// start the session session_start(); require_once "classes/Db.class.php"; require_once "classes/General.class.php"; $db = new DB(); // create instance of DB class & set connection $general = new General(); // create instance of General class // check if user is logged in if (isset($_SESSION["userId"])) { //if($db->getLoggedIn() === true) { // save a session $sessionUserId = $_SESSION['userId']; // get user data to use them on any subpage // NOTE: pass here all parameters which need be used to get data from database $userData = $db->getUserData($sessionUserId, 'id', 'username', 'password', 'email'); //echo "<br>hi, " . $userData["username"]; //die(); header("Location: welcome.php"); exit; } /* Resource: PHP Tutorials, Error Handling, phpacademy, https://www.youtube.com/watch?v=-XvbXxqJ4xQ&list=PLE134D877783367C7&index=9 */ $errors = array(); if (!empty($_POST["logbtn"])) { // using '!empty' instead of 'isset' to exclude blank fields $username = $_POST["username"]; $password = $_POST["password"]; // sanitize variables for security
function listPrivileges() { // determine $_REQUEST['user_id'] and $_REQUEST['frm_user_id'] if (!$_REQUEST['user_id'] && $_REQUEST['frm_user_id']) { $_REQUEST['user_id'] = $_REQUEST['frm_user_id']; } else { $_REQUEST['frm_user_id'] = $_REQUEST['user_id']; } // determine $_REQUEST['user_group_id'] and $_REQUEST['frm_user_group_id'] if (!$_REQUEST['user_group_id'] && $_REQUEST['frm_user_group_id']) { $_REQUEST['user_group_id'] = $_REQUEST['frm_user_group_id']; } else { $_REQUEST['frm_user_group_id'] = $_REQUEST['user_group_id']; } // always clean up orphaned privileges first $queryCleanUpUser = "******"; $resultCleanUpUser = mysql_query($queryCleanUpUser); $queryCleanUpUserGroup = "DELETE FROM `privileges` WHERE `user_group_id` NOT IN (SELECT `user_group_id` FROM `user_groups`) AND `user_group_id` <> 0"; $resultCleanUpUserGroup = mysql_query($queryCleanUpUserGroup); #print_r($_REQUEST); #echo "<br><br>"; #print_r($_REQUEST['frm_module_id']); $this->conn = DB::dbConnect(); // insert module privilege(s) if (is_array($_REQUEST['frm_module_id']) && count($_REQUEST['frm_module_id']) > 0) { for ($i = 0; $i < count($_REQUEST['frm_module_id']); $i++) { if (!$_REQUEST['frm_user_id']) { $_REQUEST['frm_user_id'] = '0'; } if (!$_REQUEST['frm_user_group_id']) { $_REQUEST['frm_user_group_id'] = '0'; } $queryPrivInsert = "INSERT INTO `privileges` (`priv_id`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `user_id`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `user_group_id`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `module_id`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_list`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_add`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_edit`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_delete`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_view`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_execute`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_create_date`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_created_by`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_modify_date`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_modified_by`) \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . $_REQUEST['frm_user_id'] . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . $_REQUEST['frm_user_group_id'] . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . $_REQUEST['frm_module_id'][$i] . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(), \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($_SESSION['user']['login_name']) . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(), \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($_SESSION['user']['login_name']) . "')\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t "; $queryPrivUpdate = "UPDATE `privileges` SET `priv_list` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_add` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_edit` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_delete` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_view` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_execute` = 'no', \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_modify_date` = NOW(), \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_modified_by` = '" . mysql_real_escape_string($_SESSION['user']['login_name']) . "' \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE "; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { $queryPrivUpdate .