$MENUBAR = convertUri($MENUBAR);
$CONTENT = convertUri($CONTENT);
$INHERITEDINFO = convertUri($INHERITEDINFO);
$BREADCRUMB = convertUri($BREADCRUMB);
$ACTIONBARPAGE = convertUri($ACTIONBARPAGE);
$ACTIONBARMODULE = convertUri($ACTIONBARMODULE);
$INFOSTRING = convertUri($INFOSTRING);
$ERRORSTRING = convertUri($ERRORSTRING);
$WARNINGSTRING = convertUri($WARNINGSTRING);
$LOGINFORM = convertUri($LOGINFORM);
}
///Some extra debugging information if debugSet is enabled
if ($debugSet == "on") {
$DEBUGINFO .= "Page Full text path : " . $pageFullPath . "<br /><br />\n";
$DEBUGINFO .= "UID : " . getUserId() . "<br /><br />\n";
$DEBUGINFO .= "GIDS : " . arraytostring(getGroupIds($userId)) . "<br /><br />\n";
$DEBUGINFO .= "Action : " . $action . "<br /><br />\n";
$DEBUGINFO .= "Get Vars : " . arraytostring($_GET) . "<br /><br />\n";
$DEBUGINFO .= "Page Id : " . $pageId . "<br /><br />\n";
$DEBUGINFO .= "Page id path : " . arraytostring($pageIdArray) . "\n<br /><br />";
$DEBUGINFO .= "Title : " . $TITLE . "\n<br /><br />";
$DEBUGINFO .= "SERVER info : " . arraytostring($_SERVER) . "\n<br /><br />";
$DEBUGINFO .= "POST info : " . arraytostring($_POST) . "\n<br /><br />";
$DEBUGINFO .= "FILES info : " . arraytostring($_FILES) . "\n<br /><br />";
$DEBUGINFO .= "SESSION info : " . arraytostring($_SESSION) . "\n<br /><br />";
$DEBUGINFO .= "STARTSCRIPTS : " . $STARTSCRIPTS . "\n<br/><br/>";
if ($DEBUGINFO != "") {
displayinfo($DEBUGINFO);
}
}
///Used to check in subsequent requests if cookies are supported or not
/**
* Determines which permissions a user can grant, and to which groups and users on a given page
* @param $userid User id of the user attempting to grant permissions
* @param $pagepath Array containing the page ids of the nodes on the path to the given page
* @param $modifiableGroups Buffer to store the groups the user can grant permissions to
* @param $grantableActions Buffer to store the list of actions the user can grant permissions for
* @return Boolean, indicating whether the function was successful
*/
function grantPermissions($userid, $pageid)
{
//serving change permission requests
if (isset($_GET['doaction']) && $_GET['doaction'] == "changePerm") {
$permtype = escape($_GET['permtype']);
$pageid = escape($_GET['pageid']);
$usergroupid = escape($_GET['usergroupid']);
$permid = escape($_GET['permid']);
$perm = escape($_GET['perm']);
$flag = true;
if ($perm == 'Y' || $perm == 'N') {
if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
if ($permission['perm_permission'] != $perm) {
mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "userpageperm` SET `perm_permission` = '{$perm}' WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
if (mysql_affected_rows() == 0) {
$flag = false;
}
}
} else {
mysql_query("INSERT `" . MYSQL_DATABASE_PREFIX . "userpageperm`(`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) VALUES('{$permtype}','{$pageid}','{$usergroupid}','{$permid}','{$perm}')");
if (mysql_affected_rows() == 0) {
$flag = false;
}
}
} else {
if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) {
mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'");
if (mysql_affected_rows() == 0) {
$flag = false;
}
}
}
if ($flag) {
echo "1";
} else {
echo "0";
}
disconnect();
exit;
}
//serving refresh permissions request
if (isset($_GET['doaction']) && $_GET['doaction'] == 'getpermvars' && isset($_GET['pageid'])) {
global $cmsFolder, $urlRequestRoot, $templateFolder;
$pageid = escape($_GET['pageid']);
if (mysql_fetch_array(mysql_query("SELECT `page_name` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageid}'"))) {
$pagepath = array();
parseUrlDereferenced($pageid, $pagepath);
$pageid = $pagepath[count($pagepath) - 1];
$groups = array_reverse(getGroupIds($userid));
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
if ($maxPriorityGroup == -1) {
