/** * Determines which permissions a user can grant, and to which groups and users on a given page * @param $userid User id of the user attempting to grant permissions * @param $pagepath Array containing the page ids of the nodes on the path to the given page * @param $modifiableGroups Buffer to store the groups the user can grant permissions to * @param $grantableActions Buffer to store the list of actions the user can grant permissions for * @return Boolean, indicating whether the function was successful */ function grantPermissions($userid, $pageid) { //serving change permission requests if (isset($_GET['doaction']) && $_GET['doaction'] == "changePerm") { $permtype = escape($_GET['permtype']); $pageid = escape($_GET['pageid']); $usergroupid = escape($_GET['usergroupid']); $permid = escape($_GET['permid']); $perm = escape($_GET['perm']); $flag = true; if ($perm == 'Y' || $perm == 'N') { if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) { if ($permission['perm_permission'] != $perm) { mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "userpageperm` SET `perm_permission` = '{$perm}' WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"); if (mysql_affected_rows() == 0) { $flag = false; } } } else { mysql_query("INSERT `" . MYSQL_DATABASE_PREFIX . "userpageperm`(`perm_type`, `page_id`, `usergroup_id`, `perm_id`, `perm_permission`) VALUES('{$permtype}','{$pageid}','{$usergroupid}','{$permid}','{$perm}')"); if (mysql_affected_rows() == 0) { $flag = false; } } } else { if ($permission = mysql_fetch_array(mysql_query("SELECT `perm_permission` FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"))) { mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "userpageperm` WHERE `perm_type` = '{$permtype}' AND `page_id` = '{$pageid}' AND `usergroup_id` = '{$usergroupid}' AND `perm_id` = '{$permid}'"); if (mysql_affected_rows() == 0) { $flag = false; } } } if ($flag) { echo "1"; } else { echo "0"; } disconnect(); exit; } //serving refresh permissions request if (isset($_GET['doaction']) && $_GET['doaction'] == 'getpermvars' && isset($_GET['pageid'])) { global $cmsFolder, $urlRequestRoot, $templateFolder; $pageid = escape($_GET['pageid']); if (mysql_fetch_array(mysql_query("SELECT `page_name` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageid}'"))) { $pagepath = array(); parseUrlDereferenced($pageid, $pagepath); $pageid = $pagepath[count($pagepath) - 1]; $groups = array_reverse(getGroupIds($userid)); $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue); if ($maxPriorityGroup == -1) { return 'You do not have the required permissions to view this page.'; } if ($virtue == 'user') { $grantableActions = getGroupPermissions($groups, $pagepath, $userid); } else { $grantableActions = getGroupPermissions($groups, $pagepath); } $actionCount = count($_POST['permission']); $checkedActions = array(); for ($i = 0; $i < $actionCount; $i++) { list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2); if (isset($_POST[$modTemp . $actTemp])) { if (isset($grantableActions[$modTemp])) { for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) { if ($grantableActions[$modTemp][$j][1] == $actTemp) { $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j]; break; } } } } } if (count($checkedActions) > 0) { $grantableActions = $checkedActions; } $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup); $modifiableGroupIds = array(0, 1); for ($i = 0; $i < count($modifiableGroups); $i++) { $modifiableGroupIds[] = $modifiableGroups[$i]['group_id']; } $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions); $ret = <<<RET pageid = {$pageid}; {$permissions} RET; echo $ret; } else { echo "Error: Invalid Pageid passed"; } disconnect(); exit; } global $cmsFolder, $urlRequestRoot; $pagepath = array(); parseUrlDereferenced($pageid, $pagepath); $pageid = $pagepath[count($pagepath) - 1]; $groups = array_reverse(getGroupIds($userid)); $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagepath, $userid, $groups, $virtue); if ($maxPriorityGroup == -1) { return 'You do not have the required permissions to view this page.'; } if ($virtue == 'user') { $grantableActions = getGroupPermissions($groups, $pagepath, $userid); } else { $grantableActions = getGroupPermissions($groups, $pagepath); } if (isset($_POST['permission'])) { $actionCount = count($_POST['permission']); } else { $actionCount = ""; } $checkedActions = array(); for ($i = 0; $i < $actionCount; $i++) { list($modTemp, $actTemp) = explode('_', escape($_POST['permission'][$i]), 2); if (isset($_POST[$modTemp . $actTemp])) { if (isset($grantableActions[$modTemp])) { for ($j = 0; $j < count($grantableActions[$modTemp]); $j++) { if ($grantableActions[$modTemp][$j][1] == $actTemp) { $checkedActions[$modTemp][] = $grantableActions[$modTemp][$j]; break; } } } } } if (count($checkedActions) > 0) { $grantableActions = $checkedActions; } $modifiableGroups = getModifiableGroups($userid, $maxPriorityGroup); $modifiableGroupIds = array(0, 1); for ($i = 0; $i < count($modifiableGroups); $i++) { $modifiableGroupIds[] = $modifiableGroups[$i]['group_id']; } $perms = json_encode(formatPermissions($grantableActions)); $permissions = formattedPermissions($pagepath, $modifiableGroupIds, $grantableActions); $groups = customGetGroups($maxPriorityGroup); $users = customGetAllUsers(); global $templateFolder; $smarttableconfig = array('permtable' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }'), 'permtable2' => array('sPaginationType' => 'two_button', 'bAutoWidth' => 'false', 'aoColumns' => '{ "sWidth": "100px" }')); $ret = smarttable::render(array('permtable', 'permtable2'), $smarttableconfig); $globals = getGlobalSettings(); $baseURL = "./+grant&doaction=changePerm"; if ($globals['url_rewrite'] == 'false') { $baseURL = prettyurl($baseURL); } $selected = "var selected = {'permissions' : [], 'users' : [], 'groups' : []};"; if (isset($_GET['doaction']) && $_GET['doaction'] == 'getUserPerm') { $get_selectedPerms = array(); $get_selectedGroups = array(); $get_selectedUsers = array(); foreach ($_POST as $key => $var) { if (substr($key, 0, 12) == "permissions_") { $get_selectedPerms[] = (int) substr($key, 12); } } list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions); $save = 0; foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) { $found = false; foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) { foreach ($get_selectedPerms as $selected_perm) { if ($selected_perm == $get_permId) { $get_selectedGroups[] = (int) $get_groupId; $found = true; } } if ($found) { break; } } if ($get_groupId == 0 && $found) { $save += 1; } if ($get_groupId == 1 && $found) { $save += 2; } } foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) { $found = false; foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) { foreach ($get_selectedPerms as $selected_perm) { if ($selected_perm == $get_permId) { $get_selectedUsers[] = (int) $get_userId; $found = true; } } if ($found) { break; } } } $get_selectedGroups = filterByPriority($maxPriorityGroup, $get_selectedGroups); if ($save % 2 == 1) { $get_selectedGroups[] = 0; } if ($save / 2 == 1) { $get_selectedGroups[] = 1; } $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};"; } if (isset($_GET['doaction']) && $_GET['doaction'] == 'getPermUser') { $get_selectedPerms = array(); $get_selectedGroups = array(); $get_selectedUsers = array(); foreach ($_POST as $key => $var) { if (substr($key, 0, 