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; $queryPrivUpdate .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { $queryPrivUpdate .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { $queryPrivUpdate .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } $queryPrivUpdate .= "AND `module_id` = '" . $_REQUEST['frm_module_id'][$i] . "' \n\t\t\t\t\t\t\t\t\t LIMIT 1"; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { if (ADMIN::isModulePrivilegeExist($_REQUEST['frm_user_id'], $_REQUEST['frm_module_id'][$i], 'user') == '0' && ADMIN::isModulePrivilegeExist($_REQUEST['frm_user_group_id'], $_REQUEST['frm_module_id'][$i], 'group') == '0') { $resultPrivInsert = mysql_query($queryPrivInsert); #echo "<br />" . $queryPrivInsert . "#1<br /><br />"; } else { $resultPrivUpdate = mysql_query($queryPrivUpdate); #echo "<br />" . $queryPrivUpdate . "#1<br /><br />"; } } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { if (ADMIN::isModulePrivilegeExist($_REQUEST['frm_user_id'], $_REQUEST['frm_module_id'][$i], 'user') == '0') { $resultPrivInsert = mysql_query($queryPrivInsert); #echo "<br />" . $queryPrivInsert . "#2<br /><br />"; } else { $resultPrivUpdate = mysql_query($queryPrivUpdate); #echo "<br />" . $queryPrivUpdate . "#2<br /><br />"; } } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { if (ADMIN::isModulePrivilegeExist($_REQUEST['frm_user_group_id'], $_REQUEST['frm_module_id'][$i], 'group') == '0') { $resultPrivInsert = mysql_query($queryPrivInsert); #echo "<br />" . $queryPrivInsert . "#3<br /><br />"; } else { $resultPrivUpdate = mysql_query($queryPrivUpdate); #echo "<br />" . $queryPrivUpdate . "#3<br /><br />"; } } } } // save add privileges updates if (is_array($_REQUEST['frm_priv_add']) && count($_REQUEST['frm_priv_add']) > 0) { foreach ($_REQUEST['frm_priv_add'] as $moduleID => $value) { $queryPrivAdd = "UPDATE `privileges` SET `priv_add` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND "; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { $queryPrivAdd .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; $queryPrivAdd .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { $queryPrivAdd .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { $queryPrivAdd .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } $queryPrivAdd .= "LIMIT 1"; $resultPrivAdd = mysql_query($queryPrivAdd); #echo $queryPrivAdd . "<br /><br />"; } } // save edit privileges updates if (is_array($_REQUEST['frm_priv_edit']) && count($_REQUEST['frm_priv_edit']) > 0) { foreach ($_REQUEST['frm_priv_edit'] as $moduleID => $value) { $queryPrivEdit = "UPDATE `privileges` SET `priv_edit` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND "; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { $queryPrivEdit .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; $queryPrivEdit .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { $queryPrivEdit .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { $queryPrivEdit .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } $queryPrivEdit .= "LIMIT 1"; $resultPrivEdit = mysql_query($queryPrivEdit); #echo $queryPrivEdit . "<br /><br />"; } } // save delete privileges updates if (is_array($_REQUEST['frm_priv_delete']) && count($_REQUEST['frm_priv_delete']) > 0) { foreach ($_REQUEST['frm_priv_delete'] as $moduleID => $value) { $queryPrivDelete = "UPDATE `privileges` SET `priv_delete` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND "; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { $queryPrivDelete .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; $queryPrivDelete .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { $queryPrivDelete .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { $queryPrivDelete .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } $queryPrivDelete .= "LIMIT 1"; $resultPrivDelete = mysql_query($queryPrivDelete); #echo $queryPrivDelete . "<br /><br />"; } } // save list privileges updates if (is_array($_REQUEST['frm_priv_list']) && count($_REQUEST['frm_priv_list']) > 0) { foreach ($_REQUEST['frm_priv_list'] as $moduleID => $value) { $queryPrivList = "UPDATE `privileges` SET `priv_list` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND "; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { $queryPrivList .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; $queryPrivList .