return 'You do not have the required permissions to view this page.';
}
if ($virtue == 'user') {
$grantableActions = getGroupPermissions($groups, $pagepath, $userid);
} else {
$grantableActions = getGroupPermissions($groups, $pagepath);
}
$actionCount = count($_POST['permission']);
$checkedActions = array();
for ($i = 0; $i < $actionCount; $i++) {
list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
if (isset($_POST[$modTemp . $actTemp])) {
if (isset($grantableActions[$modTemp])) {
for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
if ($grantableActions[$modTemp][$j][1] == $actTemp) {
$checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
break;
}
}
}
}
}
if (count($checkedActions) > 0) {
$grantableActions = $checkedActions;
}
$modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
$modifiableGroupIds = array(0, 1);
for ($i = 0; $i < count($modifiableGroups); $i++) {
$modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
}
$permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
$ret = <<<RET
pageid = {$pageid};
{$permissions}
RET;
echo $ret;
} else {
echo "Error: Invalid Pageid passed";
}
disconnect();
exit;
}
global $cmsFolder, $urlRequestRoot;
$pagepath = array();
parseUrlDereferenced($pageid, $pagepath);
$pageid = $pagepath[count($pagepath) - 1];
$groups = array_reverse(getGroupIds($userid));
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue);
if ($maxPriorityGroup == -1) {
return 'You do not have the required permissions to view this page.';
}
if ($virtue == 'user') {
$grantableActions = getGroupPermissions($groups, $pagepath, $userid);
} else {
$grantableActions = getGroupPermissions($groups, $pagepath);
}
if (isset($_POST['permission'])) {
$actionCount = count($_POST['permission']);
} else {
$actionCount = "";
}
$checkedActions = array();
for ($i = 0; $i < $actionCount; $i++) {
list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2);
if (isset($_POST[$modTemp . $actTemp])) {
if (isset($grantableActions[$modTemp])) {
for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) {
if ($grantableActions[$modTemp][$j][1] == $actTemp) {
$checkedActions[$modTemp][] = $grantableActions[$modTemp][$j];
break;
}
}
}
}
}
if (count($checkedActions) > 0) {
$grantableActions = $checkedActions;
}
$modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup);
$modifiableGroupIds = array(0, 1);
for ($i = 0; $i < count($modifiableGroups); $i++) {
$modifiableGroupIds[] = $modifiableGroups[$i]['group_id'];
}
$perms = json_encode(formatPermissions($grantableActions));
$permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions);
$groups = customGetGroups($maxPriorityGroup);
$users = customGetAllUsers();
global $templateFolder;
$smarttableconfig = array('permtable' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }'), 'permtable2' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }'));
$ret = smarttable::render(array('permtable', 'permtable2'), $smarttableconfig);
$globals = getGlobalSettings();
$baseURL = "./+grant&doaction=changePerm";
if ($globals['url_rewrite'] == 'false') {
$baseURL = prettyurl($baseURL);
}
$selected = "var selected = {'permissions' : [], 'users' : [], 'groups' : []};";
if (isset($_GET['doaction']) && $_GET['doaction'] == 'getUserPerm') {
$get_selectedPerms = array();
$get_selectedGroups = array();
$get_selectedUsers = array();
foreach ($_POST as $key => $var) {
if (substr($key, 0, 12) == "permissions_") {
$get_selectedPerms[] = (int) substr($key, 12);
}
}
list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
$save = 0;
foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
$found = false;
foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
foreach ($get_selectedPerms as $selected_perm) {
if ($selected_perm == $get_permId) {
$get_selectedGroups[] = (int) $get_groupId;
$found = true;
}
}
if ($found) {
