// start the session
session_start();
require_once "classes/Db.class.php";
require_once "classes/General.class.php";
$db = new DB();
// create instance of DB class & set connection
$general = new General();
// create instance of General class
// check if user is logged in
if (isset($_SESSION["userId"])) {
//if($db->getLoggedIn() === true) {
// save a session
$sessionUserId = $_SESSION['userId'];
// get user data to use them on any subpage
// NOTE: pass here all parameters which need be used to get data from database
$userData = $db->getUserData($sessionUserId, 'id', 'username', 'password', 'email');
//echo "<br>hi, " . $userData["username"];
//die();
header("Location: welcome.php");
exit;
}
/* Resource:
PHP Tutorials, Error Handling, phpacademy,
https://www.youtube.com/watch?v=-XvbXxqJ4xQ&list=PLE134D877783367C7&index=9
*/
$errors = array();
if (!empty($_POST["logbtn"])) {
// using '!empty' instead of 'isset' to exclude blank fields
$username = $_POST["username"];
$password = $_POST["password"];
// sanitize variables for security
function listPrivileges()
{
// determine $_REQUEST['user_id'] and $_REQUEST['frm_user_id']
if (!$_REQUEST['user_id'] && $_REQUEST['frm_user_id']) {
$_REQUEST['user_id'] = $_REQUEST['frm_user_id'];
} else {
$_REQUEST['frm_user_id'] = $_REQUEST['user_id'];
}
// determine $_REQUEST['user_group_id'] and $_REQUEST['frm_user_group_id']
if (!$_REQUEST['user_group_id'] && $_REQUEST['frm_user_group_id']) {
$_REQUEST['user_group_id'] = $_REQUEST['frm_user_group_id'];
} else {
$_REQUEST['frm_user_group_id'] = $_REQUEST['user_group_id'];
}
// always clean up orphaned privileges first
$queryCleanUpUser = "******";
$resultCleanUpUser = mysql_query($queryCleanUpUser);
$queryCleanUpUserGroup = "DELETE FROM `privileges` WHERE `user_group_id` NOT IN (SELECT `user_group_id` FROM `user_groups`) AND `user_group_id` <> 0";
$resultCleanUpUserGroup = mysql_query($queryCleanUpUserGroup);
#print_r($_REQUEST);
#echo "<br><br>";
#print_r($_REQUEST['frm_module_id']);
$this->conn = DB::dbConnect();
// insert module privilege(s)
if (is_array($_REQUEST['frm_module_id']) && count($_REQUEST['frm_module_id']) > 0) {
for ($i = 0; $i < count($_REQUEST['frm_module_id']); $i++) {
if (!$_REQUEST['frm_user_id']) {
$_REQUEST['frm_user_id'] = '0';
}
if (!$_REQUEST['frm_user_group_id']) {
$_REQUEST['frm_user_group_id'] = '0';
}
$queryPrivInsert = "INSERT INTO `privileges` (`priv_id`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `user_id`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `user_group_id`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `module_id`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_list`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_add`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_edit`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_delete`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_view`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_execute`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_create_date`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_created_by`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_modify_date`, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t `priv_modified_by`) \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tVALUES (NULL, \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . $_REQUEST['frm_user_id'] . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . $_REQUEST['frm_user_group_id'] . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . $_REQUEST['frm_module_id'][$i] . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(), \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($_SESSION['user']['login_name']) . "', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tNOW(), \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($_SESSION['user']['login_name']) . "')\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t ";
