Пример #1
0
/**
 * admin gui for modifying user accounts.
 *
 * @param string id
 * @param mixed data
 * @param string action
 * @return string page output response
 */
function ewiki_page_liveuser_admin_users($id, $data, $action)
{
    global $liveuserAuthAdmin, $liveuserPermAdmin, $ewiki_plugins;
    ob_start();
    echo ewiki_make_title($id, $id, 2);
    // handle posted deletes or updates
    if (isset($_POST['submit_deleteusers']) || isset($_POST['submit_changeusers']) || isset($_POST['submit_adduserstogroup']) || isset($_POST['submit_removeusersfromgroup']) || isset($_POST['submit_changegroups'])) {
        foreach ($_POST as $key => $value) {
            list($prefix, $id) = explode('_', $key, 2);
            //get password status of current $id
            $username = $_POST['origname_' . $id];
            $pwdstatus = ewiki_get_uservar("passwdstatus", NULL, $username);
            // Remove a user
            if ($prefix == 'chk' && is_numeric($id) && $value == 'on' && isset($_POST['submit_deleteusers'])) {
                if (liveuser_removeEntity('user_id', $id)) {
                    echo '<p>User ' . $id . ' was successfully removed.</p>';
                } else {
                    echo '<p>Removal of user ' . $id . ' failed.</p>';
                }
            }
            // Add a user to a group
            if ($prefix == 'chk' && is_numeric($id) && $value == 'on' && isset($_POST['submit_adduserstogroup'])) {
                if (($group_id = liveuser_checkEntity('group', $_POST['grouplist'])) !== false) {
                    if (liveuser_checkGroupUser($group_id, $id) === false) {
                        if ($liveuserPermAdmin->addUserToGroup($id, $group_id)) {
                            echo '<p>User ' . $id . ' was successfully added to group ' . $_POST['grouplist'] . '.</p>';
                        } else {
                            echo '<p>Addition of user ' . $id . ' to group ' . $_POST['grouplist'] . ' failed.</p>';
                        }
                    } else {
                        echo '<p>User ' . $id . ' is already a member of group ' . $_POST['grouplist'] . '.</p>';
                    }
                } else {
                    echo '<p>Group ' . $_POST['grouplist'] . ' does not exist.</p>';
                }
            }
            // Remove a user from a group
            if ($prefix == 'chk' && is_numeric($id) && $value == 'on' && isset($_POST['submit_removeusersfromgroup'])) {
                if (($group_id = liveuser_checkEntity('group', $_POST['grouplist'])) !== false) {
                    if ($liveuserPermAdmin->removeUserFromGroup($id, liveuser_checkEntity('group', $_POST['grouplist']))) {
                        echo '<p>User ' . $id . ' was successfully removed from group ' . $_POST['grouplist'] . '.</p>';
                    } else {
                        echo '<p>Removal of user ' . $id . ' from group ' . $_POST['grouplist'] . ' failed.</p>';
                    }
                } else {
                    echo '<p>Group ' . $_POST['grouplist'] . ' does not exist.</p>';
                }
            }
            // Change the user name
            if ($prefix == 'chname' && is_numeric($id) && !empty($value) && $_POST['origname_' . $id] != $value && isset($_POST['submit_changeusers'])) {
                $event_log = '';
                if (liveuser_checkEntity('user', $value) === false) {
                    if ($liveuserAuthAdmin->updateUser($id, $value)) {
                        $event_log .= '<p>User ' . $value . ' was successfully updated.</p>';
                        if (isset($ewiki_plugins['uservars_store'][0])) {
                            if ($ewiki_plugins['uservars_store'][0]($ewiki_plugins['uservars_retrieve'][0]($_POST['origname_' . $id]), $value)) {
                                $event_log .= '<p>User data copied to ' . $value;
                                if ($ewiki_plugins['uservars_store'][0](array(), $_POST['origname_' . $id])) {
                                    $event_log .= ' and deleted from ' . $_POST['origname_' . $id];
                                } else {