break;
}
}
if ($get_groupId == 0 && $found) {
$save += 1;
}
if ($get_groupId == 1 && $found) {
$save += 2;
}
}
foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
$found = false;
foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
foreach ($get_selectedPerms as $selected_perm) {
if ($selected_perm == $get_permId) {
$get_selectedUsers[] = (int) $get_userId;
$found = true;
}
}
if ($found) {
break;
}
}
}
$get_selectedGroups = filterByPriority($maxPriorityGroup, $get_selectedGroups);
if ($save % 2 == 1) {
$get_selectedGroups[] = 0;
}
if ($save / 2 == 1) {
$get_selectedGroups[] = 1;
}
$selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
}
if (isset($_GET['doaction']) && $_GET['doaction'] == 'getPermUser') {
$get_selectedPerms = array();
$get_selectedGroups = array();
$get_selectedUsers = array();
foreach ($_POST as $key => $var) {
if (substr($key, 0, 6) == "users_") {
$get_selectedUsers[] = (int) substr($key, 6);
} else {
if (substr($key, 0, 7) == "groups_") {
$get_selectedGroups[] = (int) substr($key, 7);
}
}
}
list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions);
$save = 0;
foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) {
if (isPresent($get_groupId, $get_selectedGroups)) {
foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) {
if (!isPresent($get_permId, $get_selectedPerms)) {
$get_selectedPerms[] = $get_permId;
}
}
}
}
foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) {
if (isPresent($get_userId, $get_selectedUsers)) {
foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) {
if (!isPresent($get_permId, $get_selectedPerms)) {
$get_selectedPerms[] = $get_permId;
}
}
}
}
$selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};";
}
$ret .= <<<RET
<style type="text/css" title="currentStyle">
\tdiv#permtable_filter input { width: 90px; }
\tdiv#permtable2_filter input { width: 90px; }
</style>
<script type="text/javascript" language="javascript" src="{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts/permissionsTable.js"></script>
<script type="text/javascript">
var baseURL = "{$baseURL}";
var pageid = {$pageid};
var permissions = {$perms};
var permGroups;
var permUsers;
var groups = {{$groups}};
var users = {{$users}};
{$permissions}
{$selected}
</script>
<div id='info'></div>
<INPUT type=checkbox id='skipAlerts'> Skip Alerts <br>
<div id='permTable'>
</div>
<table width=100%>
<tr>
<td width=50%>
<a href='javascript:selectAll1()'>Select All</a> <a href='javascript:clearAll1()'>Clear All</a> <a href='javascript:toggle1()'>Toggle</a> <a href='javascript:getuserperm()'>Check Users having selected Permission</a><br>
<form action='./+grant&doaction=getUserPerm' method="POST" id='getuserperm'>
<table class="userlisttable display" id='permtable' name='permtable'><thead><tr><th>Permissions</th></thead><tbody id='actionsList'>
</tbody></table>
</form>
</td>
<td width=50%>
<a href='javascript:selectAll2()'>Select All</a> <a href='javascript:clearAll2()'>Clear All</a> <a href='javascript:toggle2()'>Toggle</a> <a href='javascript:getpermuser()'>Check Permissions selected User is having</a><br>
<form action='./+grant&doaction=getPermUser' method="POST" id='getpermuser'>
<table class="userlisttable display" id='permtable2' name='permtable2'><thead><tr><th>Users</th></thead><tbody id='usersList'>
</tbody></table>
</form>
</td>
</tr>
</table>
<a href='javascript:populateList()'>Click here if the lists are empty</a>
RET;
global $STARTSCRIPTS;
$STARTSCRIPTS .= " populateList();";
return $ret;
}
function groupManagementForm($currentUserId, $modifiableGroups, &$pagePath)
{
require_once "group.lib.php";
global $ICONS;
global $urlRequestRoot, $cmsFolder, $templateFolder, $moduleFolder, $sourceFolder;
$scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts";
$imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images";
