FishEye: diff osCommerce/branches/hpdl/oscommerce/admin/includes/applications/administrators/administrators.php

15

/* Private variables */

16

17

var $_module = 'administrators',

18

-

$_page_title,

18

+

$_page_title = HEADING_TITLE,

19

$_page_contents = 'administrators.php';

20

21

/* Class constructor */

22

23

function osC_Content_Administrators() {

24

-

$this->_page_title = HEADING_TITLE;

25

-

26

24

if (!isset($_GET['action'])) {

27

25

$_GET['action'] = '';

28

26

}

44

42

}

45

43

}

46

44

45

+

function sortAccessList($a, $b) {

46

+

if ($a['group'] == $b['group']) {

47

+

if ($a['text'] == $b['text']) {

48

+

return 0;

49

+

}

50

+

51

+

return ($a['text'] < $b['text']) ? -1 : 1;

52

+

}

53

+

54

+

return ($a['group'] < $b['group']) ? -1 : 1;

55

+

}

56

+

47

57

/* Private methods */

48

58

49

59

function _save() {

50

60

global $osC_Database, $osC_MessageStack;

51

61

52

-

$id = 0;

62

+

$error = false;

53

63

64

+

$osC_Database->startTransaction();

65

+

54

66

if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {

55

67

$Qadmin = $osC_Database->query('update :table_administrators set user_name = :user_name where id = :id');

56

68

$Qadmin->bindInt(':id', $_GET['aID']);

61

73

$Qadmin->bindValue(':user_name', $_POST['user_name']);

62

74

$Qadmin->execute();

63

75

64

-

if (($osC_Database->isError() === false) && !empty($_POST['user_password'])) {

65

-

$id = ((isset($_GET['aID']) && is_numeric($_GET['aID'])) ? $_GET['aID'] : $osC_Database->nextID());

76

+

if ( !$osC_Database->isError() ) {

77

+

$id = (isset($_GET['aID']) && is_numeric($_GET['aID']) ? $_GET['aID'] : $osC_Database->nextID());

66

78

67

-

$Qadmin = $osC_Database->query('update :table_administrators set user_password = :user_password where id = :id');

68

-

$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);

69

-

$Qadmin->bindValue(':user_password', osc_encrypt_string(trim($_POST['user_password'])));

70

-

$Qadmin->bindInt(':id', $id);

71

-

$Qadmin->execute();

79

+

if ( !empty($_POST['user_password']) ) {

80

+

$Qadmin = $osC_Database->query('update :table_administrators set user_password = :user_password where id = :id');

81

+

$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);

82

+

$Qadmin->bindValue(':user_password', osc_encrypt_string(trim($_POST['user_password'])));

83

+

$Qadmin->bindInt(':id', $id);

84

+

$Qadmin->execute();

85

+

86

+

if ( $osC_Database->isError() ) {

87

+

$error = true;

88

+

}

89

+

}

90

+

} else {

91

+

$error = true;

72

92

}

73

93

74

-

if ($osC_Database->isError() === false) {

94

+

if ( $error === false ) {

95

+

$modules_array = array();

96

+

97

+

if ( isset($_POST['modules']) ) {

98

+

if ( in_array( '*', $_POST['modules'] ) ) {

99

+

$_POST['modules'] = array('*');

100

+

}

101

+

102

+

foreach ($_POST['modules'] as $module) {

103

+

$modules_array[] = '\'' . $module . '\'';

104

+

105

+

$Qcheck = $osC_Database->query('select administrators_id from :table_administrators_access where administrators_id = :administrators_id and module = :module limit 1');

106

+

$Qcheck->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);

107

+

$Qcheck->bindInt(':administrators_id', $id);

108

+

$Qcheck->bindValue(':module', $module);

109

+

$Qcheck->execute();

110

+

111

+

if ( $Qcheck->numberOfRows() < 1 ) {

112

+

$Qinsert = $osC_Database->query('insert into :table_administrators_access (administrators_id, module) values (:administrators_id, :module)');

113

+

$Qinsert->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);

114

+

$Qinsert->bindInt(':administrators_id', $id);

115

+

$Qinsert->bindValue(':module', $module);

116

+

$Qinsert->execute();

117

+

118

+

if ( $osC_Database->isError() ) {

119

+

$error = true;

120

+

break;

121

+

}

122

+

}

123

+

}

124

+

}

125

+

}

126

+

127

+

if ( $error === false ) {

128

+

$Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');

129

+

130

+

if ( !empty($modules_array) ) {

131

+

$Qdel->appendQuery('and module not in (:module)');

132

+

$Qdel->bindRaw(':module', implode(',', $modules_array));

133

+

}

134

+

135

+

$Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);

136

+

$Qdel->bindInt(':administrators_id', $id);

137

+

$Qdel->execute();

138

+

139

+

if ( $osC_Database->isError() ) {

140

+

$error = true;

141

+

}

142

+

}

143

+

144

+

if ( $error === false ) {

145

+

$osC_Database->commitTransaction();

146

+

75

147

$osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');

76

148

} else {

149

+

$osC_Database->rollbackTransaction();

150

+

77

151

$osC_MessageStack->add_session($this->_module, ERROR_DB_ROWS_NOT_UPDATED, 'error');

78

152

}

79

153

80

-

osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page'] . '&aID=' . $id));

154

+

osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page'] . (isset($id) ? '&aID=' . $id : '')));

81

155

}

82

156

83

157

function _delete() {

84

158

global $osC_Database, $osC_MessageStack;

85

159

86

160

if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {

161

+

$osC_Database->startTransaction();

162

+

163

+

$Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');

164

+

$Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);

165

+

$Qdel->bindInt(':administrators_id', $_GET['aID']);

166

+

$Qdel->execute();

167

+

87

168

$Qdel = $osC_Database->query('delete from :table_administrators where id = :id');

88

169

$Qdel->bindTable(':table_administrators', TABLE_ADMINISTRATORS);

89

170

$Qdel->bindInt(':id', $_GET['aID']);

90

171

$Qdel->execute();

91

172

173

+

$osC_Database->commitTransaction();

174

+

92

175

$osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');

93

176

}

94

177

FishEye

Mode

Context

Other Diffs

Ignore

Diff