                                    $event_log .= ' but not deleted from ' . $_POST['origname_' . $id];
                                }
                                $event_log .= '.</p>';
                            } else {
                                $event_log .= '<p>User data copy failed.</p>';
                            }
                        }
                    } else {
                        $event_log .= '<p>Update of user ' . $value . ' failed.</p>';
                    }
                } else {
                    $event_log .= '<p>Another user with the name ' . $value . ' already exists in the database. No change has been made.</p>';
                }
                echo $event_log;
                ewiki_log("Attempted to rename " . $_POST['origname_' . $id] . " to {$value}." . $event_log, 1);
            }
            // Change user variable
            if ($prefix == 'chuvar' && is_numeric($id) && !empty($value) && $_POST['origchuvar_' . $id] != $value && isset($_POST['submit_changeusers'])) {
                if (ewiki_set_uservar($_POST['uvar_fieldname'], $value, $username)) {
                    echo "<p>UserVar " . $_POST['uvar_fieldname'] . " successfully updated for {$username}</p>";
                } else {
                    echo "<p>Update of UserVar " . $_POST['uvar_fieldname'] . " for {$username} failed.</p>";
                }
            }
            if ($prefix == "radpw" && is_numeric($id) && !empty($value) && isset($_POST['submit_changeusers'])) {
                if ($value == "expire" && ($pwdstatus == 'good' || is_null($pwdstatus))) {
                    ewiki_set_uservar("passwdexpiredate", time(), $username);
                    ewiki_set_uservar("passwdstatus", 'expired', $username);
                } elseif ($value == "good" && ($pwdstatus == 'expired' || is_null($pwdstatus))) {
                    ewiki_set_uservar("passwdexpiredate", time() + 60 * 60 * 24 * EWIKI_PASSWD_LIFETIME, $username);
                    ewiki_set_uservar("passwdstatus", 'good', $username);
                }
            }
            if ($prefix == 'chkrandpw' && is_numeric($id) && !empty($value) && isset($_POST['submit_changeusers'])) {
                $password = liveuser_generate_password();
                if ($liveuserAuthAdmin->updateUser($id, $_POST['chname_' . $id], $password)) {
                    ewiki_set_uservar("passwdexpiredate", time() - 60 * 60 * 24 * EWIKI_PASSWD_LIFETIME, $username);
                    ewiki_set_uservar("passwdstatus", 'expired', $username);
                    echo '<p>Password for user ' . $_POST['chname_' . $id] . " was successfully updated to \"{$password}\" and set to expire in " . EWIKI_PASSWD_LIFETIME . "days.</p>";
                } else {
                    echo '<p>Update of password for user ' . $_POST['chname_' . $id] . ' failed.</p>';
                }
            }
            // Change the user's password
            if ($prefix == 'chpw' && is_numeric($id) && !empty($value) && isset($_POST['submit_changeusers'])) {
                // check for cracklib functions and validate against them if possible
                liveuser_admin_users_cracklib_check($_POST['chname_' . $id], $value);
                if ($liveuserAuthAdmin->updateUser($id, $_POST['chname_' . $id], $value)) {
                    ewiki_set_uservar("passwdexpiredate", time() - 60 * 60 * 24 * EWIKI_PASSWD_LIFETIME, $username);
                    ewiki_set_uservar("passwdstatus", 'expired', $username);
                    echo '<p>Password for user ' . $_POST['chname_' . $id] . ' was successfully updated and set to expire in ' . EWIKI_PASSWD_LIFETIME . 'days.</p>';
                } else {
                    echo '<p>Update of password for user ' . $_POST['chname_' . $id] . ' failed.</p>';
                }
            }
            // Remove a group
            if ($prefix == 'chkgroup' && is_numeric($id) && $value == 'on' && isset($_POST['submit_changegroups'])) {
                if (liveuser_removeEntity('group_id', $id)) {
                    echo '<p>Group ' . $id . ' was successfully deleted.</p>';
                } else {
                    echo '<p>Deletion of group ' . $id . ' failed.</p>';