/// Parse any get variables, do necessary validation and stuff, so that we needn't check inside every if
$groupRow = $groupId = $userId = null;
$subAction = '';
//isset($_GET['subaction']) ? $_GET['subaction'] : '';
if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgroup' && isset($_GET['groupname']) || isset($_POST['btnEditGroup']) && isset($_POST['selEditGroups'])) {
$subAction = 'showeditform';
} elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'associateform') {
$subAction = 'associateform';
} elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'deleteuser' && isset($_GET['groupname']) && isset($_GET['useremail'])) {
$subAction = 'deleteuser';
} elseif (isset($_POST['btnAddUserToGroup'])) {
$subAction = 'addusertogroup';
} elseif (isset($_POST['btnSaveGroupProperties'])) {
$subAction = 'savegroupproperties';
} elseif (isset($_POST['btnEditGroupPriorities']) || isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgrouppriorities') {
$subAction = 'editgrouppriorities';
}
if (isset($_POST['selEditGroups']) || isset($_GET['groupname'])) {
$groupRow = getGroupRow(isset($_POST['selEditGroups']) ? escape($_POST['selEditGroups']) : escape($_GET['groupname']));
$groupId = $groupRow['group_id'];
if ($subAction != 'editgrouppriorities' && (!$groupRow || !$groupId || $groupId < 2)) {
displayerror('Error! Invalid group requested.');
return;
}
if (!is_null($groupId)) {
if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
displayerror('You do not have the permission to modify the selected group.');
return '';
}
}
}
if (isset($_GET['useremail'])) {
$userId = getUserIdFromEmail($_GET['useremail']);
}
if ($subAction != 'editgrouppriorities' && (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups' && !is_null($groupId))) {
if ($subAction == 'deleteuser') {
if ($groupRow['form_id'] != 0) {
displayerror('The group is associated with a form. To remove a user, use the edit registrants in the assoicated form.');
} elseif (!$userId) {
displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
} else {
$deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = \'' . $userId . '\' AND `group_id` = ' . $groupId;
$deleteResult = mysql_query($deleteQuery);
if (!$deleteResult || mysql_affected_rows() != 1) {
displayerror('Could not delete user with the given E-mail from the given group.');
} else {
displayinfo('Successfully removed user from the current group');
if ($userId == $currentUserId) {
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
$modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
}
}
}
} elseif ($subAction == 'savegroupproperties' && isset($_POST['txtGroupDescription'])) {
$updateQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_description` = '" . escape($_POST['txtGroupDescription']) . "' WHERE `group_id` = '{$groupId}'";
$updateResult = mysql_query($updateQuery);
if (!$updateResult) {
displayerror('Could not update database.');
} else {
displayinfo('Changes to the group have been successfully saved.');
}
$groupRow = getGroupRow($groupRow['group_name']);
} elseif ($subAction == 'addusertogroup' && isset($_POST['txtUserEmail']) && trim($_POST['txtUserEmail']) != '') {
if ($groupRow['form_id'] != 0) {
displayerror('The selected group is associated with a form. To add a user, register the user to the form.');
} else {
$passedEmails = explode(',', escape($_POST['txtUserEmail']));
for ($i = 0; $i < count($passedEmails); $i++) {
$hyphenPos = strpos($passedEmails[$i], '-');
if ($hyphenPos >= 0) {
$userEmail = trim(substr($passedEmails[$i], 0, $hyphenPos - 1));
} else {
$userEmail = escape($_POST['txtUserEmail']);
}
$userId = getUserIdFromEmail($userEmail);
if (!$userId || $userId < 1) {
displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
}
if (!addUserToGroupName($groupRow['group_name'], $userId)) {
