示例#1
0
                        }
                    }
                    break;
                case 'delgroup':
                    if ($_SESSION['session_user_level'] >= K_AUTH_DELETE_GROUPS and $new_group_id > 0 and F_isAuthorizedEditorForGroup($new_group_id)) {
                        $sql = 'DELETE FROM ' . K_TABLE_USERGROUP . '
							WHERE usrgrp_user_id=' . $user_id . '
								AND usrgrp_group_id=' . $new_group_id . '';
                        if (!($r = F_db_query($sql, $db))) {
                            F_display_db_error();
                        }
                    }
                    break;
                case 'move':
                    if ($_SESSION['session_user_level'] >= K_AUTH_MOVE_GROUPS and isset($from_group_id) and $from_group_id > 0 and F_isAuthorizedEditorForGroup($from_group_id) and isset($to_group_id) and $to_group_id > 0 and F_isAuthorizedEditorForGroup($to_group_id)) {
                        $groups = F_get_user_groups($user_id);
                        if (!in_array($to_group_id, $groups)) {
                            $sql = 'UPDATE ' . K_TABLE_USERGROUP . ' SET
								usrgrp_group_id=' . $to_group_id . '
								WHERE usrgrp_user_id=' . $user_id . '
									AND usrgrp_group_id=' . $from_group_id . '
								LIMIT 1';
                            if (!($r = F_db_query($sql, $db))) {
                                F_display_db_error();
                            }
                        } else {
                            $sql = 'DELETE FROM ' . K_TABLE_USERGROUP . '
							WHERE usrgrp_user_id=' . $user_id . '
								AND usrgrp_group_id=' . $from_group_id . '';
                            if (!($r = F_db_query($sql, $db))) {
                                F_display_db_error();
    /**
     * Sets the end element handler function for the XML parser parser.end_element_handler.
     * @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler.
     * @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters.
     * @private
     */
    private function endElementHandler($parser, $name)
    {
        global $l, $db;
        require_once '../config/tce_config.php';
        require_once 'tce_functions_user_select.php';
        switch (strtolower($name)) {
            case 'name':
            case 'password':
            case 'email':
            case 'regdate':
            case 'ip':
            case 'firstname':
            case 'lastname':
            case 'birthdate':
            case 'birthplace':
            case 'regnumber':
            case 'ssn':
            case 'level':
            case 'verifycode':
                $this->current_data = F_escape_sql(F_xml_to_text($this->current_data));
                $this->user_data[$this->current_element] = $this->current_data;
                $this->current_element = '';
                $this->current_data = '';
                break;
            case 'group':
                $group_name = F_escape_sql(F_xml_to_text($this->current_data));
                // check if group already exist
                $sql = 'SELECT group_id
					FROM ' . K_TABLE_GROUPS . '
					WHERE group_name=\'' . $group_name . '\'
					LIMIT 1';
                if ($r = F_db_query($sql, $db)) {
                    if ($m = F_db_fetch_array($r)) {
                        // the group has been already added
                        $this->group_data[] = $m['group_id'];
                    } else {
                        // add new group
                        $sqli = 'INSERT INTO ' . K_TABLE_GROUPS . ' (
							group_name
							) VALUES (
							\'' . $group_name . '\'
							)';
                        if (!($ri = F_db_query($sqli, $db))) {
                            F_display_db_error(false);
                        } else {
                            $this->group_data[] = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id');
                        }
                    }
                } else {
                    F_display_db_error();
                }
                break;
            case 'user':
                // insert users
                if (!empty($this->user_data['user_name'])) {
                    if (empty($this->user_data['user_regdate'])) {
                        $this->user_data['user_regdate'] = date(K_TIMESTAMP_FORMAT);
                    }
                    if (empty($this->user_data['user_ip'])) {
                        $this->user_data['user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
                    }
                    if (!isset($this->user_data['user_level']) or strlen($this->user_data['user_level']) == 0) {
                        $this->user_data['user_level'] = 1;
                    }
                    if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
                        // you cannot edit a user with a level equal or higher than yours
                        $this->user_data['user_level'] = min(max(0, $_SESSION['session_user_level'] - 1), $this->user_data['user_level']);
                        // non-administrator can access only to his/her groups
                        if (empty($this->group_data)) {
                            break;
                        }
                        $common_groups = array_intersect(F_get_user_groups($_SESSION['session_user_id']), $this->group_data);
                        if (empty($common_groups)) {
                            break;
                        }
                    }
                    // check if user already exist
                    $sql = 'SELECT user_id,user_level
						FROM ' . K_TABLE_USERS . '
						WHERE user_name=\'' . $this->user_data['user_name'] . '\'