$queryPrivUpdate = "UPDATE `privileges` SET `priv_list` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_add` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_edit` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_delete` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_view` = 'no', \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_execute` = 'no', \t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_modify_date` = NOW(), \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t`priv_modified_by` = '" . mysql_real_escape_string($_SESSION['user']['login_name']) . "' \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE ";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
$queryPrivUpdate .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
$queryPrivUpdate .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
$queryPrivUpdate .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
$queryPrivUpdate .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
}
$queryPrivUpdate .= "AND `module_id` = '" . $_REQUEST['frm_module_id'][$i] . "' \n\t\t\t\t\t\t\t\t\t LIMIT 1";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
if (ADMIN::isModulePrivilegeExist($_REQUEST['frm_user_id'], $_REQUEST['frm_module_id'][$i], 'user') == '0' && ADMIN::isModulePrivilegeExist($_REQUEST['frm_user_group_id'], $_REQUEST['frm_module_id'][$i], 'group') == '0') {
$resultPrivInsert = mysql_query($queryPrivInsert);
#echo "<br />" . $queryPrivInsert . "#1<br /><br />";
} else {
$resultPrivUpdate = mysql_query($queryPrivUpdate);
#echo "<br />" . $queryPrivUpdate . "#1<br /><br />";
}
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
if (ADMIN::isModulePrivilegeExist($_REQUEST['frm_user_id'], $_REQUEST['frm_module_id'][$i], 'user') == '0') {
$resultPrivInsert = mysql_query($queryPrivInsert);
#echo "<br />" . $queryPrivInsert . "#2<br /><br />";
} else {
$resultPrivUpdate = mysql_query($queryPrivUpdate);
#echo "<br />" . $queryPrivUpdate . "#2<br /><br />";
}
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
if (ADMIN::isModulePrivilegeExist($_REQUEST['frm_user_group_id'], $_REQUEST['frm_module_id'][$i], 'group') == '0') {
$resultPrivInsert = mysql_query($queryPrivInsert);
#echo "<br />" . $queryPrivInsert . "#3<br /><br />";
} else {
$resultPrivUpdate = mysql_query($queryPrivUpdate);
#echo "<br />" . $queryPrivUpdate . "#3<br /><br />";
}
}
}
}
// save add privileges updates
if (is_array($_REQUEST['frm_priv_add']) && count($_REQUEST['frm_priv_add']) > 0) {
foreach ($_REQUEST['frm_priv_add'] as $moduleID => $value) {
$queryPrivAdd = "UPDATE `privileges` SET `priv_add` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND ";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
$queryPrivAdd .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
$queryPrivAdd .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
$queryPrivAdd .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
$queryPrivAdd .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
}
$queryPrivAdd .= "LIMIT 1";
$resultPrivAdd = mysql_query($queryPrivAdd);
#echo $queryPrivAdd . "<br /><br />";
}
}
// save edit privileges updates
if (is_array($_REQUEST['frm_priv_edit']) && count($_REQUEST['frm_priv_edit']) > 0) {
foreach ($_REQUEST['frm_priv_edit'] as $moduleID => $value) {
$queryPrivEdit = "UPDATE `privileges` SET `priv_edit` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND ";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
$queryPrivEdit .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
$queryPrivEdit .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
$queryPrivEdit .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
$queryPrivEdit .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
}
$queryPrivEdit .= "LIMIT 1";
