $tmp . '" />
<input type="hidden" id="bloquer_creation_complexite" />
$mail->Subject = $txt['forgot_pw_email_subject_confirm'];
$mail->AltBody = strip_tags($txt['forgot_pw_email_body']) . " " . $new_pw_not_crypted;
$mail->Body = $txt['forgot_pw_email_body'] . " " . $new_pw_not_crypted;
//send email
if ($mail->Send()) {
echo 'done';
} else {
echo $mail->ErrorInfo;
}
}
break;
case "get_folders_list":
/* Get full tree structure */
require_once "NestedTree.class.php";
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$folders = $tree->getDescendants();
$arrOutput = array();
/* Build list of all folders */
$folders_list = "\\'0\\':\\'" . $txt['root'] . "\\'";
foreach ($folders as $f) {
//Be sure that user can only see folders he/she is allowed to
if (!in_array($f->id, $_SESSION['forbiden_pfs'])) {
$display_this_node = false;
// Check if any allowed folder is part of the descendants of this node
$node_descendants = $tree->getDescendants($f->id, true, false, true);
foreach ($node_descendants as $node) {
if (in_array($node, $_SESSION['groupes_visibles'])) {
$display_this_node = true;
break;
}
}
$db->query_update('misc', array('valeur' => $_POST['changer_complexite']), "type='complex' AND intitule = " . $id[1]);
}
//Get title to display it
echo $mdp_complexite[$_POST['changer_complexite']][1];
//rebuild the tree grid
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
} else {
if (isset($_POST['type'])) {
switch ($_POST['type']) {
// CASE where DELETING a group
case "supprimer_groupe":
// this will delete all sub folders and items associated
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
// Get through each subfolder
$folders = $tree->getDescendants($_POST['id'], true);
foreach ($folders as $folder) {
//delete folder
$db->query("DELETE FROM " . $pre . "nested_tree WHERE id = " . $folder->id);
//delete items & logs
$items = $db->fetch_all_array("SELECT id FROM " . $pre . "items WHERE id_tree='" . $folder->id . "'");
foreach ($items as $item) {
//Delete item
$db->query("DELETE FROM " . $pre . "items WHERE id = " . $item['id']);
//log
$db->query("DELETE FROM " . $pre . "log_items WHERE id_item = " . $item['id']);
}
}
//rebuild tree
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
function IdentificationDesDroits($groupes_visibles_user, $groupes_interdits_user, $is_admin, $id_fonctions, $refresh)
{
global $server, $user, $pass, $database, $pre;
//include librairies
require_once "NestedTree.class.php";
require_once "class.database.php";
$db = new Database($server, $user, $pass, $database, $pre);
$db->connect();
//Check if user is ADMINISTRATOR
if ($is_admin == 1) {
$groupes_visibles = array();
$_SESSION['groupes_visibles'] = array();
$_SESSION['groupes_interdits'] = array();
$_SESSION['personal_visible_groups'] = array();
$_SESSION['groupes_visibles_list'] = "";
$rows = $db->fetch_all_array("SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = '0'");
foreach ($rows as $record) {
array_push($groupes_visibles, $record['id']);
}
$_SESSION['groupes_visibles'] = $groupes_visibles;
//Exclude all PF
$_SESSION['forbiden_pfs'] = array();
$sql = "SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = 1";
if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) {
$sql .= " AND title != '" . $_SESSION['user_id'] . "'";
}
//Get ID of personal folder
$pf = $db->fetch_array("SELECT id FROM " . $pre . "nested_tree WHERE title = '" . $_SESSION['user_id'] . "'");
if (!empty($pf[0])) {
if (!in_array($pf[0], $_SESSION['groupes_visibles'])) {
array_push($_SESSION['groupes_visibles'], $pf[0]);
array_push($_SESSION['personal_visible_groups'], $pf[0]);
//get all descendants
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title', 'personal_folder');