displayerror('Could not add the given user to the current group.');
} else {
displayinfo('User has been successfully inserted into the given group.');
}
}
}
} elseif ($subAction == 'associateform') {
if (isset($_POST['btnAssociateGroup'])) {
$pageIdArray = array();
$formPageId = parseUrlReal(escape($_POST['selFormPath']), $pageIdArray);
if ($formPageId <= 0 || getPageModule($formPageId) != 'form') {
displayerror('Invalid page selected! The page you selected is not a form.');
} elseif (!getPermissions($currentUserId, $formPageId, 'editregistrants', 'form')) {
displayerror('You do not have the permissions to associate the selected form with a group.');
} else {
$formModuleId = getModuleComponentIdFromPageId($formPageId, 'form');
require_once "{$sourceFolder}/{$moduleFolder}/form.lib.php";
if (isGroupEmpty($groupId) || form::getRegisteredUserCount($formModuleId) == 0) {
associateGroupWithForm($groupId, $formModuleId);
$groupRow = getGroupRow($groupRow['group_name']);
} else {
displayerror('Both the group and the form already contain registered users, and the group cannot be associated with the selected form.');
}
}
} elseif (isset($_POST['btnUnassociateGroup'])) {
if ($groupRow['form_id'] <= 0) {
displayerror('The selected group is currently not associated with any form.');
} elseif (!getPermissions($currentUserId, getPageIdFromModuleComponentId('form', $groupRow['form_id']), 'editregistrants', 'form')) {
displayerror('You do not have the permissions to unassociate the form from this group.');
} else {
unassociateFormFromGroup($groupId);
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
$modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
$groupRow = getGroupRow($groupRow['group_name']);
}
}
}
if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
displayerror('You do not have the permission to modify the selected group.');
return '';
}
$usersTable = '`' . MYSQL_DATABASE_PREFIX . 'users`';
$usergroupTable = '`' . MYSQL_DATABASE_PREFIX . 'usergroup`';
$userQuery = "SELECT `user_email`, `user_fullname` FROM {$usergroupTable}, {$usersTable} WHERE `group_id` = '{$groupId}' AND {$usersTable}.`user_id` = {$usergroupTable}.`user_id` ORDER BY `user_email`";
$userResult = mysql_query($userQuery);
if (!$userResult) {
displayerror('Error! Could not fetch group information.');
return '';
}
$userEmails = array();
$userFullnames = array();
while ($userRow = mysql_fetch_row($userResult)) {
$userEmails[] = $userRow[0];
$userFullnames[] = $userRow[1];
}
$groupEditForm = <<<GROUPEDITFORM
\t\t\t<h2>Group '{$groupRow['group_name']}' - '{$groupRow['group_description']}'</h2><br />
\t\t\t<fieldset style="padding: 8px">
\t\t\t\t<legend>{$ICONS['User Groups']['small']}Group Properties</legend>
\t\t\t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
\t\t\t\t\tGroup Description: <input type="text" name="txtGroupDescription" value="{$groupRow['group_description']}" />
\t\t\t\t\t<input type="submit" name="btnSaveGroupProperties" value="Save Group Properties" />
\t\t\t\t</form>
\t\t\t</fieldset>
\t\t\t<br />
\t\t\t<fieldset style="padding: 8px">
\t\t\t\t<legend>{$ICONS['User Groups']['small']}Existing Users in Group:</legend>
GROUPEDITFORM;
$userCount = mysql_num_rows($userResult);
global $urlRequestRoot, $cmsFolder, $templateFolder, $sourceFolder;
$deleteImage = "<img src=\"{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16/actions/edit-delete.png\" alt=\"Remove user from the group\" title=\"Remove user from the group\" />";
for ($i = 0; $i < $userCount; $i++) {
$isntAssociatedWithForm = $groupRow['form_id'] == 0;
if ($isntAssociatedWithForm) {
$groupEditForm .= '<a onclick="return confirm(\'Are you sure you wish to remove this user from this group?\')" href="./+admin&subaction=editgroups&subsubaction=deleteuser&groupname=' . $groupRow['group_name'] . '&useremail=' . $userEmails[$i] . '">' . $deleteImage . "</a>";
