function addGroupUser() { global $submitErr, $submitErrMsg; $groupid = getContinuationVar("groupid"); $newuser = processInputVar("newuser", ARG_STRING); if (validateUserid($newuser) != 1) { $submitErr |= IDNAMEERR; $submitErrMsg[IDNAMEERR] = "Invalid login ID"; editOrAddGroup(0); return; } addUserGroupMember($newuser, $groupid); editOrAddGroup(0); }
function XMLRPCaddUsersToGroup($name, $affiliation, $users) { global $user; if (!in_array('groupAdmin', $user['privileges'])) { return array('status' => 'error', 'errorcode' => 16, 'errormsg' => 'access denied for managing user groups'); } $validate = array('name' => $name, 'affiliation' => $affiliation); $rc = validateAPIgroupInput($validate, 1); if ($rc['status'] == 'error') { return $rc; } $query = "SELECT ownerid, " . "editusergroupid AS editgroupid " . "FROM usergroup " . "WHERE id = {$rc['id']}"; $qh = doQuery($query, 101); if (!($row = mysql_fetch_assoc($qh))) { return array('status' => 'error', 'errorcode' => 18, 'errormsg' => 'user group with submitted name and affiliation does not exist'); } # if not owner and not member of managing group, no access if ($user['id'] != $row['ownerid'] && !array_key_exists($row['editgroupid'], $user['groups'])) { return array('status' => 'error', 'errorcode' => 28, 'errormsg' => 'access denied to user group with submitted name and affiliation'); } $fails = array(); foreach ($users as $_user) { if (empty($_user)) { continue; } $esc_user = mysql_escape_string($_user); if (validateUserid($esc_user) == 1) { addUserGroupMember($esc_user, $rc['id']); } else { $fails[] = $_user; } } if (count($fails)) { $cnt = 'some'; $code = 34; if (count($fails) == count($users)) { $cnt = 'all submitted'; $code = 35; } return array('status' => 'warning', 'failedusers' => $fails, 'warningcode' => $code, 'warningmsg' => "failed to add {$cnt} users to user group"); } return array('status' => 'success'); }