$resultPrivEdit = mysql_query($queryPrivEdit);
#echo $queryPrivEdit . "<br /><br />";
}
}
// save delete privileges updates
if (is_array($_REQUEST['frm_priv_delete']) && count($_REQUEST['frm_priv_delete']) > 0) {
foreach ($_REQUEST['frm_priv_delete'] as $moduleID => $value) {
$queryPrivDelete = "UPDATE `privileges` SET `priv_delete` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND ";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
$queryPrivDelete .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
$queryPrivDelete .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
$queryPrivDelete .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
$queryPrivDelete .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
}
$queryPrivDelete .= "LIMIT 1";
$resultPrivDelete = mysql_query($queryPrivDelete);
#echo $queryPrivDelete . "<br /><br />";
}
}
// save list privileges updates
if (is_array($_REQUEST['frm_priv_list']) && count($_REQUEST['frm_priv_list']) > 0) {
foreach ($_REQUEST['frm_priv_list'] as $moduleID => $value) {
$queryPrivList = "UPDATE `privileges` SET `priv_list` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND ";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
$queryPrivList .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
$queryPrivList .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
$queryPrivList .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
$queryPrivList .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
}
$queryPrivList .= "LIMIT 1";
$resultPrivList = mysql_query($queryPrivList);
#echo $queryPrivList . "<br /><br />";
}
}
// save view privileges updates
if (is_array($_REQUEST['frm_priv_view']) && count($_REQUEST['frm_priv_view']) > 0) {
foreach ($_REQUEST['frm_priv_view'] as $moduleID => $value) {
$queryPrivView = "UPDATE `privileges` SET `priv_view` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND ";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
$queryPrivView .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
$queryPrivView .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
$queryPrivView .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
$queryPrivView .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
}
$queryPrivView .= "LIMIT 1";
$resultPrivView = mysql_query($queryPrivView);
#echo $queryPrivView . "<br /><br />";
}
}
// save execute privileges updates
if (is_array($_REQUEST['frm_priv_execute']) && count($_REQUEST['frm_priv_execute']) > 0) {
foreach ($_REQUEST['frm_priv_execute'] as $moduleID => $value) {
$queryPrivExecute = "UPDATE `privileges` SET `priv_execute` = 'yes' \n\t\t\t\t\t\t\t\t WHERE `module_id` = '" . $moduleID . "' \n\t\t\t\t\t\t\t\t AND ";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
$queryPrivExecute .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
$queryPrivExecute .= " AND `user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
$queryPrivExecute .= "`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
$queryPrivExecute .= "`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
}
$queryPrivExecute .= "LIMIT 1";
$resultPrivExecute = mysql_query($queryPrivExecute);
#echo "<br />" . $queryPrivExecute . "<br /><br />";
}
}
// privileges list
$query = "SELECT * \n\t\t\t\t FROM `privileges` t1, `modules` t2 \n\t\t\t\t WHERE t2.`module_id` = t1.`module_id` \n\t\t\t\t AND ";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
$query .= " t1.`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
$query .= " AND t1.`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
$query .= " t1.`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
$query .= " t1.`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' AND t1.`user_id` = '0' ";
}
$query .= " ORDER BY `module_display` ASC";
// total
$queryTotal = "SELECT COUNT(*) \n\t\t\t\t\t FROM `privileges` t1, `modules` t2 \n\t\t\t\t\t WHERE t2.`module_id` = t1.`module_id` \n\t\t\t\t\t AND ";
