Quick Search:

Mode

Context

Displaying 3 lines of context. None | Less | More | Full

Other Diffs

Ignore

Blank Lines Whitespace:

Diff

1130
  
1200
  
1200
  
administrators.php
_> 1010   Released under the GNU General Public License
  1111 */
  1212 
<>  13+  require('includes/classes/administrators.php');
   14+
1315   class osC_Content_Administrators extends osC_Template {
  1416 
  1517 /* Private variables */
      
 !
2123 /* Class constructor */
  2224 
  2325     function osC_Content_Administrators() {
<>  26+      global $osC_MessageStack;
   27+
2428       if (!isset($_GET['action'])) {
  2529         $_GET['action'] = '';
  2630       }
      
 !
3236       if (!empty($_GET['action'])) {
  3337         switch ($_GET['action']) {
  3438           case 'save':
<> 35 -            $this->_save();
  36 -            break;
  37 -
  38 -          case 'deleteconfirm':
  39 -            $this->_delete();
  40 -            break;
  41 -
  42 -          case 'batchSave':
  43 -            if ( isset($_POST['batch']) && is_array($_POST['batch']) && !empty($_POST['batch']) ) {
  44 -              $this->_page_contents = 'batch_edit.php';
  45 -
  46 -              if ( isset($_POST['subaction']) && ($_POST['subaction'] == 'confirm') ) {
  47 -                $this->_saveBatch();
  48 -              }
   39+            if ( isset($_GET['aID']) && is_numeric($_GET['aID']) ) {
   40+              $this->_page_contents = 'edit.php';
4941             } else {
<> 50 -              $_GET['action'] = '';
   42+              $this->_page_contents = 'new.php';
5143             }
  5244 
<> 53 -            break;
   45+            if ( isset($_POST['subaction']) && ($_POST['subaction'] == 'confirm') ) {
   46+              $data = array('username' => $_POST['user_name'],
   47+                            'password' => $_POST['user_password']);
5448 
<> 55 -          case 'batchDelete':
  56 -            if ( isset($_POST['batch']) && is_array($_POST['batch']) && !empty($_POST['batch']) ) {
  57 -              $this->_page_contents = 'batch_delete.php';
   49+              switch ( osC_Administrators_Admin::save((isset($_GET['aID']) && is_numeric($_GET['aID']) ? $_GET['aID'] : null), $data, (isset($_POST['modules']) ? $_POST['modules'] : null)) ) {
   50+                case true:
   51+                  if ( isset($_GET['aID']) && is_numeric($_GET['aID']) && ($_GET['aID'] == $_SESSION['admin']['id']) ) {
   52+                    $_SESSION['admin']['access'] = osC_Access::getUserLevels($_GET['aID']);
   53+                  }
5854 
<> 59 -              if ( isset($_POST['subaction']) && ($_POST['subaction'] == 'confirm') ) {
  60 -                $this->_deleteBatch();
  61 -              }
  62 -            } else {
  63 -              $_GET['action'] = '';
  64 -            }
   55+                  $osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
6556 
<> 66 -            break;
  67 -        }
  68 -      }
  69 -    }
   57+                  osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page']));
7058 
<> 71 -/* Private methods */
   59+                  break;
7260 
<> 73 -    function _save() {
  74 -      global $osC_Database, $osC_MessageStack;
   61+                case false:
   62+                  $osC_MessageStack->add_session($this->_module, ERROR_DB_ROWS_NOT_UPDATED, 'error');
7563 
<> 76 -      $error = false;
   64+                  osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page']));
7765 
<> 78 -      $Qcheck = $osC_Database->query('select id from :table_administrators where user_name = :user_name');
  79 -      if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {
  80 -        $Qcheck->appendQuery('and id != :id limit 1');
  81 -        $Qcheck->bindInt(':id', $_GET['aID']);
  82 -      }
  83 -      $Qcheck->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
  84 -      $Qcheck->bindValue(':user_name', $_POST['user_name']);
  85 -      $Qcheck->execute();
   66+                  break;
8667 
<> 87 -      if ($Qcheck->numberOfRows() < 1) {
  88 -        $osC_Database->startTransaction();
   68+                case -1:
   69+                  $osC_MessageStack->add($this->_module, ERROR_ADMINISTRATORS_USERNAME_EXISTS, 'error');
8970 
<> 90 -        if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {
  91 -          $Qadmin = $osC_Database->query('update :table_administrators set user_name = :user_name where id = :id');
  92 -          $Qadmin->bindInt(':id', $_GET['aID']);
  93 -        } else {
  94 -          $Qadmin = $osC_Database->query('insert into :table_administrators (user_name, user_password) values (:user_name, :user_password)');
  95 -          $Qadmin->bindValue(':user_password', osc_encrypt_string(trim($_POST['user_password'])));
