public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST)) { if (!empty($_POST['delete']) || !empty($_POST['newPermission'])) { //Delete permission levels if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deletePermission($deletions)) { $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count)); } } //Create new permission level if (!empty($_POST['newPermission'])) { $permission = trim($_POST['newPermission']); //Validate request if (permissionNameExists($permission)) { $errors[] = lang("PERMISSION_NAME_IN_USE", array($permission)); } elseif (minMaxRange(1, 50, $permission)) { $errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50)); } else { if (createPermission($permission)) { $successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission)); } else { $errors[] = lang("SQL_ERROR"); } } } } else { $errors[] = lang("NO_PERMISSION_SELECTED"); } } $permissionData = fetchAllPermissions(); //Retrieve list of all permission levels require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminPermissions' action='" . $_SERVER['PHP_SELF'] . "' method='post'>\r\n<table class='admin'>\r\n<tr>\r\n<th>Delete</th><th>Permission Name</th>\r\n</tr>"; //List each permission level foreach ($permissionData as $v1) { echo "\r\n\t<tr>\r\n\t<td><input type='checkbox' name='delete[" . $v1['id'] . "]' id='delete[" . $v1['id'] . "]' value='" . $v1['id'] . "'></td>\r\n\t<td><a href='" . str_replace('index.php/', '', site_url('admin_permission')) . "?id=" . $v1['id'] . "'>" . $v1['name'] . "</a></td>\r\n\t</tr>"; } echo "\r\n</table>\r\n<p>\r\n<label>Permission Name:</label>\r\n<input type='text' name='newPermission' />\r\n</p> \r\n<input type='submit' name='Submit' value='Submit' />\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
<?php require_once "models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST)) { //Delete permission levels if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deletePermission($deletions)) { $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count)); } } //Create new permission level if (!empty($_POST['newPermission'])) { $permission = trim($_POST['newPermission']); //Validate request if (permissionNameExists($permission)) { $errors[] = lang("PERMISSION_NAME_IN_USE", array($permission)); } elseif (minMaxRange(1, 50, $permission)) { $errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50)); } else { if (createPermission($permission)) { $successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission)); } else { $errors[] = lang("SQL_ERROR"); } } }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } $permissionId = $_GET['id']; //Check if selected permission level exists if (!permissionIdExists($permissionId)) { header("Location: " . site_url('admin_permissions')); die; } $permissionDetails = fetchPermissionDetails($permissionId); //Fetch information specific to permission level //Forms posted if (!empty($_POST)) { //Delete selected permission level if (!empty($_POST['delete'])) { $deletions = $_POST['delete']; if ($deletion_count = deletePermission($deletions)) { $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count)); header("Location: " . site_url('admin_permissions')); } else { $errors[] = lang("SQL_ERROR"); } } else { //Update permission level name if ($permissionDetails[0]['name'] != $_POST['name']) { $permission = trim($_POST['name']); //Validate new name if (permissionNameExists($permission)) { $errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission)); } elseif (minMaxRange(1, 50, $permission)) { $errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50)); } else { if (updatePermissionName($permissionId, $permission)) { $successes[] = lang("PERMISSION_NAME_UPDATE", array($permission)); } else { $errors[] = lang("SQL_ERROR"); } } } //Remove access to pages if (!empty($_POST['removePermission'])) { $remove = $_POST['removePermission']; if ($deletion_count = removePermission($permissionId, $remove)) { $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Add access to pages if (!empty($_POST['addPermission'])) { $add = $_POST['addPermission']; if ($addition_count = addPermission($permissionId, $add)) { $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Remove access to pages if (!empty($_POST['removePage'])) { $remove = $_POST['removePage']; if ($deletion_count = removePage($remove, $permissionId)) { $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count)); } else { $errors[] = lang("SQL_ERROR"); } } //Add access to pages if (!empty($_POST['addPage'])) { $add = $_POST['addPage']; if ($addition_count = addPage($add, $permissionId)) { $successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count)); } else { $errors[] = lang("SQL_ERROR"); } } $permissionDetails = fetchPermissionDetails($permissionId); } } $pagePermissions = fetchPermissionPages($permissionId); //Retrieve list of accessible pages $permissionUsers = fetchPermissionUsers($permissionId); //Retrieve list of users with membership $userData = fetchAllUsers(); //Fetch all users $pageData = fetchAllPages(); //Fetch all pages require_once "{$baseURL}/application/third_party/user_cake/models/header.php"; echo "\r\n<body>\r\n<div id='wrapper'>\r\n<div id='top'><div id='logo'></div></div>\r\n<div id='content'>\r\n<h1>UserCake (Via CupCake)</h1>\r\n<h2>Admin Permissions</h2>\r\n<div id='left-nav'>"; include "{$baseURL}/application/third_party/user_cake/left-nav.php"; echo "\r\n</div>\r\n<div id='main'>"; echo resultBlock($errors, $successes); echo "\r\n<form name='adminPermission' action='" . $_SERVER['PHP_SELF'] . "?id=" . $permissionId . "' method='post'>\r\n<table class='admin'>\r\n<tr><td>\r\n<h3>Permission Information</h3>\r\n<div id='regbox'>\r\n<p>\r\n<label>ID:</label>\r\n" . $permissionDetails[0]['id'] . "\r\n</p>\r\n<p>\r\n<label>Name:</label>\r\n<input type='text' name='name' value='" . $permissionDetails[0]['name'] . "' />\r\n</p>\r\n<label>Delete:</label>\r\n<input type='checkbox' name='delete[" . $permissionDetails[0]['id'] . "]' id='delete[" . $permissionDetails[0]['id'] . "]' value='" . $permissionDetails[0]['id'] . "'>\r\n</p>\r\n</div></td><td>\r\n<h3>Permission Membership</h3>\r\n<div id='regbox'>\r\n<p>\r\nRemove Members:"; //List users with permission level foreach ($userData as $v1) { if (isset($permissionUsers[$v1['id']])) { echo "<br><input type='checkbox' name='removePermission[" . $v1['id'] . "]' id='removePermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name']; } } echo "\r\n</p><p>Add Members:"; //List users without permission level foreach ($userData as $v1) { if (!isset($permissionUsers[$v1['id']])) { echo "<br><input type='checkbox' name='addPermission[" . $v1['id'] . "]' id='addPermission[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['display_name']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n<td>\r\n<h3>Permission Access</h3>\r\n<div id='regbox'>\r\n<p>\r\nPublic Access:"; //List public pages foreach ($pageData as $v1) { if ($v1['private'] != 1) { echo "<br>" . $v1['page']; } } echo "\r\n</p>\r\n<p>\r\nRemove Access:"; //List pages accessible to permission level foreach ($pageData as $v1) { if (isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) { echo "<br><input type='checkbox' name='removePage[" . $v1['id'] . "]' id='removePage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page']; } } echo "\r\n</p><p>Add Access:"; //List pages inaccessible to permission level foreach ($pageData as $v1) { if (!isset($pagePermissions[$v1['id']]) and $v1['private'] == 1) { echo "<br><input type='checkbox' name='addPage[" . $v1['id'] . "]' id='addPage[" . $v1['id'] . "]' value='" . $v1['id'] . "'> " . $v1['page']; } } echo "\r\n</p>\r\n</div>\r\n</td>\r\n</tr>\r\n</table>\r\n<p>\r\n<label> </label>\r\n<input type='submit' value='Update' class='submit' />\r\n</p>\r\n</form>\r\n</div>\r\n<div id='bottom'></div>\r\n</div>\r\n</body>\r\n</html>"; }
//////// END OF VALIDATIONS //////////////// ?> <html> <style type="text/css"> @import url(zivStyle.css); </style> <script language="javascript" src="javascripts/javaScriptFunctions.js"></script> <head> </head> <body> <form name="permissiongroups" action="managePermissionGroups.php" method="post" onsubmit="return confirmDelete()"> <?php // call function to show all the permissions groups and add group main page if (isset($_POST['deletePermission'])) { if (isset($_POST['selectedPermission'])) { deletePermission($_POST['selectedPermission']); } // call a function to delete the permission } if (isset($_POST['addPermission'])) { addPermission(); // call a function to delete the permission } new_draw_persmissions_page(); ?> </form> <?php // check which radio button was selected /******************************************************************************* *Name: addPermission *Discription: This functions adds a permission from the database
