FishEye: file osCommerce/branches/hpdl/oscommerce/admin/includes/applications/administrators/administrators.php

Annotated File View

hpdl	1016	1	<?php
		2	/*
		3	$Id: $
		4
		5	osCommerce, Open Source E-Commerce Solutions
		6	http://www.oscommerce.com
		7
		8	Copyright (c) 2006 osCommerce
		9
		10	Released under the GNU General Public License
		11	*/
		12
		13	class osC_Content_Administrators extends osC_Template {
		14
		15	/* Private variables */
		16
		17	var $_module = 'administrators',
hpdl	1070	18	$_page_title = HEADING_TITLE,
hpdl	1016	19	$_page_contents = 'administrators.php';
		20
		21	/* Class constructor */
		22
		23	function osC_Content_Administrators() {
		24	if (!isset($_GET['action'])) {
		25	$_GET['action'] = '';
		26	}
		27
		28	if (!isset($_GET['page']) \|\| (isset($_GET['page']) && !is_numeric($_GET['page']))) {
		29	$_GET['page'] = 1;
		30	}
		31
		32	if (!empty($_GET['action'])) {
		33	switch ($_GET['action']) {
		34	case 'save':
		35	$this->_save();
		36	break;
		37
		38	case 'deleteconfirm':
		39	$this->_delete();
		40	break;
		41	}
		42	}
		43	}
		44
hpdl	1070	45	function sortAccessList($a, $b) {
		46	if ($a['group'] == $b['group']) {
		47	if ($a['text'] == $b['text']) {
		48	return 0;
		49	}
		50
		51	return ($a['text'] < $b['text']) ? -1 : 1;
		52	}
		53
		54	return ($a['group'] < $b['group']) ? -1 : 1;
		55	}
		56
hpdl	1016	57	/* Private methods */
		58
		59	function _save() {
		60	global $osC_Database, $osC_MessageStack;
		61
hpdl	1070	62	$error = false;
hpdl	1016	63
hpdl	1085	64	$Qcheck = $osC_Database->query('select id from :table_administrators where user_name = :user_name');
hpdl	1016	65	if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {
hpdl	1085	66	$Qcheck->appendQuery('and id != :id limit 1');
hpdl	1085	67	$Qcheck->bindInt(':id', $_GET['aID']);
hpdl	1016	68	}
hpdl	1085	69	$Qcheck->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
		70	$Qcheck->bindValue(':user_name', $_POST['user_name']);
		71	$Qcheck->execute();
hpdl	1016	72
hpdl	1085	73	if ($Qcheck->numberOfRows() < 1) {
hpdl	1085	74	$osC_Database->startTransaction();
hpdl	1016	75
hpdl	1085	76	if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {
		77	$Qadmin = $osC_Database->query('update :table_administrators set user_name = :user_name where id = :id');
		78	$Qadmin->bindInt(':id', $_GET['aID']);
		79	} else {
hpdl	1110	80	$Qadmin = $osC_Database->query('insert into :table_administrators (user_name, user_password) values (:user_name, :user_password)');
hpdl	1110	81	$Qadmin->bindValue(':user_password', osc_encrypt_string(trim($_POST['user_password'])));
hpdl	1085	82	}
		83	$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
		84	$Qadmin->bindValue(':user_name', $_POST['user_name']);
		85	$Qadmin->execute();
hpdl	1070	86
hpdl	1085	87	if ( !$osC_Database->isError() ) {
		88	$id = (isset($_GET['aID']) && is_numeric($_GET['aID']) ? $_GET['aID'] : $osC_Database->nextID());
		89
hpdl	1110	90	if ( isset($_GET['aID']) && is_numeric($_GET['aID']) && !empty($_POST['user_password']) ) {
hpdl	1085	91	$Qadmin = $osC_Database->query('update :table_administrators set user_password = :user_password where id = :id');
		92	$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
		93	$Qadmin->bindValue(':user_password', osc_encrypt_string(trim($_POST['user_password'])));
		94	$Qadmin->bindInt(':id', $id);
		95	$Qadmin->execute();
		96
		97	if ( $osC_Database->isError() ) {
		98	$error = true;
		99	}
hpdl	1070	100	}
hpdl	1085	101	} else {
hpdl	1085	102	$error = true;
hpdl	1070	103	}
hpdl	1016	104
hpdl	1085	105	if ( $error === false ) {
hpdl	1085	106	$modules_array = array();
hpdl	1070	107
hpdl	1085	108	if ( isset($_POST['modules']) ) {