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_group_id']) {
$queryTotal .= "t1.`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
$queryTotal .= " AND t1.`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' ";
} elseif ($_REQUEST['frm_user_id'] && !$_REQUEST['frm_user_group_id']) {
$queryTotal .= "t1.`user_id` = '" . $_REQUEST['frm_user_id'] . "' ";
} elseif ($_REQUEST['frm_user_group_id'] && !$_REQUEST['frm_user_id']) {
$queryTotal .= "t1.`user_group_id` = '" . $_REQUEST['frm_user_group_id'] . "' AND t1.`user_id` = '0' ";
}
$result = mysql_query($query, $this->conn);
$resultTotal = mysql_query($queryTotal, $this->conn);
$rowTotal = mysql_fetch_row($resultTotal);
#echo $query . "<br /><br />";
#echo $queryTotal . "<br /><br />";
?>
<script type="text/javascript">
function getUserPrivileges(form)
{
var newIndex = form.frm_user_id.selectedIndex
strURL = '<?php
echo $_SERVER['PHP_SELF'];
?>
?frm_user_id=' + form.frm_user_id.options[newIndex].value
window.location.assign( strURL );
}
function getUserGroupPrivileges(form)
{
var newIndex = form.frm_user_group_id.selectedIndex
strURL = '<?php
echo $_SERVER['PHP_SELF'];
?>
?frm_user_group_id=' + form.frm_user_group_id.options[newIndex].value
window.location.assign( strURL );
}
</script>
<?php
$strResult = "<div align=\"center\"><h2 style=\"font-size:1.5em;\">Privileges List";
?>
<?php
if ($_REQUEST['frm_user_id']) {
$strResult .= ": User \"" . DB::dbIDToField('users', 'user_id', $_REQUEST['frm_user_id'], 'user_login_name') . "\"";
}
?>
<?php
if ($_REQUEST['frm_user_group_id']) {
$strResult .= ": Group \"" . DB::dbIDToField('user_groups', 'user_group_id', $_REQUEST['frm_user_group_id'], 'user_group_name') . "\"";
}
?>
<?php
$strResult .= "</h2></div>";
?>
<div align="right">
<a class="btn" href="user_add.php" title="New User"><img src="<?php
echo $STR_URL;
?>
img/add_icon.png" /> New User</a>
<a class="btn" href="user_group_add.php" title="New User Group"><img src="<?php
echo $STR_URL;
?>
img/add_icon.png" /> New User Group</a>
<?php
if ($_REQUEST['frm_user_id']) {
?>
<a class="btn" href="user_edit.php?user_id=<?php
echo $_REQUEST['frm_user_id'];
?>
" title="Update User"><img src="<?php
echo $STR_URL;
?>
img/edit_icon.png" /> Edit</a>
<a class="btn" href="user_delete.php?user_id=<?php
echo $_REQUEST['frm_user_id'];
?>
&action=delete" title="Delete User" onclick="return confirmDeleteUser(this.form)"><img src="<?php
echo $STR_URL;
?>
img/delete_icon.png" /> Delete</a>
<?php
}
?>
<?php
if ($_REQUEST['frm_user_group_id']) {
?>
<a class="btn" href="user_group_edit.php?user_group_id=<?php
echo $_REQUEST['frm_user_group_id'];
?>
" title="Update User Group"><img src="<?php
echo $STR_URL;
?>
img/edit_icon.png" /> Edit</a>
<a class="btn" href="user_group_delete.php?user_group_id=<?php
echo $_REQUEST['frm_user_group_id'];
?>
&action=delete" title="Delete User Group" onclick="return confirmDeleteUser(this.form)"><img src="<?php
echo $STR_URL;
?>
img/delete_icon.png" /> Delete</a>
<?php
}
?>
</div>
<form method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
" />
<div align="center">
<h2>Privileges <?php
if ($_REQUEST['frm_user_id']) {
echo ": \"" . DB::dbIDToField('users', 'user_id', $_REQUEST['frm_user_id'], 'user_login_name') . "\"";
}
?>
</h2>
</div>
<div style="background-color:#eee;padding:10px;-moz-border-radius: 5px; -webkit-border-radius: 5px;">
<p>
Manage privileges by:
<label for="frm_user_id"><strong>Username:</strong></label>
<select name="frm_user_id" id="frm_user_id" onchange="return getUserPrivileges(this.form)">
<option value="">-- Please choose --</option>
<?php
$arrUsers = DB::getUserData('user');
?>
<?php
foreach ($arrUsers as $id => $username) {
?>
<option value="<?php
echo $id;
?>
"<?php
if ($_REQUEST['frm_user_id'] && $_REQUEST['frm_user_id'] == $id) {