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { $queryPrivList .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { $queryPrivList .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } $queryPrivList .= "LIMIT 1"; $resultPrivList = mysql_query($queryPrivList); #echo $queryPrivList . "<br /><br />"; } } // save view privileges updates if (is_array($_REQUEST['frm_priv_view']) && count($_REQUEST['frm_priv_view']) > 0) { foreach ($_REQUEST['frm_priv_view'] as $moduleID => $value) { $queryPrivView = "UPDATE `privileges` SET `priv_view` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND "; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { $queryPrivView .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; $queryPrivView .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { $queryPrivView .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { $queryPrivView .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } $queryPrivView .= "LIMIT 1"; $resultPrivView = mysql_query($queryPrivView); #echo $queryPrivView . "<br /><br />"; } } // save execute privileges updates if (is_array($_REQUEST['frm_priv_execute']) && count($_REQUEST['frm_priv_execute']) > 0) { foreach ($_REQUEST['frm_priv_execute'] as $moduleID => $value) { $queryPrivExecute = "UPDATE `privileges` SET `priv_execute` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND "; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { $queryPrivExecute .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; $queryPrivExecute .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { $queryPrivExecute .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { $queryPrivExecute .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } $queryPrivExecute .= "LIMIT 1"; $resultPrivExecute = mysql_query($queryPrivExecute); #echo "<br />" . $queryPrivExecute . "<br /><br />"; } } // privileges list $query = "SELECT * \n\t\t\t\t FROM `privileges` t1, `modules` t2 \n\t\t\t\t WHERE t2.`module_id` = t1.`module_id` \n\t\t\t\t AND "; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { $query .= " t1.`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; $query .= " AND t1.`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { $query .= " t1.`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { $query .= " t1.`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' AND t1.`user_id` = '0' "; } $query .= " ORDER BY `module_display` ASC"; // total $queryTotal = "SELECT COUNT(*) \n\t\t\t\t\t FROM `privileges` t1, `modules` t2 \n\t\t\t\t\t WHERE t2.`module_id` = t1.`module_id` \n\t\t\t\t\t AND "; if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) { $queryTotal .= "t1.`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; $queryTotal .= " AND t1.`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' "; } elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) { $queryTotal .= "t1.`user_id` = '" . $_REQUEST['frm_user_id'] . "' "; } elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) { $queryTotal .= "t1.`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' AND t1.`user_id` = '0' "; } $result = mysql_query($query, $this->conn); $resultTotal = mysql_query($queryTotal, $this->conn); $rowTotal = mysql_fetch_row($resultTotal); #echo $query . "<br /><br />"; #echo $queryTotal . "<br /><br />"; ?> <script type="text/javascript"> function getUserPrivileges(form) { var newIndex = form.frm_user_id.selectedIndex strURL = '<?php echo $_SERVER['PHP_SELF']; ?> ?frm_user_id=' + form.frm_user_id.options[newIndex].value window.location.assign( strURL ); } function getUserGroupPrivileges(form) { var newIndex = form.frm_user_group_id.selectedIndex strURL = '<?php echo $_SERVER['PHP_SELF']; ?> ?frm_user_group_id=' + form.frm_user_group_id.options[newIndex].value window.location.assign( strURL ); } </script> <?php $strResult = "<div align=\"center\"><h2 style=\"font-size:1.5em;\">Privileges List"; ?> <?php if ($_REQUEST['frm_user_id']) { $strResult .= ": User \"" . DB::dbIDToField('users', 'user_id', $_REQUEST['frm_user_id'], 'user_login_name') . "\""; } ?> <?php if ($_REQUEST['frm_user_group_id']) { $strResult .= ": Group \"" . DB::dbIDToField('user_groups', 'user_group_id', $_REQUEST['frm_user_group_id'], 'user_group_name') . "\""; } ?> <?php $strResult .= "</h2></div>"; ?> <div align="right"> <a class="btn" href="user_add.php" title="New User"><img src="<?php echo $STR_URL; ?