                }
            }
            // Change group name
            if ($prefix == 'chgroupname' && is_numeric($id) && !empty($value) && $_POST['origgroupname_' . $id] != $value && isset($_POST['submit_changegroups'])) {
                if ($liveuserPermAdmin->updateGroup($id, $value)) {
                    echo '<p>Group ' . $value . ' was successfully updated.</p>';
                } else {
                    echo 'Update of group ' . $value . ' failed.</p>';
                }
            }
        }
    }
    // Add a user
    if (!empty($_POST['username_text']) && !empty($_POST['pw_text']) && isset($_POST['submit_adduser'])) {
        if (liveuser_checkEntity('user', $_POST['username_text']) === false) {
            // check for cracklib functions and validate against them if possible
            liveuser_admin_users_cracklib_check($_POST['chname_' . $id], $value);
            if (liveuser_addEntity('user', array($_POST['username_text'], $_POST['pw_text'])) !== false) {
                echo '<p>User ' . $_POST['username_text'] . ' was successfully created.</p>';
            } else {
                echo '<p>Creation of user ' . $_POST['username_text'] . ' failed.</p>';
            }
        } else {
            echo '<p>User ' . $_POST['username_text'] . ' already exists.</p>';
        }
    }
    // Add a lot of users and add them into groups
    if (!empty($_POST['usernames_text']) && isset($_POST['submit_addusers'])) {
        $newusers = explode("\n", $_POST['usernames_text']);
        foreach ($newusers as $newuser) {
            $newuser = trim($newuser);
            if (($auth_id = liveuser_checkEntity('user', $newuser)) === false) {
                if ($_POST["pwgen_addusers"] == "on") {
                    $password = liveuser_generate_password();
                } else {
                    $password = $newuser;
                }
                if (($auth_id = liveuser_addEntity('user', array($newuser, $password))) !== false) {
                    echo "<p>User {$newuser} was successfully created with password {$password}.</p>";
                } else {
                    echo '<p>Creation of user ' . $newuser . ' failed.</p>';
                }
            } else {
                echo '<p>User ' . $newuser . ' already exists.</p>';
            }
            if ($auth_id !== false && !empty($_POST['usernames_grouplist'])) {
                if (($group_id = liveuser_checkEntity('group', $_POST['usernames_grouplist'])) !== false) {
                    if (liveuser_checkGroupUser($group_id, $auth_id) === false) {
                        if ($liveuserPermAdmin->addUserToGroup($auth_id, $group_id)) {
                            echo '<p>User ' . $newuser . ' was successfully added to group ' . $_POST['usernames_grouplist'] . '.</p>';
                        } else {
                            echo '<p>Addition of user ' . $newuser . ' to group ' . $_POST['usernames_grouplist'] . ' failed.</p>';
                        }
                    } else {
                        echo '<p>User ' . $newuser . ' is already a member of group ' . $_POST['usernames_grouplist'] . '.</p>';
                    }
                } else {
                    echo '<p>Group ' . $_POST['usernames_grouplist'] . ' does not exist.</p>';
                }
            }
        }
    }
    // Add a group
    if (!empty($_POST['groupname_text']) && isset($_POST['submit_addgroup'])) {
        $group_id = liveuser_checkEntity('group', $_POST['groupname_text']);
        if ($group_id === false) {
            $group_const = 'LU_G_' . strtoupper($_POST['groupname_text']);
            $group_id = liveuser_addEntity('group', array($group_const, $_POST['groupname_text'], null, true));
            if ($group_id !== false) {
                echo '<p>Group ' . $_POST['groupname_text'] . ' was successfully created.</p>';
            } else {
                echo '<p>Creation of group ' . $_POST['groupname_text'] . ' failed.</p>';
            }
        } else {
            echo '<p>Group ' . $_POST['groupname_text'] . ' already exists.</p>';
        }
        if (isset($_POST['addright']) && $group_id !== false) {