  96 -        }
  97 -        $Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
  98 -        $Qadmin->bindValue(':user_name', $_POST['user_name']);
  99 -        $Qadmin->execute();
  100 -
  101 -        if ( !$osC_Database->isError() ) {
  102 -          $id = (isset($_GET['aID']) && is_numeric($_GET['aID']) ? $_GET['aID'] : $osC_Database->nextID());
  103 -
  104 -          if ( isset($_GET['aID']) && is_numeric($_GET['aID']) && !empty($_POST['user_password']) ) {
  105 -            $Qadmin = $osC_Database->query('update :table_administrators set user_password = :user_password where id = :id');
  106 -            $Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
  107 -            $Qadmin->bindValue(':user_password', osc_encrypt_string(trim($_POST['user_password'])));
  108 -            $Qadmin->bindInt(':id', $id);
  109 -            $Qadmin->execute();
  110 -
  111 -            if ( $osC_Database->isError() ) {
  112 -              $error = true;
  113 -            }
  114 -          }
  115 -        } else {
  116 -          $error = true;
  117 -        }
  118 -
  119 -        if ( $error === false ) {
  120 -          $modules_array = array();
  121 -
  122 -          if ( isset($_POST['modules']) ) {
  123 -            if ( in_array( '*', $_POST['modules'] ) ) {
  124 -              $_POST['modules'] = array('*');
  125 -            }
  126 -
  127 -            foreach ($_POST['modules'] as $module) {
  128 -              $modules_array[] = '\'' . $module . '\'';
  129 -
  130 -              $Qcheck = $osC_Database->query('select administrators_id from :table_administrators_access where administrators_id = :administrators_id and module = :module limit 1');
  131 -              $Qcheck->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
  132 -              $Qcheck->bindInt(':administrators_id', $id);
  133 -              $Qcheck->bindValue(':module', $module);
  134 -              $Qcheck->execute();
  135 -
  136 -              if ( $Qcheck->numberOfRows() < 1 ) {
  137 -                $Qinsert = $osC_Database->query('insert into :table_administrators_access (administrators_id, module) values (:administrators_id, :module)');
  138 -                $Qinsert->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
  139 -                $Qinsert->bindInt(':administrators_id', $id);
  140 -                $Qinsert->bindValue(':module', $module);
  141 -                $Qinsert->execute();
  142 -
  143 -                if ( $osC_Database->isError() ) {
  144 -                  $error = true;
14571                   break;
<> 146 -                }
14772               }
  14873             }
<> 149 -          }
  150 -        }
15174 
<> 152 -        if ( $error === false ) {
  153 -          $Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');
   75+            break;
15476 
<> 155 -          if ( !empty($modules_array) ) {
  156 -            $Qdel->appendQuery('and module not in (:module)');
  157 -            $Qdel->bindRaw(':module', implode(',', $modules_array));
  158 -          }
   77+          case 'delete':
   78+            $this->_page_contents = 'delete.php';
15979 
<> 160 -          $Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
  161 -          $Qdel->bindInt(':administrators_id', $id);
  162 -          $Qdel->execute();
   80+            if ( isset($_POST['subaction']) && ($_POST['subaction'] == 'confirm') ) {
   81+              if ( osC_Administrators_Admin::delete($_GET['aID']) ) {
   82+                $osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
   83+              } else {
   84+                $osC_MessageStack->add_session($this->_module, ERROR_DB_ROWS_NOT_UPDATED, 'error');
   85+              }
16386 
<> 164 -          if ( $osC_Database->isError() ) {
  165 -            $error = true;
  166 -          }
  167 -        }
   87+              osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page']));
   88+            }
16889 
<> 169 -        if ( $error === false ) {
  170 -          $osC_Database->commitTransaction();
   90+            break;
17191 
<> 172 -          if ($id == $_SESSION['admin']['id']) {
  173 -            $_SESSION['admin']['access'] = osC_Access::getUserLevels($id);
  174 -          }
   92+          case 'batchSave':
   93+            if ( isset($_POST['batch']) && is_array($_POST['batch']) && !empty($_POST['batch']) ) {
   94+              $this->_page_contents = 'batch_edit.php';
17595 
<> 176 -          $osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
  177 -        } else {
  178 -          $osC_Database->rollbackTransaction();
   96+              if ( isset($_POST['subaction']) && ($_POST['subaction'] == 'confirm') ) {