$tree->rebuild();
$tst = $tree->getDescendants($pf[0]);
foreach ($tst as $t) {
array_push($_SESSION['groupes_visibles'], $t->id);
array_push($_SESSION['personal_visible_groups'], $t->id);
}
}
}
$_SESSION['groupes_visibles_list'] = implode(',', $_SESSION['groupes_visibles']);
$_SESSION['is_admin'] = $is_admin;
//Check if admin has creating Folders and Roles
$ret = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "nested_tree");
$_SESSION['nb_folders'] = $ret[0];
$ret = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "roles_title");
$_SESSION['nb_roles'] = $ret[0];
} else {
//init
$_SESSION['groupes_visibles'] = array();
$_SESSION['groupes_interdits'] = array();
$_SESSION['personal_visible_groups'] = array();
$groupes_visibles = array();
$groupes_interdits = array();
$groupes_interdits_user = explode(';', TrimElement($groupes_interdits_user, ";"));
if (!empty($groupes_interdits_user) && count($groupes_interdits_user) > 0) {
$groupes_interdits = $groupes_interdits_user;
}
$_SESSION['is_admin'] = $is_admin;
$fonctions_associees = explode(';', TrimElement($id_fonctions, ";"));
$new_liste_gp_visibles = array();
$liste_gp_interdits = array();
$list_allowed_folders = array();
$list_forbiden_folders = array();
//build Tree
require_once "NestedTree.class.php";
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
//rechercher tous les groupes visibles en fonction des roles de l'utilisateur
foreach ($fonctions_associees as $role_id) {
if (!empty($role_id)) {
//Get allowed folders for each Role
$rows = $db->fetch_all_array("SELECT folder_id FROM " . $pre . "roles_values WHERE role_id=" . $role_id);
foreach ($rows as $record) {
if (isset($record['folder_id']) && !in_array($record['folder_id'], $list_allowed_folders)) {
array_push($list_allowed_folders, $record['folder_id']);
}
}
}
}
// => Build final lists
//Clean arrays
$allowed_folders_tmp = array();
$list_allowed_folders = array_unique($list_allowed_folders);
//Add user allowed folders
$allowed_folders_tmp = array_unique(array_merge($list_allowed_folders, explode(';', TrimElement($groupes_visibles_user, ";"))));
//Exclude from allowed folders all the specific user forbidden folders
$allowed_folders = array();
foreach ($allowed_folders_tmp as $id) {
if (!in_array($id, $groupes_interdits_user)) {
array_push($allowed_folders, $id);
}
}
//Clean array
$list_allowed_folders = array_filter(array_unique($list_allowed_folders));
//Exclude all PF
$_SESSION['forbiden_pfs'] = array();
$sql = "SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = 1";
if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) {
$sql .= " AND title != '" . $_SESSION['user_id'] . "'";
}
$pfs = $db->fetch_all_array($sql);
foreach ($pfs as $pf_id) {
array_push($_SESSION['forbiden_pfs'], $pf_id['id']);
}
//Get ID of personal folder
if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) {
$pf = $db->fetch_row("SELECT id FROM " . $pre . "nested_tree WHERE title = '" . $_SESSION['user_id'] . "'");
if (!empty($pf[0])) {
if (!in_array($pf[0], $list_allowed_folders)) {
//get all descendants
$ids = $tree->getDescendants($pf[0], true);
foreach ($ids as $id) {
array_push($list_allowed_folders, $id->id);
array_push($_SESSION['personal_visible_groups'], $id->id);
}
}
}
}
$_SESSION['groupes_visibles'] = $list_allowed_folders;
$_SESSION['groupes_visibles_list'] = implode(',', $list_allowed_folders);
}
}
break;
//CHANGE FORBIDDEN GROUPS
//CHANGE FORBIDDEN GROUPS
case "open_div_forgroups":
//Check KEY
if ($_POST['key'] != $_SESSION['key']) {
//error
exit;
}
$text = "";
//Refresh list of existing functions
$data_user = $db->fetch_row("SELECT groupes_interdits FROM " . $pre . "users WHERE id = " . $_POST['id']);
$user = explode(';', $data_user[0]);