							OR user_regnumber=\'' . $this->user_data['user_regnumber'] . '\'
							OR user_ssn=\'' . $this->user_data['user_ssn'] . '\'
						LIMIT 1';
                    if ($r = F_db_query($sql, $db)) {
                        if ($m = F_db_fetch_array($r)) {
                            // the user has been already added
                            $user_id = $m['user_id'];
                            if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR or $_SESSION['session_user_level'] > $m['user_level']) {
                                //update user data
                                $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET
									user_regdate=\'' . $this->user_data['user_regdate'] . '\',
									user_ip=\'' . $this->user_data['user_ip'] . '\',
									user_name=\'' . $this->user_data['user_name'] . '\',
									user_email=' . F_empty_to_null($this->user_data['user_email']) . ',';
                                // update password only if it is specified
                                if (!empty($this->user_data['user_password'])) {
                                    $sqlu .= ' user_password=\'' . md5($this->user_data['user_password']) . '\',';
                                }
                                $sqlu .= '
									user_regnumber=' . F_empty_to_null($this->user_data['user_regnumber']) . ',
									user_firstname=' . F_empty_to_null($this->user_data['user_firstname']) . ',
									user_lastname=' . F_empty_to_null($this->user_data['user_lastname']) . ',
									user_birthdate=' . F_empty_to_null($this->user_data['user_birthdate']) . ',
									user_birthplace=' . F_empty_to_null($this->user_data['user_birthplace']) . ',
									user_ssn=' . F_empty_to_null($this->user_data['user_ssn']) . ',
									user_level=\'' . $this->user_data['user_level'] . '\',
									user_verifycode=' . F_empty_to_null($this->user_data['user_verifycode']) . '
									WHERE user_id=' . $user_id . '';
                                if (!($ru = F_db_query($sqlu, $db))) {
                                    F_display_db_error(false);
                                    return FALSE;
                                }
                            } else {
                                // no user is updated, so empty groups
                                $this->group_data = array();
                            }
                        } else {
                            // add new user
                            $sqlu = 'INSERT INTO ' . K_TABLE_USERS . ' (
								user_regdate,
								user_ip,
								user_name,
								user_email,
								user_password,
								user_regnumber,
								user_firstname,
								user_lastname,
								user_birthdate,
								user_birthplace,
								user_ssn,
								user_level,
								user_verifycode
								) VALUES (
								' . F_empty_to_null($this->user_data['user_regdate']) . ',
								\'' . $this->user_data['user_ip'] . '\',
								\'' . $this->user_data['user_name'] . '\',
								' . F_empty_to_null($this->user_data['user_email']) . ',
								\'' . md5($this->user_data['user_password']) . '\',
								' . F_empty_to_null($this->user_data['user_regnumber']) . ',
								' . F_empty_to_null($this->user_data['user_firstname']) . ',
								' . F_empty_to_null($this->user_data['user_lastname']) . ',
								' . F_empty_to_null($this->user_data['user_birthdate']) . ',
								' . F_empty_to_null($this->user_data['user_birthplace']) . ',
								' . F_empty_to_null($this->user_data['user_ssn']) . ',
								\'' . $this->user_data['user_level'] . '\',
								' . F_empty_to_null($this->user_data['user_verifycode']) . '
								)';
                            if (!($ru = F_db_query($sqlu, $db))) {
                                F_display_db_error(false);
                                return FALSE;
                            } else {
                                $user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id');
                            }
                        }
                    } else {
                        F_display_db_error(false);
                        return FALSE;
                    }
                    // user's groups
                    if (!empty($this->group_data)) {
                        while (list($key, $group_id) = each($this->group_data)) {
                            // check if user-group already exist
                            $sqls = 'SELECT *
								FROM ' . K_TABLE_USERGROUP . '
								WHERE usrgrp_group_id=\'' . $group_id . '\'
									AND usrgrp_user_id=\'' . $user_id . '\'
								LIMIT 1';
                            if ($rs = F_db_query($sqls, $db)) {
                                if (!($ms = F_db_fetch_array($rs))) {
                                    // associate group to user
                                    $sqlg = 'INSERT INTO ' . K_TABLE_USERGROUP . ' (
										usrgrp_user_id,
										usrgrp_group_id
										) VALUES (
										' . $user_id . ',
										' . $group_id . '
										)';
                                    if (!($rg = F_db_query($sqlg, $db))) {
                                        F_display_db_error(false);
                                        return FALSE;
                                    }
                                }
                            } else {
                                F_display_db_error(false);
                                return FALSE;
                            }
                        }
                    }
                }
                break;
            default:
                break;
        }
    }