   97+                $error = false;
17998 
<> 180 -          $osC_MessageStack->add_session($this->_module, ERROR_DB_ROWS_NOT_UPDATED, 'error');
  181 -        }
   99+                foreach ($_POST['batch'] as $id) {
   100+                  if ( !osC_Administrators_Admin::setAccessLevels($id, $_POST['modules'], $_POST['mode']) ) {
   101+                    $error = true;
   102+                    break;
   103+                  }
   104+                }
182105 
<> 183 -        osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page'] . (isset($id) ? '&aID=' . $id : '')));
  184 -      } else {
  185 -        $osC_MessageStack->add($this->_module, ERROR_ADMINISTRATORS_USERNAME_EXISTS, 'error');
   106+                if ( $error === false ) {
   107+                  $osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
186108 
<> 187 -        if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {
  188 -          $_GET['action'] = 'aEdit';
  189 -        } else {
  190 -          $_GET['action'] = 'aNew';
  191 -        }
  192 -      }
  193 -    }
   109+                  if ( in_array($_SESSION['admin']['id'], $_POST['batch']) ) {
   110+                    $_SESSION['admin']['access'] = osC_Access::getUserLevels($_SESSION['admin']['id']);
   111+                  }
   112+                } else {
   113+                  $osC_MessageStack->add_session($this->_module, ERROR_DB_ROWS_NOT_UPDATED, 'error');
   114+                }
194115 
<> 195 -    function _delete() {
  196 -      global $osC_Database, $osC_MessageStack;
  197 -
  198 -      if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {
  199 -        $osC_Database->startTransaction();
  200 -
  201 -        $Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');
  202 -        $Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
  203 -        $Qdel->bindInt(':administrators_id', $_GET['aID']);
  204 -        $Qdel->execute();
  205 -
  206 -        $Qdel = $osC_Database->query('delete from :table_administrators where id = :id');
  207 -        $Qdel->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
  208 -        $Qdel->bindInt(':id', $_GET['aID']);
  209 -        $Qdel->execute();
  210 -
  211 -        $osC_Database->commitTransaction();
  212 -
  213 -        $osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
  214 -      }
  215 -
  216 -      osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page']));
  217 -    }
  218 -
  219 -    function _saveBatch() {
  220 -      global $osC_Database, $osC_MessageStack;
  221 -
  222 -      $error = false;
  223 -
  224 -      $modules_array = array();
  225 -
  226 -      if ( in_array('*', $_POST['modules']) ) {
  227 -        $_POST['modules'] = array('*');
  228 -      }
  229 -
  230 -      foreach ($_POST['modules'] as $module) {
  231 -        $modules_array[$module] = '\'' . $module . '\'';
  232 -      }
  233 -
  234 -      $osC_Database->startTransaction();
  235 -
  236 -      if ( ($_POST['type'] == 'add') || ($_POST['type'] == 'set') ) {
  237 -        foreach ($modules_array as $module_key => $module_access) {
  238 -          foreach ($_POST['batch'] as $id) {
  239 -            $execute = true;
  240 -
  241 -            if ( $module_key != '*' ) {
  242 -              $Qcheck = $osC_Database->query('select administrators_id from :table_administrators_access where administrators_id = :administrators_id and module = :module limit 1');
  243 -              $Qcheck->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
  244 -              $Qcheck->bindInt(':administrators_id', $id);
  245 -              $Qcheck->bindValue(':module', '*');
  246 -              $Qcheck->execute();
  247 -
  248 -              if ( $Qcheck->numberOfRows() === 1 ) {
  249 -                $execute = false;
   116+                osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page']));
250117               }
  251118             }
  252119 
<> 253 -            if ( $execute === true ) {
  254 -              $Qcheck = $osC_Database->query('select administrators_id from :table_administrators_access where administrators_id = :administrators_id and module = :module limit 1');
  255 -              $Qcheck->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
  256 -              $Qcheck->bindInt(':administrators_id', $id);
  257 -              $Qcheck->bindValue(':module', $module_key);
  258 -              $Qcheck->execute();
   120+            break;
259121 
<> 260 -              if ( $Qcheck->numberOfRows() < 1 ) {
  261 -                $Qinsert = $osC_Database->query('insert into :table_administrators_access (administrators_id, module) values (:administrators_id, :module)');