6) == "users_") { $get_selectedUsers[] = (int) substr($key, 6); } else { if (substr($key, 0, 7) == "groups_") { $get_selectedGroups[] = (int) substr($key, 7); } } } list($get_sortedGroupPerms, $get_sortedUserPerms) = getAllPermissionsOnPage($pagepath, $modifiableGroupIds, $grantableActions); $save = 0; foreach ($get_sortedGroupPerms['Y'] as $get_groupId => $get_data) { if (isPresent($get_groupId, $get_selectedGroups)) { foreach ($get_sortedGroupPerms['Y'][$get_groupId] as $get_permId) { if (!isPresent($get_permId, $get_selectedPerms)) { $get_selectedPerms[] = $get_permId; } } } } foreach ($get_sortedUserPerms['Y'] as $get_userId => $get_data) { if (isPresent($get_userId, $get_selectedUsers)) { foreach ($get_sortedUserPerms['Y'][$get_userId] as $get_permId) { if (!isPresent($get_permId, $get_selectedPerms)) { $get_selectedPerms[] = $get_permId; } } } } $selected = "var selected = {'permissions' : " . json_encode($get_selectedPerms) . ", 'users' : " . json_encode($get_selectedUsers) . ", 'groups' : " . json_encode($get_selectedGroups) . "};"; } $ret .= <<<RET <style type="text/css" title="currentStyle"> \tdiv#permtable_filter input { width: 90px; } \tdiv#permtable2_filter input { width: 90px; } </style> <script type="text/javascript" language="javascript" src="{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts/permissionsTable.js"></script> <script type="text/javascript"> var baseURL = "{$baseURL}"; var pageid = {$pageid}; var permissions = {$perms}; var permGroups; var permUsers; var groups = {{$groups}}; var users = {{$users}}; {$permissions} {$selected} </script> <div id='info'></div> <INPUT type=checkbox id='skipAlerts'> Skip Alerts <br> <div id='permTable'> </div> <table width=100%> <tr> <td width=50%> <a href='javascript:selectAll1()'>Select All</a> <a href='javascript:clearAll1()'>Clear All</a> <a href='javascript:toggle1()'>Toggle</a> <a href='javascript:getuserperm()'>Check Users having selected Permission</a><br> <form action='./+grant&doaction=getUserPerm' method="POST" id='getuserperm'> <table class="userlisttable display" id='permtable' name='permtable'><thead><tr><th>Permissions</th></thead><tbody id='actionsList'> </tbody></table> </form> </td> <td width=50%> <a href='javascript:selectAll2()'>Select All</a> <a href='javascript:clearAll2()'>Clear All</a> <a href='javascript:toggle2()'>Toggle</a> <a href='javascript:getpermuser()'>Check Permissions selected User is having</a><br> <form action='./+grant&doaction=getPermUser' method="POST" id='getpermuser'> <table class="userlisttable display" id='permtable2' name='permtable2'><thead><tr><th>Users</th></thead><tbody id='usersList'> </tbody></table> </form> </td> </tr> </table> <a href='javascript:populateList()'>Click here if the lists are empty</a> RET; global $STARTSCRIPTS; $STARTSCRIPTS .= " populateList();"; return $ret; }
function convertUrif($x, $attr) { $y = ""; $z = $x; $len = strlen($attr); if ($len != 0) { while (1) { $z = $x; $count = 0; if (strpos($x, $attr)) { $y .= substr($x, $count, strpos($x, $attr) + $len + 2); } else { $y .= substr($x, $count); } $count = strpos($x, $attr) + $len + 2; if ($count == $len + 2) { break; } $x = substr($x, $count - 1); if ($x[0] != '"' && $x[0] != "'") { $x = substr($x, 1); continue; } $x = substr($x, 1); //echo "<br>" . substr($x,0,strpos($x,"\"")) . " => " . prettyurl(substr($x,0,strpos($x,"\""))); $count1 = strpos($x, "\"") == -1 || !strpos($x, "\"") ? 10000 : strpos($x, "\""); $count2 = strpos($x, "'") == -1 || !strpos($x, "'") ? 10000 : strpos($x, "'"); $count = $count1 < $count2 ? $count1 : $count2; // echo substr($x,0,$count) ." => ". prettyurl(substr($x,0,$count)). "<br>"; $y .= prettyurl(substr($x, 0, $count)); $x = substr($x, $count); } } return $y; }