echo " selected";
}
?>
><?php
echo stripslashes($username);
?>
</option>
<?php
}
?>
</select> *
or
<label for="frm_user_group_id"><strong>Group:</strong></label>
<select name="frm_user_group_id" id="frm_user_group_id" onchange="return getUserGroupPrivileges(this.form)">
<option value="">-- Please choose --</option>
<?php
$arrUserGroups = DB::getUserGroupData();
?>
<?php
foreach ($arrUserGroups as $id => $userGroupName) {
?>
<?php
if ($id !== 1) {
?>
<option value="<?php
echo $id;
?>
"<?php
if ($_REQUEST['frm_user_group_id'] && $_REQUEST['frm_user_group_id'] == $id) {
echo " selected";
}
?>
><?php
echo stripslashes($userGroupName['user_group_name']);
?>
</option>
<?php
}
?>
<?php
}
?>
</select>
</p>
</div>
</div> <!-- end #box -->
<script type="text/javascript">
var status = false
function check_uncheck_all(form)
{
if (status == false)
{
for (i = 0; i < form.length; i++)
{
form[i].checked = true
}
status = true
}
else
{
for (i = 0; i < form.length; i++)
{
form[i].checked = false
}
status = false
}
}
</script>
<?php
if ($_REQUEST['frm_user_id'] || $_REQUEST['frm_user_group_id']) {
$strResult .= "\n\t\t\t<br />\n\t\t\t<div align=\"center\">\n\t\t\t<input class=\"btn\" type=\"submit\" name=\"submit\" value=\"Update Privileges\" onclick=\"return validateUserEdit(this.form)\" /> <input class=\"btn\" type=\"button\" value=\"Cancel\" onclick=\"history.go(-1)\" />\n\t\t\t</div>\t\t\t\n\t\t\t<br />\n\t\t\t<table class=\"table table-bordered table-hover\" summary=\"Privileges List\">\n\t\t\t<caption>Privileges List</caption>\n\t\t\t<thead>\n\t\t\t\t<tr>\n\t\t\t\t\t<th scope=\"col\" width=\"20\"><div align=\"center\"><input type=\"checkbox\" class=\"checkbox\" name=\"\" value=\"\" id=\"module_id\" onclick=\"this.value=check_uncheck_all(this.form.module_id)\"></div></th>\n\t\t\t\t\t<th scope=\"col\" width=\"20\"><div align=\"center\">No</div></th>\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Module Name</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Module ID</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Add</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Edit</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Delete</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. List</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. View</div></th>\n\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Execute</div></th>\t\t\t\t\t\n\t\t\t\t</tr>\n\t\t\t</thead>\t\n\t\t\t\n\t\t\t<tbody>";
if ($rowTotal[0] > 0) {
$no = 0;
while ($row = mysql_fetch_assoc($result)) {
$no++;
$intID[] = $row['module_id'];
$strResult .= "\n\t\t\t\t\t<tr ";
if ($no % 2 == 0) {
$strResult .= "class=\"odd\"";
}
$strResult .= ">\n\t\t\t\t\t\t<td><div align=\"center\"><input type=\"checkbox\" class=\"checkbox\" name=\"\" value=\"\" id=\"module_id\" onclick=\"this.value=check_uncheck_all(this.form.frm_priv_" . $row['module_id'] . ")\"></div></td>\n\t\t\t\t\t\t<td id=\"r" . $row['user_id'] . "\"><div align=\"right\">" . $no . ".</div></td>\n\t\t\t\t\t\t<td><div align=\"left\">" . stripslashes($row['module_display']) . "</div></td>\n\t\t\t\t\t\t<td><div align=\"right\">" . $row['module_id'] . "<input type=\"hidden\" name=\"frm_module_id[]\" value=\"" . $row['module_id'] . "\" /></div></td>\n\t\t\t\t\t\t<td><div align=\"center\">";
if ($row['module_file_name_add']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_add[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\"";
if ($row['priv_add'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">";
if ($row['module_file_name_edit']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_edit[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\"";
if ($row['priv_edit'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">";
if ($row['module_file_name_delete']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_delete[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\"";