}
$groupEditForm .= " {$userEmails[$i]} - {$userFullnames[$i]}<br />\n";
}
$associateForm = '';
if ($groupRow['form_id'] == 0) {
$associableForms = getAssociableFormsList($currentUserId, !isGroupEmpty($groupId));
$associableFormCount = count($associableForms);
$associableFormsBox = '<select name="selFormPath">';
for ($i = 0; $i < $associableFormCount; ++$i) {
$associableFormsBox .= '<option value="' . $associableForms[$i][2] . '">' . $associableForms[$i][1] . ' - ' . $associableForms[$i][2] . '</option>';
}
$associableFormsBox .= '</select>';
$associateForm = <<<GROUPASSOCIATEFORM
\t\t\tSelect a form to associate the group with: {$associableFormsBox}
\t\t\t<input type="submit" name="btnAssociateGroup" value="Associate Group with Form" />
GROUPASSOCIATEFORM;
} else {
$associatedFormPageId = getPageIdFromModuleComponentId('form', $groupRow['form_id']);
$associateForm = 'This group is currently associated with the form: ' . getPageTitle($associatedFormPageId) . ' (' . getPagePath($associatedFormPageId) . ')<br />' . '<input type="submit" name="btnUnassociateGroup" value="Unassociate" />';
}
$groupEditForm .= '</fieldset>';
if ($groupRow['form_id'] == 0) {
$groupEditForm .= <<<GROUPEDITFORM
\t\t\t\t<br />
\t\t\t\t<fieldset style="padding: 8px">
\t\t\t\t\t<legend>{$ICONS['Add']['small']}Add Users to Group</legend>
\t\t\t\t\t<form name="addusertogroup" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
\t\t\t\t\t\tEmail ID: <input type="text" name="txtUserEmail" id="txtUserEmail" value="" style="width: 256px" autocomplete="off" />
\t\t\t\t\t\t<div id="suggestionDiv" class="suggestionbox"></div>
\t\t\t\t\t\t<script language="javascript" type="text/javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js"></script>
\t\t\t\t\t\t<script language="javascript" type="text/javascript">
\t\t\t\t\t\t<!--
\t\t\t\t\t\t\tvar addUserBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionDiv'), "./+admin&doaction=getsuggestions&forwhat=%pattern%");
\t\t\t\t\t\t\taddUserBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t-->
\t\t\t\t\t\t</script>
\t\t\t\t\t\t<input type="submit" name="btnAddUserToGroup" value="Add User to Group" />
\t\t\t\t\t</form>
\t\t\t\t</fieldset>
GROUPEDITFORM;
}
$groupEditForm .= <<<GROUPEDITFORM
\t\t\t<br />
\t\t\t<fieldset style="padding: 8px">
\t\t\t\t<legend>{$ICONS['Group Associate Form']['small']}Associate With Form</legend>
\t\t\t\t<form name="groupassociationform" action="./+admin&subaction=editgroups&subsubaction=associateform&groupname={$groupRow['group_name']}" method="POST">
\t\t\t\t\t{$associateForm}
\t\t\t\t</form>
\t\t\t</fieldset>
GROUPEDITFORM;
return $groupEditForm;
}
if ($subAction == 'editgrouppriorities') {
$modifiableCount = count($modifiableGroups);
$userMaxPriority = $maxPriorityGroup = 1;
if ($modifiableCount != 0) {
$userMaxPriority = max($modifiableGroups[0]['group_priority'], $modifiableGroups[$modifiableCount - 1]['group_priority']);
$maxPriorityGroup = $modifiableGroups[0]['group_priority'] > $modifiableGroups[$modifiableCount - 1]['group_priority'] ? $modifiableGroups[0]['group_id'] : $modifiableGroups[$modifiableCount - 1]['group_id'];
}
if (isset($_GET['dowhat']) && !is_null($groupId)) {
if ($_GET['dowhat'] == 'incrementpriority' || $_GET['dowhat'] == 'decrementpriority') {
shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'incrementpriority' ? 'up' : 'down', $userMaxPriority, true);
} elseif ($_GET['dowhat'] == 'movegroupup' || $_GET['dowhat'] == 'movegroupdown') {
shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'movegroupup' ? 'up' : 'down', $userMaxPriority, false);
} elseif ($_GET['dowhat'] == 'emptygroup') {
emptyGroup($groupRow['group_name']);
} elseif ($_GET['dowhat'] == 'deletegroup') {
if (deleteGroup($groupRow['group_name'])) {
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
$modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
}
}
$modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
} elseif (isset($_GET['dowhat']) && $_GET['dowhat'] == 'addgroup') {
if (isset($_POST['txtGroupName']) && isset($_POST['txtGroupDescription']) && isset($_POST['selGroupPriority'])) {
$existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_name` = '" . escape($_POST['txtGroupName']) . "'";
$existsResult = mysql_query($existsQuery);
if (trim($_POST['txtGroupName']) == '') {
displayerror('Cannot create a group with an empty name. Please type in a name for the new group.');
} elseif (mysql_num_rows($existsResult) >= 1) {
displayerror('A group with the name you specified already exists.');
} else {
$idQuery = 'SELECT MAX(`group_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
$idResult = mysql_query($idQuery);
$idRow = mysql_fetch_row($idResult);
$newGroupId = 2;
if (!is_null($idRow[0])) {
$newGroupId = $idRow[0] + 1;
}
$newGroupPriority = 1;
if ($_POST['selGroupPriority'] <= $userMaxPriority && $_POST['selGroupPriority'] > 0) {
$newGroupPriority = escape($_POST['selGroupPriority']);
}
$addGroupQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'groups` (`group_id`, `group_name`, `group_description`, `group_priority`) ' . "VALUES({$newGroupId}, '" . escape($_POST['txtGroupName']) . "', '" . escape($_POST['txtGroupDescription']) . "', '{$newGroupPriority}')";
$addGroupResult = mysql_query($addGroupQuery);
if ($addGroupResult) {
displayinfo('New group added successfully.');
if (isset($_POST['chkAddMe'])) {
$insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . "usergroup`(`user_id`, `group_id`) VALUES ('{$currentUserId}', '{$newGroupId}')";
if (!mysql_query($insertQuery)) {
displayerror('Error adding user to newly created group: ' . $insertQuery . '<br />' . mysql_query());
}
}
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
$modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
} else {
displayerror('Could not run MySQL query. New group could not be added.');
}
}
}
$modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
}
$modifiableCount = count($modifiableGroups);
if ($modifiableGroups[0]['group_priority'] < $modifiableGroups[$modifiableCount - 1]['group_priority']) {
$modifiableGroups = array_reverse($modifiableGroups);
}
$previousPriority = $modifiableGroups[0]['group_priority'];
global $cmsFolder, $urlRequestRoot, $moduleFolder, $templateFolder, $sourceFolder;
$iconsFolderUrl = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16";
$moveUpImage = '<img src="' . $iconsFolderUrl . '/actions/go-up.png" title="Increment Group Priority" alt="Increment Group Priority" />';
$moveDownImage = '<img src="' . $iconsFolderUrl . '/actions/go-down.png" alt="Decrement Group Priority" title="Decrement Group Priority" />';
$moveTopImage = '<img src="' . $iconsFolderUrl . '/actions/go-top.png" alt="Move to next higher priority level" title="Move to next higher priority level" />';
$moveBottomImage = '<img src="' . $iconsFolderUrl . '/actions/go-bottom.png" alt="Move to next lower priority level" title="Move to next lower priority level" />';
$emptyImage = '<img src="' . $iconsFolderUrl . '/actions/edit-clear.png" alt="Empty Group" title="Empty Group" />';
$deleteImage = '<img src="' . $iconsFolderUrl . '/actions/edit-delete.png" alt="Delete Group" title="Delete Group" />';
$groupsForm = '<h3>Edit Group Priorities</h3><br />';
for ($i = 0; $i < $modifiableCount; $i++) {
if ($modifiableGroups[$i]['group_priority'] != $previousPriority) {
$groupsForm .= '<br /><br /><hr /><br />';
}