  262 -                $Qinsert->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
  263 -                $Qinsert->bindInt(':administrators_id', $id);
  264 -                $Qinsert->bindValue(':module', $module_key);
  265 -                $Qinsert->execute();
   122+          case 'batchDelete':
   123+            if ( isset($_POST['batch']) && is_array($_POST['batch']) && !empty($_POST['batch']) ) {
   124+              $this->_page_contents = 'batch_delete.php';
266125 
<> 267 -                if ( $osC_Database->isError() ) {
  268 -                  $error = true;
  269 -                  break;
   126+              if ( isset($_POST['subaction']) && ($_POST['subaction'] == 'confirm') ) {
   127+                $error = false;
   128+
   129+                foreach ($_POST['batch'] as $id) {
   130+                  if ( !osC_Administrators_Admin::delete($id) ) {
   131+                    $error = true;
   132+                    break;
   133+                  }
270134                 }
<> 271 -              }
  272 -            }
  273 -          }
  274 -        }
  275 -      }
276135 
<> 277 -      if ( $error === false ) {
  278 -        if ( ($_POST['type'] == 'remove') || ($_POST['type'] == 'set') || in_array('*', $_POST['modules']) ) {
  279 -          if ( !empty($modules_array) ) {
  280 -            foreach ($_POST['batch'] as $id) {
  281 -              $Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');
  282 -
  283 -              if ( $_POST['type'] == 'remove' ) {
  284 -                if ( !in_array('*', $_POST['modules']) ) {
  285 -                  $Qdel->appendQuery('and module in (:module)');
  286 -                  $Qdel->bindRaw(':module', implode(',', $modules_array));
   136+                if ( $error === false ) {
   137+                  $osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
   138+                } else {
   139+                  $osC_MessageStack->add_session($this->_module, ERROR_DB_ROWS_NOT_UPDATED, 'error');
287140                 }
<> 288 -              } else {
  289 -                $Qdel->appendQuery('and module not in (:module)');
  290 -                $Qdel->bindRaw(':module', implode(',', $modules_array));
  291 -              }
292141 
<> 293 -              $Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
  294 -              $Qdel->bindInt(':administrators_id', $id);
  295 -              $Qdel->execute();
  296 -
  297 -              if ( $osC_Database->isError() ) {
  298 -                $error = true;
  299 -                break;
   142+                osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page']));
300143               }
  301144             }
<> 302 -          }
  303 -        }
  304 -      }
305145 
<> 306 -      if ( $error === false ) {
  307 -        $osC_Database->commitTransaction();
  308 -
  309 -        if ( in_array($_SESSION['admin']['id'], $_POST['batch']) ) {
  310 -          $_SESSION['admin']['access'] = osC_Access::getUserLevels($_SESSION['admin']['id']);
   146+            break;
311147         }
<> 312 -
  313 -        $osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
  314 -      } else {
  315 -        $osC_Database->rollbackTransaction();
  316 -
  317 -        $osC_MessageStack->add_session($this->_module, ERROR_DB_ROWS_NOT_UPDATED, 'error');
318148       }
<> 319 -
  320 -      osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page']));
321149     }
<> 322 -
  323 -    function _deleteBatch() {
  324 -      global $osC_Database, $osC_MessageStack;
  325 -
  326 -      if (isset($_POST['batch']) && is_array($_POST['batch'])) {
  327 -        $osC_Database->startTransaction();
  328 -
  329 -        $Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id in (":administrators_id")');
  330 -        $Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
  331 -        $Qdel->bindRaw(':administrators_id', implode('", "', array_unique(array_filter(array_slice($_POST['batch'], 0, MAX_DISPLAY_SEARCH_RESULTS), 'is_numeric'))));
  332 -        $Qdel->execute();
  333 -
  334 -        $Qdel = $osC_Database->query('delete from :table_administrators where id in (":id")');
  335 -        $Qdel->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
  336 -        $Qdel->bindRaw(':id', implode('", "', array_unique(array_filter(array_slice($_POST['batch'], 0, MAX_DISPLAY_SEARCH_RESULTS), 'is_numeric'))));
  337 -        $Qdel->execute();
  338 -
  339 -        $osC_Database->commitTransaction();
  340 -
  341 -        $osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
  342 -      }
  343 -
  344 -      osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page']));
  345 -    }
<_ 346150   }
  347151 ?>