if ($row['priv_delete'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">";
if ($row['module_file_name_list']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_list[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\"";
if ($row['priv_list'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">";
if ($row['module_file_name_view']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_view[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\"";
if ($row['priv_view'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t<td><div align=\"center\">";
if ($row['module_file_name_execute']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_execute[" . $row['module_id'] . "]\" id=\"frm_priv_" . $row['module_id'] . "\" value=\"yes\"";
if ($row['priv_execute'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\t\t\t\t\t\t\n\t\t\t\t\t</tr>";
}
} else {
$strResult .= "<tr><td colspan=\"10\"><div align=\"center\">Found no data</div></td></tr>";
}
$strResult .= "\n\t\t\t</tbody>\n\t\t\t<tfoot>\n\t\t\t\t<tr>\n\t\t\t\t\t<th scope=\"row\" colspan=\"2\">Total: " . $rowTotal[0] . "</th>\t\t\t\t\t\n\t\t\t\t\t<td colspan=\"8\"> </td>\n\t\t\t\t</tr>\n\t\t\t</tfoot>\n\t\t\t</table>\n\t\t\t<br /><br />\n\t\t\t<div align=\"center\">\n\t\t\t<input class=\"btn\" type=\"submit\" name=\"submit\" value=\"Update Privileges\" onclick=\"return validateUserEdit(this.form)\" /> <input type=\"button\" value=\"Cancel\" onclick=\"history.go(-1)\" />\n\t\t\t</div>\n\t\t\t";
}
// Modules
if ($_REQUEST['frm_user_id'] || $_REQUEST['frm_user_group_id']) {
$queryModule = "SELECT * FROM `modules` WHERE ";
if (is_array($intID) && count($intID) > 0) {
$queryModule .= "`module_id` NOT IN (";
for ($i = 0; $i < count($intID); $i++) {
$queryModule .= $intID[$i];
if ($i == count($intID) - 1) {
$queryModule .= "";
} else {
$queryModule .= ", ";
}
}
$queryModule .= ") AND ";
}
$queryModule .= " `module_activate` = 'yes' ORDER BY `module_display` ASC";
$queryTotalModule = "SELECT COUNT(*) FROM `modules`\t\n\t\t\t\t\t\t\t\t WHERE ";
if (is_array($intID) && count($intID) > 0) {
$queryTotalModule .= " `module_id` NOT IN (";
for ($i = 0; $i < count($intID); $i++) {
$queryTotalModule .= $intID[$i];
if ($i == count($intID) - 1) {
$queryTotalModule .= "";
} else {
$queryTotalModule .= ", ";
}
}
$queryTotalModule .= ") AND ";
}
$queryTotalModule .= " `module_activate` = 'yes'";
} else {
$queryModule = "SELECT * FROM `modules` ORDER BY `module_display` ASC";
$queryTotalModule = "SELECT COUNT(*) FROM `modules`";
}
$resultModule = mysql_query($queryModule);
$resultTotalModule = mysql_query($queryTotalModule);
$rowTotalModule = mysql_fetch_row($resultTotalModule);
if ($resultModule) {
if ($rowTotalModule[0] > 0) {
$strResult .= "\t\t\t\n\t\t\t\t<br />\n\t\t\t\t<table class=\"table table-bordered table-hover\" summary=\"Privileges List\">\n\t\t\t\t<caption>Modules List</caption>\n\t\t\t\t<thead>\n\t\t\t\t\t<tr>\t\t\t\t\t\n\t\t\t\t\t\t<th scope=\"col\" width=\"20\"><div align=\"center\"><input type=\"checkbox\" class=\"checkbox\" name=\"\" value=\"\" id=\"module_id\" onclick=\"this.value=check(this.form.module_id)\"></div></th>\n\t\t\t\t\t\t<th scope=\"col\" width=\"20\"><div align=\"center\">No</div></th>\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Module Name</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Module ID</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Add</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Edit</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Delete</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. List</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. View</div></th>\n\t\t\t\t\t\t<th scope=\"col\"><div align=\"center\">Priv. Execute</div></th>\t\t\t\t\t\t\n\t\t\t\t\t</tr>\n\t\t\t\t</thead>\t\n\t\t\t\t\n\t\t\t\t<tbody>";