> img/add_icon.png" /> New User</a> <a class="btn" href="user_group_add.php" title="New User Group"><img src="<?php echo $STR_URL; ?> img/add_icon.png" /> New User Group</a> <?php if ($_REQUEST['frm_user_id']) { ?> <a class="btn" href="user_edit.php?user_id=<?php echo $_REQUEST['frm_user_id']; ?> " title="Update User"><img src="<?php echo $STR_URL; ?> img/edit_icon.png" /> Edit</a> <a class="btn" href="user_delete.php?user_id=<?php echo $_REQUEST['frm_user_id']; ?> &action=delete" title="Delete User" onclick="return confirmDeleteUser(this.form)"><img src="<?php echo $STR_URL; ?> img/delete_icon.png" /> Delete</a> <?php } ?> <?php if ($_REQUEST['frm_user_group_id']) { ?> <a class="btn" href="user_group_edit.php?user_group_id=<?php echo $_REQUEST['frm_user_group_id']; ?> " title="Update User Group"><img src="<?php echo $STR_URL; ?> img/edit_icon.png" /> Edit</a> <a class="btn" href="user_group_delete.php?user_group_id=<?php echo $_REQUEST['frm_user_group_id']; ?> &action=delete" title="Delete User Group" onclick="return confirmDeleteUser(this.form)"><img src="<?php echo $STR_URL; ?> img/delete_icon.png" /> Delete</a> <?php } ?> </div> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?> " /> <div align="center"> <h2>Privileges <?php if ($_REQUEST['frm_user_id']) { echo ": \"" . DB::dbIDToField('users', 'user_id', $_REQUEST['frm_user_id'], 'user_login_name') . "\""; } ?> </h2> </div> <div style="background-color:#eee;padding:10px;-moz-border-radius: 5px; -webkit-border-radius: 5px;"> <p> Manage privileges by: <label for="frm_user_id"><strong>Username:</strong></label> <select name="frm_user_id" id="frm_user_id" onchange="return getUserPrivileges(this.form)"> <option value="">-- Please choose --</option> <?php $arrUsers = DB::getUserData('user'); ?> <?php foreach ($arrUsers as $id => $username) { ?> <option value="<?php echo $id; ?> "<?php if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_id'] == $id) { echo " selected"; } ?> ><?php echo stripslashes($username); ?> </option> <?php } ?> </select> * or <label for="frm_user_group_id"><strong>Group:</strong></label> <select name="frm_user_group_id" id="frm_user_group_id" onchange="return getUserGroupPrivileges(this.form)"> <option value="">-- Please choose --</option> <?php $arrUserGroups = DB::getUserGroupData(); ?> <?php foreach ($arrUserGroups as $id => $userGroupName) { ?> <?php if ($id !== 1) { ?> <option value="<?php echo $id; ?> "<?php if ($_REQUEST['frm_user_group_id'] && $_REQUEST['frm_user_group_id'] == $id) { echo " selected"; } ?> ><?php echo stripslashes($userGroupName['user_group_name']); ?> </option> <?php } ?> <?php } ?> </select> </p> </div> </div> <!-- end #box --> <script type="text/javascript"> var status = false function check_uncheck_all(form) { if (status == false) { for (i = 0; i < form.length; i++) { form[i].checked = true } status = true } else { for (i = 0; i < form.length; i++) { form[i].checked = false } status = false } } </script> <?php if ($_REQUEST['frm_user_id'] || $_REQUEST['frm_user_group_id']) { $strResult .= "\n\t\t\t<br />\n\t\t\t<div align=\"center\">\n\t\t\t<input class=\"btn\" type=\"submit\" name=\"submit\" value=\"Update Privileges\" onclick=\"return validateUserEdit(this.form)\" /> <input class=\"btn\" type=\"button\" value=\"Cancel\" onclick=\"history.go(-1)\" />\n\t\t\t</div>\t\t\t\n\t\t\t<br />\n\t\t\t<table class=\"table table-bordered table-hover\" summary=\"Privileges List\">\n\t\t\t<caption>Privileges List</caption>\n\t\t\t<thead>\n\t\t\t\t<tr>\n\t\t\t\t\t<th scope=\"col\" width=\"20\"><div align=\"center\"><input type=\"checkbox\" class=\"checkbox\" name=\"\" value=\"\" id=\"module_id\" onclick=\"this.value=check_uncheck_all(this.form.module_id)\"></div></th>\n\t\t\t\t\t<th scope=\"col\" width=\"20\"><div align=\"center\">No</div></th>\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Module Name</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Module ID</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Add</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Edit</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Delete</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. List</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. View</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Execute</div></th>\t\t\t\t\t\n\t\t\t\t</tr>\n\t\t\t</thead>\t\n\t\t\t\n\t\t\t<tbody>"; if ($rowTotal[0] > 0) { $no = 0; while ($row = mysql_fetch_assoc($result)) { $no++; $intID[] = $row['module_id']; $strResult .