            $right_id = liveuser_checkEntity('right', $_POST['groupname_text']);
            if ($right_id === false) {
                $right_const = 'LU_R_' . strtoupper($_POST['groupname_text']);
                $right_id = liveuser_addEntity('right', array(LU_AREA_LIVEWEB, $right_const, $_POST['groupname_text']));
                if ($right_id !== false) {
                    echo '<p>Right ' . $_POST['groupname_text'] . ' was successfully created.</p>';
                } else {
                    echo '<p>Creation of right ' . $_POST['groupname_text'] . ' failed.</p>';
                }
            } else {
                echo '<p>Right ' . $_POST['groupname_text'] . ' already exists.</p>';
            }
            if ($right_id !== false) {
                // check if group already has the right
                if (liveuser_checkGroupRight($group_id, $right_id)) {
                    echo 'Group ' . $_POST['groupname_text'] . ' already has right ' . $_POST['groupname_text'] . '.</p>';
                } else {
                    // attempt to assign right to group
                    if ($liveuserPermAdmin->grantGroupRight($group_id, $right_id, 1) === true) {
                        echo '<p>Right ' . $_POST['groupname_text'] . ' has been assigned to group ' . $_POST['groupname_text'] . '.</p>';
                    } else {
                        echo '<p>Assignment of right ' . $_POST['groupname_text'] . ' to group ' . $_POST['groupname_text'] . ' failed.</p>';
                    }
                }
            }
        }
    }
    // Show current table listing of pages and permissions
    $users = $liveuserAuthAdmin->getUsers();
    $groups = $liveuserPermAdmin->getGroups();
    //uservars based controls
    if (isset($ewiki_plugins['uservars_search'][0])) {
        if (isset($_REQUEST['search_fieldname'])) {
            //set fieldname variable
            $fieldname = $_REQUEST['search_fieldname'];
        }
        if (strlen($_REQUEST['search_fieldvalue'])) {
            //set fieldvalue variable
            $fieldvalue = $_REQUEST['search_fieldvalue'];
        }
        if (!empty($fieldname)) {
            $userdata = ewiki_search_uservar($fieldname, $fieldvalue);
            //get data for the given fieldname/fieldvalue combination
            //Remove non-matching users
            foreach ($users as $key => $user) {
                if (!isset($userdata[$user['handle']])) {
                    unset($users[$key]);
                }
            }
        }
        //Display search form
        ?>
      <form method="post" action="">
        <table>
          <tr><td>Field Name</td><td>
			<input type="text" name="search_fieldname" value="<?php 
        echo $fieldname;
        ?>
">
			</td></tr>
          <tr><td>Value</td><td>
			<input type="text" name="search_fieldvalue" value="<?php 
        echo $fieldvalue;
        ?>
">
			</td></tr>
        </table>
        <input value="Search" type="submit" name="submit_searchaccount" />
      </form>
      
      <?php 
    }
    if (is_array($users) && !empty($users)) {
        ?>
	    <form method="post" action="">
	    <h3>Edit Users</h3>
      <input type="hidden" name="uvar_fieldname" value="<?php 
        echo $fieldname;
        ?>
">
	    <table border="1">
	    <tr><th>Select</th><th>User ID</th><th>User Name<br />Password [Random]</th><th>Password Status</th><th>Groups</th>
        <?php 
        if (!empty($fieldname)) {
            ?>

    <th><?php 
            echo $fieldname;
            ?>
 			
		<input type="hidden" name="search_fieldname" value="<?php 
            echo $fieldname;
            ?>
">
		<input type="hidden" name="search_fieldvalue" value="<?php 
            echo $fieldvalue;
            ?>
">
		</th>
	<?php 
        }
        echo '</tr>';
        foreach ($users as $user) {
            ?>
                <tr>
                    <td><input name="chk_<?php 
            echo $user['auth_user_id'];
            ?>
" type="checkbox" /></td>
                    <td><?php 
            echo $user['auth_user_id'];
            ?>
</td>
                    <td>
                        <input id="chname_<?php 