		109	if ( in_array( '*', $_POST['modules'] ) ) {
		110	$_POST['modules'] = array('*');
		111	}
hpdl	1070	112
hpdl	1085	113	foreach ($_POST['modules'] as $module) {
hpdl	1085	114	$modules_array[] = '\'' . $module . '\'';
hpdl	1070	115
hpdl	1085	116	$Qcheck = $osC_Database->query('select administrators_id from :table_administrators_access where administrators_id = :administrators_id and module = :module limit 1');
		117	$Qcheck->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
		118	$Qcheck->bindInt(':administrators_id', $id);
		119	$Qcheck->bindValue(':module', $module);
		120	$Qcheck->execute();
hpdl	1070	121
hpdl	1085	122	if ( $Qcheck->numberOfRows() < 1 ) {
		123	$Qinsert = $osC_Database->query('insert into :table_administrators_access (administrators_id, module) values (:administrators_id, :module)');
		124	$Qinsert->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
		125	$Qinsert->bindInt(':administrators_id', $id);
		126	$Qinsert->bindValue(':module', $module);
		127	$Qinsert->execute();
hpdl	1070	128
hpdl	1085	129	if ( $osC_Database->isError() ) {
		130	$error = true;
		131	break;
		132	}
hpdl	1070	133	}
		134	}
		135	}
		136	}
		137
hpdl	1085	138	if ( $error === false ) {
hpdl	1085	139	$Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');
hpdl	1070	140
hpdl	1085	141	if ( !empty($modules_array) ) {
		142	$Qdel->appendQuery('and module not in (:module)');
		143	$Qdel->bindRaw(':module', implode(',', $modules_array));
		144	}
		145
		146	$Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
		147	$Qdel->bindInt(':administrators_id', $id);
		148	$Qdel->execute();
		149
		150	if ( $osC_Database->isError() ) {
		151	$error = true;
		152	} else {
		153	if ($id == $_SESSION['admin']['id']) {
		154	$_SESSION['admin']['access'] = osC_Access::getUserLevels($id);
		155	}
		156	}
hpdl	1070	157	}
hpdl	1070	158
hpdl	1085	159	if ( $error === false ) {
hpdl	1085	160	$osC_Database->commitTransaction();
hpdl	1070	161
hpdl	1085	162	$osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
hpdl	1074	163	} else {
hpdl	1085	164	$osC_Database->rollbackTransaction();
		165
		166	$osC_MessageStack->add_session($this->_module, ERROR_DB_ROWS_NOT_UPDATED, 'error');
hpdl	1070	167	}
hpdl	1070	168
hpdl	1085	169	osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page'] . (isset($id) ? '&aID=' . $id : '')));
hpdl	1016	170	} else {
hpdl	1085	171	$osC_MessageStack->add($this->_module, ERROR_ADMINISTRATORS_USERNAME_EXISTS, 'error');
hpdl	1070	172
hpdl	1085	173	if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {
		174	$_GET['action'] = 'aEdit';
		175	} else {
		176	$_GET['action'] = 'aNew';
		177	}
hpdl	1016	178	}
		179	}
		180
		181	function _delete() {
		182	global $osC_Database, $osC_MessageStack;
		183
		184	if (isset($_GET['aID']) && is_numeric($_GET['aID'])) {
hpdl	1070	185	$osC_Database->startTransaction();
		186
		187	$Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');
		188	$Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
		189	$Qdel->bindInt(':administrators_id', $_GET['aID']);
		190	$Qdel->execute();
		191
hpdl	1016	192	$Qdel = $osC_Database->query('delete from :table_administrators where id = :id');
		193	$Qdel->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
		194	$Qdel->bindInt(':id', $_GET['aID']);
		195	$Qdel->execute();
		196
hpdl	1070	197	$osC_Database->commitTransaction();
hpdl	1070	198
hpdl	1016	199	$osC_MessageStack->add_session($this->_module, SUCCESS_DB_ROWS_UPDATED, 'success');
		200	}
		201
		202	osc_redirect(osc_href_link_admin(FILENAME_DEFAULT, $this->_module . '&page=' . $_GET['page']));
		203	}
		204	}
		205	?>

FishEye

View

Diff

Annotations

Annotated File View