= "\n\t\t\t\t\t<tr "; if ($no % 2 == 0) { $strResult .= "class=\"odd\""; } $strResult .= ">\n\t\t\t\t\t\t<td><div align=\"center\"><input type=\"checkbox\" class=\"checkbox\" name=\"\" value=\"\" id=\"module_id\" onclick=\"this.value=check_uncheck_all(this.form.frm_priv_" . $row['module_id'] . ")\"></div></td>\n\t\t\t\t\t\t<td id=\"r" . $row['user_id'] . "\"><div align=\"right\">" . $no . ".</div></td>\n\t\t\t\t\t\t<td><div align=\"left\">" . stripslashes($row['module_display']) . "</div></td>\n\t\t\t\t\t\t<td><div align=\"right\">" . $row['module_id'] . "<input type=\"hidden\" name=\"frm_module_id[]\" value=\"" . $row['module_id'] . "\" /></div></td>\n\t\t\t\t\t\t<td><div align=\"center\">"; if ($row['module_file_name_add']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_add[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\""; if ($row['priv_add'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">"; if ($row['module_file_name_edit']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_edit[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\""; if ($row['priv_edit'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">"; if ($row['module_file_name_delete']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_delete[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\""; if ($row['priv_delete'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">"; if ($row['module_file_name_list']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_list[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\""; if ($row['priv_list'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">"; if ($row['module_file_name_view']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_view[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\""; if ($row['priv_view'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">"; if ($row['module_file_name_execute']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_execute[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\""; if ($row['priv_execute'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\t\t\t\t\t\t\n\t\t\t\t\t</tr>"; } } else { $strResult .= "<tr><td colspan=\"10\"><div align=\"center\">Found no data</div></td></tr>"; } $strResult .= "\n\t\t\t</tbody>\n\t\t\t<tfoot>\n\t\t\t\t<tr>\n\t\t\t\t\t<th scope=\"row\" colspan=\"2\">Total: " . $rowTotal[0] . "</th>\t\t\t\t\t\n\t\t\t\t\t<td colspan=\"8\"> </td>\n\t\t\t\t</tr>\n\t\t\t</tfoot>\n\t\t\t</table>\n\t\t\t<br /><br />\n\t\t\t<div align=\"center\">\n\t\t\t<input class=\"btn\" type=\"submit\" name=\"submit\" value=\"Update Privileges\" onclick=\"return validateUserEdit(this.form)\" /> <input type=\"button\" value=\"Cancel\" onclick=\"history.go(-1)\" />\n\t\t\t</div>\n\t\t\t"; } // Modules if ($_REQUEST['frm_user_id'] || $_REQUEST['frm_user_group_id']) { $queryModule = "SELECT * FROM `modules` WHERE "; if (is_array($intID) && count($intID) > 0) { $queryModule .= "`module_id` NOT IN ("; for ($i = 0; $i < count($intID); $i++) { $queryModule .= $intID[$i]; if ($i == count($intID) - 1) { $queryModule .= ""; } else { $queryModule .= ", "; } } $queryModule .= ") AND "; } $queryModule .= " `module_activate` = 'yes' ORDER BY `module_display` ASC"; $queryTotalModule = "SELECT COUNT(*) FROM `modules`\t\n\t\t\t\t\t\t\t\t WHERE "; if (is_array($intID) && count($intID) > 0) { $queryTotalModule .= " `module_id` NOT IN ("; for ($i = 0; $i < count($intID); $i++) { $queryTotalModule .= $intID[$i]; if ($i == count($intID) - 1) { $queryTotalModule .= ""; } else { $queryTotalModule .= ", "; } } $queryTotalModule .= ") AND "; } $queryTotalModule .= " `module_activate` = 'yes'"; } else { $queryModule = "SELECT * FROM `modules` ORDER BY `module_display` ASC"; $queryTotalModule = "SELECT COUNT(*) FROM `modules`"; } $resultModule = mysql_query($queryModule); $resultTotalModule = mysql_query($queryTotalModule); $rowTotalModule = mysql_fetch_row($resultTotalModule); if ($resultModule) { if ($rowTotalModule[0] > 0) { $strResult .