require_once "NestedTree.class.php";
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree_desc = $tree->getDescendants();
foreach ($tree_desc as $t) {
if (in_array($t->id, $_SESSION['groupes_visibles']) && !in_array($t->id, $_SESSION['personal_visible_groups'])) {
$text .= '<input type="checkbox" id="cb_change_forgroup-' . $t->id . '"';
$ident = "";
for ($y = 1; $y < $t->nlevel; $y++) {
$ident .= " ";
}
if (in_array($t->id, $user)) {
$text .= ' checked';
}
$text .= '> ' . $ident . $t->title . '<br />';
$prev_level = $t->nlevel;
}
}
//return data
###########################################################
#CASE for deleting all items from DB that are linked to a folder that has been deleted
###########################################################
#CASE for deleting all items from DB that are linked to a folder that has been deleted
case "admin_action_db_clean_items":
//Libraries call
require_once "NestedTree.class.php";
require_once "main.functions.php";
//init
$folders_ids = array();
$text = "";
$nb_items_deleted = 0;
// prepare full tree
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
// Get an array of all folders
$folders = $tree->getDescendants();
foreach ($folders as $folder) {
if (!in_array($folder->id, $folders_ids)) {
array_push($folders_ids, $folder->id);
}
}
$items = $db->fetch_all_array("SELECT id,label FROM " . $pre . "items WHERE id_tree NOT IN(" . implode(',', $folders_ids) . ")");
foreach ($items as $item) {
$text .= $item['label'] . "[" . $item['id'] . "] - ";
//Delete item
$db->query("DELETE FROM " . $pre . "items WHERE id = " . $item['id']);
//log
$db->query("DELETE FROM " . $pre . "log_items WHERE id_item = " . $item['id']);
$nb_items_deleted++;
}
//Update CACHE table
* @licensing CC BY-ND (http://creativecommons.org/licenses/by-nd/3.0/legalcode)
* @link http://cpassman.org
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
die('Hacking attempt...');
}
/* load help*/
require_once 'includes/language/' . $_SESSION['user_language'] . '_admin_help.php';
/* Get full tree structure */
require_once "sources/NestedTree.class.php";
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tst = $tree->getDescendants();
/* Build list of all folders */
if ($_SESSION['is_admin'] == 1 || $_SESSION['can_create_root_folder'] == 1) {
$folders_list = "\\'0\\':\\'" . $txt['root'] . "\\'";
} else {
$folders_list = "";
}
$ident = "";
foreach ($tst as $t) {
if (in_array($t->id, $_SESSION['groupes_visibles']) && !in_array($t->id, $_SESSION['personal_visible_groups'])) {
if ($t->nlevel == 1) {
$ident = ">";
}
if ($t->nlevel == 2) {
$ident = "->";
}
* @copyright (c) 2009-2011 Nils Laumaillé
* @licensing CC BY-ND (http://creativecommons.org/licenses/by-nd/3.0/legalcode)
* @link http://cpassman.org
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
if (!isset($_SESSION['CPM']) || $_SESSION['CPM'] != 1) {
die('Hacking attempt...');
}
//Call nestedtree library and load full tree
require_once "sources/NestedTree.class.php";
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
$full_tree = $tree->getDescendants();
echo '
<div style="line-height: 24px;margin-top:10px;min-height:220px;">
<span class="ui-icon ui-icon-person" style="float: left; margin-right: .3em;"> </span>
' . $txt['index_welcome'] . ' <b>' . $_SESSION['login'] . '</b><br />';
//Check if password is valid
if (empty($_SESSION['last_pw_change']) || $_SESSION['validite_pw'] == false) {
echo '
<div style="margin:auto;padding:4px;width:300px;" class="ui-state-focus ui-corner-all">
<h3>' . $txt['index_change_pw'] . '</h3>
<div style="height:20px;text-align:center;margin:2px;display:none;" id="change_pwd_error" class=""></div>
<div id="pw_strength" style="margin:0 0 10px 30px;"></div>