            echo $user['auth_user_id'];
            ?>
" name="chname_<?php 
            echo $user['auth_user_id'];
            ?>
" type="text" value="<?php 
            echo $user['handle'];
            ?>
" />
                        <input name="origname_<?php 
            echo $user['auth_user_id'];
            ?>
" type="hidden" value="<?php 
            echo $user['handle'];
            ?>
"><br />
                        
                        <input id="chpw_<?php 
            echo $user['auth_user_id'];
            ?>
" name="chpw_<?php 
            echo $user['auth_user_id'];
            ?>
" type="text" value="" />
                        <input name="chkrandpw_<?php 
            echo $user['auth_user_id'];
            ?>
" type="checkbox" />
                        <?php 
            echo $liveuserAuthAdmin->encryptPW($user['handle']) == $user['passwd'] ? '<div class="warning">Password == User Name</div>' : '';
            ?>
                        
                    </td>
                    <td>
                    <?php 
            $good = '<input type="radio" name="radpw_' . $user["auth_user_id"] . '" value="good" CHECKED >Good<br />' . '<input type="radio" name="radpw_' . $user["auth_user_id"] . '" value="expire">Expired<br />';
            $expired = '<input type="radio" name="radpw_' . $user["auth_user_id"] . '" value="good">Good<br />' . '<input type="radio" name="radpw_' . $user["auth_user_id"] . '" value="expire" CHECKED >Expired<br />';
            echo ewiki_get_uservar("passwdstatus", 'good', $user['handle']) == 'good' ? $good : $expired;
            echo intval((ewiki_get_uservar("passwdexpiredate", time(), $user['handle']) - time()) / (60 * 60 * 24)) . " Days<br />";
            ?>
                    </td>
                    <td>
            <?php 
            foreach ($liveuserPermAdmin->getGroups(array('where_user_id' => $user['auth_user_id'])) as $group) {
                echo $group['name'] . '<br />';
            }
            ?>
                    </td>
                
            <?php 
            if (isset($userdata[$user['handle']])) {
                echo '<input id="origchuvar_' . $user['auth_user_id'] . '" name="origchuvar_' . $user['auth_user_id'] . '" type="hidden" value="' . $userdata[$user['handle']] . '">';
                echo '<td> <input id="chuvar_' . $user['auth_user_id'] . '" name="chuvar_' . $user['auth_user_id'] . '" type="text" value="' . $userdata[$user['handle']] . '" /></td>';
            }
            echo "</tr>";
        }
        ?>
            </table>
            <input type="reset" value="Reset" />
            <input type="submit" name="submit_deleteusers" value="Delete Selected" />
            <input type="submit" name="submit_changeusers" value="Submit Changes" />
        <?php 
        if (is_array($groups) && !empty($groups)) {
            ?>
                <br /><br /><label for="grouplist">Group</label>
                <select id="grouplist" name="grouplist">
            <?php 
            foreach ($groups as $group) {
                echo '<option value="' . $group['name'] . '">' . $group['name'] . '</option>';
            }
            ?>
                </select><br />
                <input type="submit" name="submit_adduserstogroup" value="Add Selected" />
                <input type="submit" name="submit_removeusersfromgroup" value="Remove Selected" />
            <?php 
        }
        echo '</form>';
    } else {
        ?>
            <h3>Edit Users</h3>
            <p>No users were found in the database.</p>
        <?php 
    }
    // Show Add a new user section
    ?>
	<form method="post" action="">
	<h3>Add a User</h3>
	<label for="username_text">User Name</label>
	<input id="username_text" name="username_text" type="text" /><br />
	<label for="pw_text">Password</label>
	<input id="pw_text" name="pw_text" type="text" /><br />
	<input type="submit" name="submit_adduser" value="Add User" />
	</form>
    <?php 
    // Show Add multiple users section
    ?>
	<form method="post" action="">
	<h3>Add Multiple Users</h3>
        <p>Insert one user name per line. This input will be processed as a 