= "\t\t\t\n\t\t\t\t<br />\n\t\t\t\t<table class=\"table table-bordered table-hover\" summary=\"Privileges List\">\n\t\t\t\t<caption>Modules List</caption>\n\t\t\t\t<thead>\n\t\t\t\t\t<tr>\t\t\t\t\t\n\t\t\t\t\t\t<th scope=\"col\" width=\"20\"><div align=\"center\"><input type=\"checkbox\" class=\"checkbox\" name=\"\" value=\"\" id=\"module_id\" onclick=\"this.value=check(this.form.module_id)\"></div></th>\n\t\t\t\t\t\t<th scope=\"col\" width=\"20\"><div align=\"center\">No</div></th>\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Module Name</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Module ID</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Add</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Edit</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Delete</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. List</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. View</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Execute</div></th>\t\t\t\t\t\t\n\t\t\t\t\t</tr>\n\t\t\t\t</thead>\t\n\t\t\t\t\n\t\t\t\t<tbody>"; $no = 0; while ($rowModule = mysql_fetch_assoc($resultModule)) { $no++; $strResult .= "\n\t\t\t\t\t\t<tr "; if ($no % 2 == 0) { $strResult .= "class=\"odd\""; } $strResult .= ">\n\t\t\t\t\t\t\t<td><div align=\"center\"><input type=\"checkbox\" class=\"checkbox\" name=\"\" value=\"\" id=\"module_id\" onclick=\"this.value=check_uncheck_all(this.form.frm_priv_" . $rowModule['module_id'] . ")\"></div></td>\n\t\t\t\t\t\t\t<td id=\"r" . $rowModule['user_id'] . "\"><div align=\"right\">" . $no . ".</div></td>\n\t\t\t\t\t\t\t<td><div align=\"left\">" . stripslashes($rowModule['module_display']) . "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"right\">" . $rowModule['module_id'] . "<input type=\"hidden\" name=\"frm_module_id[]\" value=\"" . $rowModule['module_id'] . "\" /></div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">"; if ($rowModule['module_file_name_add']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_add[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\""; if ($rowModule['priv_add'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">"; if ($rowModule['module_file_name_edit']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_edit[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\""; if ($rowModule['priv_edit'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">"; if ($rowModule['module_file_name_delete']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_delete[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\""; if ($rowModule['priv_delete'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">"; if ($rowModule['module_file_name_list']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_list[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\""; if ($rowModule['priv_list'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">"; if ($rowModule['module_file_name_view']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_view[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\""; if ($rowModule['priv_view'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">"; if ($rowModule['module_file_name_execute']) { $strResult .= "<input type=\"checkbox\" name=\"frm_priv_execute[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\""; if ($rowModule['priv_execute'] == 'yes') { $strResult .= " checked=\"checked\""; } $strResult .= " />"; } else { $strResult .= " "; } $strResult .= "</div></td>\n\t\t\t\t\t\t</tr>"; } $strResult .= "\n\t\t\t\t</tbody>\n\t\t\t\t<tfoot>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<th scope=\"row\" colspan=\"2\">Total: " . $rowTotalModule[0] . "</th>\t\t\t\t\t\n\t\t\t\t\t\t<td colspan=\"8\"> </td>\n\t\t\t\t\t</tr>\n\t\t\t\t</tfoot>\n\t\t\t\t</table>\n\t\t\t\t<br /><br />"; if ($_REQUEST['frm_user_id']) { $strResult .= "\n\t\t\t\t\t<div align=\"center\">\n\t\t\t\t\t<input class=\"btn\" type=\"submit\" name=\"submit\" value=\"Update User Privileges\" onclick=\"return validateUserEdit(this.form)\" /> <input type=\"button\" value=\"Cancel\" onclick=\"history.go(-1)\" />\n\t\t\t\t\t</div>\n\t\t\t\t\t"; } } } ?> <?php echo $strResult; ?> </form> <a class="btn" href="#content"><i class="icon-arrow-up"></i> Back to top</a> <?php // The Log $strLog = "View the Privileges List"; $queryLog = "INSERT INTO `logs` (`log_id`,\n\t\t\t\t\t\t\t\t\t\t`log_user`,\n\t\t\t\t\t\t\t\t\t\t`log_action`,\n\t\t\t\t\t\t\t\t\t\t`log_time`,\n\t\t\t\t\t\t\t\t\t\t`log_from`,\n\t\t\t\t\t\t\t\t\t\t`log_logout`)\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\tVALUES (NULL,\n\t\t\t\t\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($strLog) . "',\n\t\t\t\t\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "',\n\t\t\t\t\t\t\t\t\t\t'" . $_SESSION['user']['ip_address'] . "',\n\t\t\t\t\t\t\t\t\t\tNULL)"; $resultLog = mysql_query($queryLog); }