<table>
<tr>
<td>' . $txt['index_new_pw'] . ' :</td><td><input type="password" size="10" name="new_pw" id="new_pw"/></td>
</tr>
echo 'window.location.href = "index.php?page=items";';
}
break;
#############
### CASE ####
### Delete a Group
#############
### CASE ####
### Delete a Group
case "delete_rep":
//Build tree
require_once "NestedTree.class.php";
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
// this will delete all sub folders and items associated
// Get through each subfolder
$folders = $tree->getDescendants($_POST['groupe'], true);
foreach ($folders as $folder) {
//delete folder
$db->query("DELETE FROM " . $pre . "nested_tree WHERE id = " . $folder->id);
//delete items & logs
$items = $db->fetch_all_array("SELECT id FROM " . $pre . "items WHERE id_tree='" . $folder->id . "'");
foreach ($items as $item) {
//Delete item
$db->query("DELETE FROM " . $pre . "items WHERE id = " . $item['id']);
//log
$db->query("DELETE FROM " . $pre . "log_items WHERE id_item = " . $item['id']);
}
}
echo 'window.location.href = "index.php?page=items";';
break;
#############
/**
* IdentifyUserRights()
*
* @return
*/
function IdentifyUserRights($groupes_visibles_user, $groupes_interdits_user, $is_admin, $id_fonctions, $refresh)
{
global $server, $user, $pass, $database, $pre;
//include librairies
require_once "NestedTree.class.php";
require_once "class.database.php";
$db = new Database($server, $user, $pass, $database, $pre);
$db->connect();
//Check if user is ADMINISTRATOR
if ($is_admin == 1) {
$groupes_visibles = array();
$_SESSION['groupes_visibles'] = array();
$_SESSION['groupes_interdits'] = array();
$_SESSION['personal_visible_groups'] = array();
$_SESSION['groupes_visibles_list'] = "";
$rows = $db->fetch_all_array("SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = '0'");
foreach ($rows as $record) {
array_push($groupes_visibles, $record['id']);
}
$_SESSION['groupes_visibles'] = $groupes_visibles;
$_SESSION['all_non_personal_folders'] = $groupes_visibles;
//Exclude all PF
$_SESSION['forbiden_pfs'] = array();
$sql = "SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = 1";
if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1) {
$sql .= " AND title != '" . $_SESSION['user_id'] . "'";
}
//Get ID of personal folder
$pf = $db->fetch_row("SELECT id FROM " . $pre . "nested_tree WHERE title = '" . $_SESSION['user_id'] . "'");
if (!empty($pf[0])) {
if (!in_array($pf[0], $_SESSION['groupes_visibles'])) {
array_push($_SESSION['groupes_visibles'], $pf[0]);
array_push($_SESSION['personal_visible_groups'], $pf[0]);
//get all descendants
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title', 'personal_folder');
$tree->rebuild();
$tst = $tree->getDescendants($pf[0]);
foreach ($tst as $t) {
array_push($_SESSION['groupes_visibles'], $t->id);
array_push($_SESSION['personal_visible_groups'], $t->id);
}
}
}
$_SESSION['groupes_visibles_list'] = implode(',', $_SESSION['groupes_visibles']);
$_SESSION['is_admin'] = $is_admin;
//Check if admin has creating Folders and Roles
$ret = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "nested_tree");
$_SESSION['nb_folders'] = $ret[0];
$ret = $db->fetch_row("SELECT COUNT(*) FROM " . $pre . "roles_title");
$_SESSION['nb_roles'] = $ret[0];
} else {
//init
$_SESSION['groupes_visibles'] = array();
$_SESSION['groupes_interdits'] = array();
$_SESSION['personal_visible_groups'] = array();
$groupes_visibles = array();
$groupes_interdits = array();
$groupes_interdits_user = explode(';', TrimElement($groupes_interdits_user, ";"));
if (!empty($groupes_interdits_user) && count($groupes_interdits_user) > 0) {
$groupes_interdits = $groupes_interdits_user;
}
$_SESSION['is_admin'] = $is_admin;