        batch, and each user will be created with a password identical to his 
        user name or a randomly generated password if the "Generate Passwords" 
        box is checked.</p>
	<textarea id="usernames_text" name="usernames_text" rows="10" cols="25"></textarea>    
    <?php 
    if (is_array($groups) && !empty($groups)) {
        ?>
            <label for="usernames_grouplist">Groups</label>
            <select id="usernames_grouplist" name="usernames_grouplist" />
            <option value=""></option>
        <?php 
        foreach ($groups as $group) {
            echo '<option value="' . $group['name'] . '">' . $group['name'] . '</option>';
        }
        ?>
            </select>
        <?php 
    }
    ?>
        <p><input type="checkbox" name="pwgen_addusers" checked="checked"> Generate random passwords.</p>
        <input type="submit" name="submit_addusers" value="Add Users" />    
        </form>
    <?php 
    // Groups Section
    if (is_array($groups) && !empty($groups)) {
        ?>
	    <form method="post" action="">
	    <h3>Edit Groups</h3>
	    <table border="1">
	    <tr><th>Delete</th><th>Group ID</th><th>Group Name</th></tr>
        <?php 
        foreach ($groups as $group) {
            ?>
                <tr>
                    <td><input name="chkgroup_<?php 
            echo $group['group_id'];
            ?>
" type="checkbox" /></td>
                    <td><?php 
            echo $group['group_id'];
            ?>
</td>
                    <td>
                        <input name="chgroupname_<?php 
            echo $group['group_id'];
            ?>
" type="text" value="<?php 
            echo $group['name'];
            ?>
" />
                        <input name="origgroupname_<?php 
            echo $group['group_id'];
            ?>
" type="hidden" value="<?php 
            echo $group['name'];
            ?>
" />
                    </td>
                </tr>
            <?php 
        }
        ?>
            </table>
            <input type="reset" value="Reset" />
            <input name="submit_changegroups" type="submit" value="Submit Changes">
            </form>
        <?php 
    } else {
        ?>
            <h3>Edit Groups</h3>
            <p>No groups were found in the database.</p>
        <?php 
    }
    // Show Add a new group section
    ?>
	<form method="post" action="">
	<h3>Add a Group</h3>
        <p>When creating a group, you may choose to create a right with the group, which may then be applied to user accounts via the group. If the group already exists, this form will still attempt to link a right to it. If the right already exists and is not associated with the group, it will be assigned to the group.</p>
	<label for="groupname_text">Group Name</label>
	<input id="groupname_text" name="groupname_text" type="text"><br />
	<label for="addright">Add/Link Right</label>
	<input id="addright" name="addright" type="checkbox" checked="checked"><br />
	<input type="submit" name="submit_addgroup" value="Add Group" />
	</form>
    <?php 
    $o = ob_get_contents();
    ob_end_clean();
    return $o;
}
Пример #2
0
/**
 * admin gui for modifying LiveWeb rights
 *
 * @param string id
 * @param mixed data
 * @param string action
 * @return string page output response
 */
function ewiki_page_liveuser_admin_rights($id, $data, $action)
{
    global $liveuserPermAdmin;
    ob_start();
    echo ewiki_make_title($id, $id, 2);
    // handle posted updates and deletes
    if (isset($_POST['submit_changerights'])) {
        foreach ($_POST as $key => $value) {
            list($prefix, $id) = explode('_', $key, 2);
            if ($prefix == 'chk' && is_numeric($id) && $value == 'on') {
                if (liveuser_removeEntity('right_id', $id)) {
                    echo '<p>Right ' . $id . ' was successfully deleted.</p>';
                } else {
                    echo '<p>Deletion of right ' . $id . ' failed.</p>';
                }
            }
        }
    }
    // handle posted new rights
    if (isset($_POST['rightname_text']) && isset($_POST['submit_addright'])) {
        $right_id = liveuser_checkEntity('right', $_POST['rightname_text']);