$no = 0;
while ($rowModule = mysql_fetch_assoc($resultModule)) {
$no++;
$strResult .= "\n\t\t\t\t\t\t<tr ";
if ($no % 2 == 0) {
$strResult .= "class=\"odd\"";
}
$strResult .= ">\n\t\t\t\t\t\t\t<td><div align=\"center\"><input type=\"checkbox\" class=\"checkbox\" name=\"\" value=\"\" id=\"module_id\" onclick=\"this.value=check_uncheck_all(this.form.frm_priv_" . $rowModule['module_id'] . ")\"></div></td>\n\t\t\t\t\t\t\t<td id=\"r" . $rowModule['user_id'] . "\"><div align=\"right\">" . $no . ".</div></td>\n\t\t\t\t\t\t\t<td><div align=\"left\">" . stripslashes($rowModule['module_display']) . "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"right\">" . $rowModule['module_id'] . "<input type=\"hidden\" name=\"frm_module_id[]\" value=\"" . $rowModule['module_id'] . "\" /></div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">";
if ($rowModule['module_file_name_add']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_add[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\"";
if ($rowModule['priv_add'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">";
if ($rowModule['module_file_name_edit']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_edit[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\"";
if ($rowModule['priv_edit'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">";
if ($rowModule['module_file_name_delete']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_delete[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\"";
if ($rowModule['priv_delete'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">";
if ($rowModule['module_file_name_list']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_list[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\"";
if ($rowModule['priv_list'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">";
if ($rowModule['module_file_name_view']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_view[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\"";
if ($rowModule['priv_view'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t\t<td><div align=\"center\">";
if ($rowModule['module_file_name_execute']) {
$strResult .= "<input type=\"checkbox\" name=\"frm_priv_execute[" . $rowModule['module_id'] . "]\" id=\"frm_priv_" . $rowModule['module_id'] . "\" value=\"yes\"";
if ($rowModule['priv_execute'] == 'yes') {
$strResult .= " checked=\"checked\"";
}
$strResult .= " />";
} else {
$strResult .= " ";
}
$strResult .= "</div></td>\n\t\t\t\t\t\t</tr>";
}
$strResult .= "\n\t\t\t\t</tbody>\n\t\t\t\t<tfoot>\n\t\t\t\t\t<tr>\n\t\t\t\t\t\t<th scope=\"row\" colspan=\"2\">Total: " . $rowTotalModule[0] . "</th>\t\t\t\t\t\n\t\t\t\t\t\t<td colspan=\"8\"> </td>\n\t\t\t\t\t</tr>\n\t\t\t\t</tfoot>\n\t\t\t\t</table>\n\t\t\t\t<br /><br />";
if ($_REQUEST['frm_user_id']) {
$strResult .= "\n\t\t\t\t\t<div align=\"center\">\n\t\t\t\t\t<input class=\"btn\" type=\"submit\" name=\"submit\" value=\"Update User Privileges\" onclick=\"return validateUserEdit(this.form)\" /> <input type=\"button\" value=\"Cancel\" onclick=\"history.go(-1)\" />\n\t\t\t\t\t</div>\n\t\t\t\t\t";
}
}
}
?>
<?php
echo $strResult;
?>
</form>
<a class="btn" href="#content"><i class="icon-arrow-up"></i> Back to top</a>
<?php
// The Log
$strLog = "View the Privileges List";
$queryLog = "INSERT INTO `logs` (`log_id`,\n\t\t\t\t\t\t\t\t\t\t`log_user`,\n\t\t\t\t\t\t\t\t\t\t`log_action`,\n\t\t\t\t\t\t\t\t\t\t`log_time`,\n\t\t\t\t\t\t\t\t\t\t`log_from`,\n\t\t\t\t\t\t\t\t\t\t`log_logout`)\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\tVALUES (NULL,\n\t\t\t\t\t\t\t\t\t\t'" . $_SESSION['user']['login_name'] . "',\n\t\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($strLog) . "',\n\t\t\t\t\t\t\t\t\t\t'" . date('Y-m-d H:i:s') . "',\n\t\t\t\t\t\t\t\t\t\t'" . $_SESSION['user']['ip_address'] . "',\n\t\t\t\t\t\t\t\t\t\tNULL)";
$resultLog = mysql_query($queryLog);
}