$fonctions_associees = explode(';', TrimElement($id_fonctions, ";"));
$new_liste_gp_visibles = array();
$liste_gp_interdits = array();
$list_allowed_folders = $list_forbiden_folders = $list_folders_limited = $list_folders_editable_by_role = array();
//build Tree
require_once "NestedTree.class.php";
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
//rechercher tous les groupes visibles en fonction des roles de l'utilisateur
foreach ($fonctions_associees as $role_id) {
if (!empty($role_id)) {
//Get allowed folders for each Role
$rows = $db->fetch_all_array("\r\n\t\t\t\t\tSELECT folder_id\r\n\t\t\t\t\tFROM " . $pre . "roles_values\r\n\t\t\t\t\tWHERE role_id=" . $role_id);
if (count($rows) > 0) {
foreach ($rows as $reccord) {
if (isset($reccord['folder_id']) && !in_array($reccord['folder_id'], $list_allowed_folders)) {
array_push($list_allowed_folders, $reccord['folder_id']);
}
//Check if this group is allowed to modify any pw in allowed folders
$tmp = $db->query_first("\r\n \t\t\t\tSELECT allow_pw_change\r\n\t\t \t\tFROM " . $pre . "roles_title\r\n\t\t \t\tWHERE id = " . $role_id);
if ($tmp['allow_pw_change'] == 1 && !in_array($tmp['allow_pw_change'], $list_folders_editable_by_role)) {
array_push($list_folders_editable_by_role, $reccord['folder_id']);
}
}
//Check for the users roles if some specific rights exist on items
$rows = $db->fetch_all_array("\r\n\t\t\t\t\t\tSELECT i.id_tree, r.item_id\r\n\t\t\t\t\t\tFROM " . $pre . "items AS i\r\n\t\t\t\t\t\tINNER JOIN " . $pre . "restriction_to_roles AS r ON (r.item_id=i.id)\r\n\t\t\t\t\t\tWHERE r.role_id=" . $role_id . "\r\n\t\t\t\t\t\tORDER BY i.id_tree ASC\r\n\t\t\t\t\t");
$x = 0;
foreach ($rows as $reccord) {
if (isset($reccord['id_tree'])) {
$list_folders_limited[$reccord['id_tree']][$x] = $reccord['item_id'];
$x++;
}
}
}
}
}
// => Build final lists
//Clean arrays
$allowed_folders_tmp = array();
$list_allowed_folders = array_unique($list_allowed_folders);
//Add user allowed folders
$allowed_folders_tmp = array_unique(array_merge($list_allowed_folders, explode(';', TrimElement($groupes_visibles_user, ";"))));
//Exclude from allowed folders all the specific user forbidden folders
$allowed_folders = array();
foreach ($allowed_folders_tmp as $id) {
if (!in_array($id, $groupes_interdits_user)) {
array_push($allowed_folders, $id);
}
}
//Clean array
$list_allowed_folders = array_filter(array_unique(array_merge($list_allowed_folders, $allowed_folders)));
//Exclude all PF
$_SESSION['forbiden_pfs'] = array();
$sql = "SELECT id FROM " . $pre . "nested_tree WHERE personal_folder = 1";
if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1 && isset($_SESSION['personal_folder']) && $_SESSION['personal_folder'] == 1) {
$sql .= " AND title != '" . $_SESSION['user_id'] . "'";
}
$pfs = $db->fetch_all_array($sql);
foreach ($pfs as $pf_id) {
array_push($_SESSION['forbiden_pfs'], $pf_id['id']);
}
//Get ID of personal folder
if (isset($_SESSION['settings']['enable_pf_feature']) && $_SESSION['settings']['enable_pf_feature'] == 1 && isset($_SESSION['personal_folder']) && $_SESSION['personal_folder'] == 1) {
$pf = $db->fetch_row("SELECT id FROM " . $pre . "nested_tree WHERE title = '" . $_SESSION['user_id'] . "'");
if (!empty($pf[0])) {
if (!in_array($pf[0], $list_allowed_folders)) {
//get all descendants
$ids = $tree->getDescendants($pf[0], true);
foreach ($ids as $id) {
array_push($list_allowed_folders, $id->id);
array_push($_SESSION['personal_visible_groups'], $id->id);
}
}
}
}
$_SESSION['groupes_visibles'] = $list_allowed_folders;
$_SESSION['groupes_visibles_list'] = implode(',', $list_allowed_folders);
$_SESSION['list_folders_limited'] = $list_folders_limited;
$_SESSION['list_folders_editable_by_role'] = $list_folders_editable_by_role;
}
}