/** * Handles permission modification actions from the upper part of the * permission manager index. */ public function action_quick() { global $context; checkSession(); validateToken('admin-mpq', 'quick'); // we'll need to init illegal permissions, update permissions, etc. require_once SUBSDIR . '/Permission.subs.php'; require_once SUBSDIR . '/ManagePermissions.subs.php'; loadIllegalPermissions(); loadIllegalGuestPermissions(); // Make sure only one of the quick options was selected. if (!empty($_POST['predefined']) && (isset($_POST['copy_from']) && $_POST['copy_from'] != 'empty' || !empty($_POST['permissions'])) || !empty($_POST['copy_from']) && $_POST['copy_from'] != 'empty' && !empty($_POST['permissions'])) { fatal_lang_error('permissions_only_one_option', false); } if (empty($_POST['group']) || !is_array($_POST['group'])) { $_POST['group'] = array(); } // Only accept numeric values for selected membergroups. foreach ($_POST['group'] as $id => $group_id) { $_POST['group'][$id] = (int) $group_id; } $_POST['group'] = array_unique($_POST['group']); if (empty($_REQUEST['pid'])) { $_REQUEST['pid'] = 0; } else { $_REQUEST['pid'] = (int) $_REQUEST['pid']; } // Fix up the old global to the new default! $bid = max(1, $_REQUEST['pid']); // No modifying the predefined profiles. if ($_REQUEST['pid'] > 1 && $_REQUEST['pid'] < 5) { fatal_lang_error('no_access', false); } // Clear out any cached authority. updateSettings(array('settings_updated' => time())); // No groups where selected. if (empty($_POST['group'])) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } // Set a predefined permission profile. if (!empty($_POST['predefined'])) { // Make sure it's a predefined permission set we expect. if (!in_array($_POST['predefined'], array('restrict', 'standard', 'moderator', 'maintenance'))) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } foreach ($_POST['group'] as $group_id) { if (!empty($_REQUEST['pid'])) { setPermissionLevel($_POST['predefined'], $group_id, $_REQUEST['pid']); } else { setPermissionLevel($_POST['predefined'], $group_id); } } } elseif ($_POST['copy_from'] != 'empty') { // Just checking the input. if (!is_numeric($_POST['copy_from'])) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } // Make sure the group we're copying to is never included. $_POST['group'] = array_diff($_POST['group'], array($_POST['copy_from'])); // No groups left? Too bad. if (empty($_POST['group'])) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } if (empty($_REQUEST['pid'])) { copyPermission($_POST['copy_from'], $_POST['group'], $context['illegal_permissions'], $context['non_guest_permissions']); } // Now do the same for the board permissions. copyBoardPermission($_POST['copy_from'], $_POST['group'], $bid, $context['non_guest_permissions']); // Update any children out there! updateChildPermissions($_POST['group'], $_REQUEST['pid']); } elseif (!empty($_POST['permissions'])) { // Unpack two variables that were transported. list($permissionType, $permission) = explode('/', $_POST['permissions']); // Check whether our input is within expected range. if (!in_array($_POST['add_remove'], array('add', 'clear', 'deny')) || !in_array($permissionType, array('membergroup', 'board'))) { redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); } if ($_POST['add_remove'] == 'clear') { if ($permissionType == 'membergroup') { deletePermission($_POST['group'], $permission, $context['illegal_permissions']); } else { deleteBoardPermission($_POST['group'], $bid, $permission); } } else { $add_deny = $_POST['add_remove'] == 'add' ? '1' : '0'; $permChange = array(); foreach ($_POST['group'] as $groupID) { if ($groupID == -1 && in_array($permission, $context['non_guest_permissions'])) { continue; } if ($permissionType == 'membergroup' && $groupID != 1 && $groupID != 3 && (empty($context['illegal_permissions']) || !in_array($permission, $context['illegal_permissions']))) { $permChange[] = array($permission, $groupID, $add_deny); } elseif ($permissionType != 'membergroup') { $permChange[] = array($permission, $groupID, $add_deny, $bid); } } if (!empty($permChange)) { if ($permissionType == 'membergroup') { replacePermission($permChange); } else { replaceBoardPermission($permChange); } } } // Another child update! updateChildPermissions($_POST['group'], $_REQUEST['pid']); } redirectexit('action=admin;area=permissions;pid=' . $_REQUEST['pid']); }