$groupsForm .= '<span style="margin: 4px;" title="' . $modifiableGroups[$i]['group_description'] . '">' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=incrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveUpImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=decrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveDownImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveTopImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupdown&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveBottomImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to empty this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=emptygroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $emptyImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to delete this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=deletegroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $deleteImage . '</a>' . '<a href="./+admin&subaction=editgroups&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . "</a></span>\n";
$previousPriority = $modifiableGroups[$i]['group_priority'];
}
$priorityBox = '<option value="1">1</option>';
for ($i = 2; $i <= $userMaxPriority; ++$i) {
$priorityBox .= '<option value="' . $i . '">' . $i . '</option>';
}
$groupsForm .= <<<GROUPSFORM
\t\t<br /><br />
\t\t<fieldset style="padding: 8px">
\t\t\t<legend>Create New Group:</legend>
\t\t\t<form name="groupaddform" method="POST" action="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=addgroup">
\t\t\t\t<label>Group Name: <input type="text" name="txtGroupName" value="" /></label><br />
\t\t\t\t<label>Group Description: <input type="text" name="txtGroupDescription" value="" /></label><br />
\t\t\t\t<label>Group Priority: <select name="selGroupPriority">{$priorityBox}</select><br />
\t\t\t\t<label><input type="checkbox" name="chkAddMe" value="addme" /> Add me to group</label><br />
\t\t\t\t<input type="submit" name="btnAddNewGroup" value="Add Group" />
\t\t\t</form>
\t\t</fieldset>
GROUPSFORM;
return $groupsForm;
}
$modifiableCount = count($modifiableGroups);
$groupsBox = '<select name="selEditGroups">';
for ($i = 0; $i < $modifiableCount; ++$i) {
$groupsBox .= '<option value="' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . ' - ' . $modifiableGroups[$i]['group_description'] . "</option>\n";
}
$groupsBox .= '</select>';
$groupsForm = <<<GROUPSFORM
\t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups">
\t\t\t{$groupsBox}
\t\t\t<input type="submit" name="btnEditGroup" value="Edit Selected Group" /><br /><br />
\t\t\t<input type="submit" name="btnEditGroupPriorities" value="Add/Shuffle/Remove Groups" />
\t\t</form>
GROUPSFORM;
return $groupsForm;
}
private static function isInternalUserRegistered($userId, $moduleComponentId, $testGroups = true)
{
$userExistsQuery = "SELECT COUNT(*) FROM `newsletter_users` WHERE `page_modulecomponentid` = {$moduleComponentId} AND `newsletter_subscriptiontype` = 'group'";
$userExistsResult = mysql_query($userExistsQuery);
if ($userExistsRow = mysql_fetch_row($userExistsResult)) {
if ($userExistsRow[0] == 1) {
return true;
}
}
if ($testGroups) {
$userGroups = getGroupIds($userId);
$usergroupTable = MYSQL_DATABASE_PREFIX . 'usergroup';
$groupsQuery = "SELECT COUNT(*) FROM `newsletter_users`, `{$usergroupTable}` WHERE `newsletter_users`.`page_modulecomponentid` = {$moduleComponentId} AND `newsletter_users`.`newsletter_subscriptiontype` = 'group' " . "AND `{$usergroupTable}`.`user_id` = {$userId} AND `newsletter_users`.`usergroup_id` = `{$usergroupTable}`.`group_id`";
$groupsResult = mysql_query($groupsQuery);
if ($groupsResultRow = mysql_fetch_row($groupsResult)) {
if ($groupsResultRow[0] > 0) {
return true;
}
}
}
return false;
}
public function __construct($pageId, $userId, $action, $module, $showLinks = false)
{
$groups = getGroupIds($userId);
$permSet = array_fill(0, count($groups) + 1, 'U');
$permId = getPermissionId($module, $action);
if ($permId < 0) {
return;
}
$this->rootNode = new DirectoryTreeNode($pageId, $userId, $groups, $permId, $permSet, $showLinks);
}