        if ($right_id === false) {
            $right_const = 'LU_R_' . strtoupper($_POST['rightname_text']);
            $right_id = liveuser_addEntity('right', array(LU_AREA_LIVEWEB, $right_const, $_POST['rightname_text']));
            if ($right_id !== false) {
                echo '<p>Right ' . $_POST['rightname_text'] . ' was successfully created.</p>';
            } else {
                echo '<p>Creation of right ' . $_POST['rightname_text'] . ' failed.</p>';
            }
        } else {
            echo '<p>Right ' . $_POST['rightname_text'] . ' already exists.</p>';
        }
        if (isset($_POST['addgroup']) && $right_id !== false) {
            $group_id = liveuser_checkEntity('group', $_POST['rightname_text']);
            if ($group_id === false) {
                $group_const = 'LU_G_' . strtoupper($_POST['rightname_text']);
                $group_id = liveuser_addEntity('group', array($group_const, $_POST['rightname_text'], null, true));
                if ($group_id !== false) {
                    echo '<p>Group ' . $_POST['rightname_text'] . ' was successfully created.</p>';
                } else {
                    echo '<p>Creation of group ' . $_POST['rightname_text'] . ' failed.</p>';
                }
            } else {
                echo '<p>Group ' . $_POST['rightname_text'] . ' already exists.</p>';
            }
            if ($group_id !== false) {
                // check if group already has the right
                if (liveuser_checkGroupRight($group_id, $right_id)) {
                    echo 'Group ' . $_POST['rightname_text'] . ' already has right ' . $_POST['rightname_text'] . '.</p>';
                } else {
                    // attempt to assign right to group
                    if ($liveuserPermAdmin->grantGroupRight($group_id, $right_id, 1) === true) {
                        echo '<p>Right ' . $_POST['rightname_text'] . ' has been assigned to group ' . $_POST['rightname_text'] . '.</p>';
                    } else {
                        echo '<p>Assignment of right ' . $_POST['rightname_text'] . ' to group ' . $_POST['rightname_text'] . ' failed.</p>';
                    }
                }
            }
        }
    }
    // Show current table listing of rights
    $rights = $liveuserPermAdmin->getRights();
    if (is_array($rights) && !empty($rights)) {
        ?>
            <form method="post" action="">
            <h3>Edit Rights</h3>
            <table border="1">
            <tr><th>Delete</th><th>Right ID</th><th>Right</th></tr>
        <?php 
        foreach ($rights as $right) {
            ?>
                <tr>
                    <td><input name="chk_<?php 
            echo $right['right_id'];
            ?>
" type="checkbox" /></td>
                    <td><?php 
            echo $right['right_id'];
            ?>
</td>
                    <td><?php 
            echo $right['name'];
            ?>
</td>
                </tr>
            <?php 
        }
        ?>
            </table>
            <input type="reset" value="Reset" />
            <input name="submit_changerights" type="submit" value="Submit Changes" />
            </form>
        <?php 
    } else {
        ?>
            <h3>Edit Rights</h3>
            <p>No rights were found in the database.</p>
        <?php 
    }
    // Show Add a new right section
    ?>
        <form method="post" action="">
        <h3>Add a Right</h3>
        <p>When creating a right, you may choose to create a group with the right, which may then be applied to user accounts. If the right already exists, this form will still attempt to link a group to it. If the group already exists and does not have the right, the right will be assigned.</p>
        <label for="rightname_text">Right Name</label>
        <input id="rightname_text" name="rightname_text" type="text" /><br />
        <label for="addgroup">Add/Assign Group</label>
        <input id="addgroup" name="addgroup" type="checkbox" checked="checked" /><br />
        <input name="submit_addright" type="submit" value="Add Right" />
        </form>
    <?php 
    $o = ob_get_contents();
    ob_end_clean();
    return $o;
}