hpdl
|
1200
|
1
|
<?php
|
|
2
|
/*
|
|
3
|
$Id: administrators.php 1851 2009-02-28 03:08:07Z hpdl $
|
|
4
|
|
|
5
|
osCommerce, Open Source E-Commerce Solutions
|
|
6
|
http://www.oscommerce.com
|
|
7
|
|
hpdl
|
1851
|
8
|
Copyright (c) 2009 osCommerce
|
hpdl
|
1200
|
9
|
|
hpdl
|
1497
|
10
|
This program is free software; you can redistribute it and/or modify
|
|
11
|
it under the terms of the GNU General Public License v2 (1991)
|
|
12
|
as published by the Free Software Foundation.
|
hpdl
|
1200
|
13
|
*/
|
|
14
|
|
hpdl
|
1851
|
15
|
class osC_Administrators_Admin {
|
|
16
|
const ACCESS_MODE_ADD = 'add';
|
|
17
|
const ACCESS_MODE_SET = 'set';
|
|
18
|
const ACCESS_MODE_REMOVE = 'remove';
|
hpdl
|
1200
|
19
|
|
hpdl
|
1851
|
20
|
public static function get($id) {
|
hpdl
|
1200
|
21
|
global $osC_Database;
|
|
22
|
|
hpdl
|
1851
|
23
|
$Qadmin = $osC_Database->query('select * from :table_administrators where id = :id');
|
hpdl
|
1200
|
24
|
$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
|
|
25
|
$Qadmin->bindInt(':id', $id);
|
|
26
|
$Qadmin->execute();
|
|
27
|
|
hpdl
|
1851
|
28
|
$modules = array('access_modules' => array());
|
hpdl
|
1200
|
29
|
|
|
30
|
$Qaccess = $osC_Database->query('select module from :table_administrators_access where administrators_id = :administrators_id');
|
|
31
|
$Qaccess->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
|
|
32
|
$Qaccess->bindInt(':administrators_id', $id);
|
|
33
|
$Qaccess->execute();
|
|
34
|
|
|
35
|
while ( $Qaccess->next() ) {
|
|
36
|
$modules['access_modules'][] = $Qaccess->value('module');
|
|
37
|
}
|
|
38
|
|
|
39
|
$data = array_merge($Qadmin->toArray(), $modules);
|
|
40
|
|
|
41
|
unset($modules);
|
|
42
|
$Qaccess->freeResult();
|
|
43
|
$Qadmin->freeResult();
|
|
44
|
|
|
45
|
return $data;
|
|
46
|
}
|
|
47
|
|
hpdl
|
1851
|
48
|
public static function getAll($pageset = 1) {
|
hpdl
|
1200
|
49
|
global $osC_Database;
|
|
50
|
|
hpdl
|
1851
|
51
|
if ( !is_numeric($pageset) || (floor($pageset) != $pageset) ) {
|
|
52
|
$pageset = 1;
|
|
53
|
}
|
|
54
|
|
|
55
|
$result = array('entries' => array());
|
|
56
|
|
|
57
|
$Qadmins = $osC_Database->query('select SQL_CALC_FOUND_ROWS * from :table_administrators order by user_name');
|
|
58
|
$Qadmins->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
|
|
59
|
|
|
60
|
if ( $pageset !== -1 ) {
|
|
61
|
$Qadmins->setBatchLimit($_GET['page'], MAX_DISPLAY_SEARCH_RESULTS);
|
|
62
|
}
|
|
63
|
|
|
64
|
$Qadmins->execute();
|
|
65
|
|
|
66
|
while ( $Qadmins->next() ) {
|
|
67
|
$result['entries'][] = $Qadmins->toArray();
|
|
68
|
}
|
|
69
|
|
|
70
|
$result['total'] = $Qadmins->getBatchSize();
|
|
71
|
|
|
72
|
$Qadmins->freeResult();
|
|
73
|
|
|
74
|
return $result;
|
|
75
|
}
|
|
76
|
|
|
77
|
public static function find($search, $pageset = 1) {
|
|
78
|
global $osC_Database;
|
|
79
|
|
|
80
|
if ( !is_numeric($pageset) || (floor($pageset) != $pageset) ) {
|
|
81
|
$pageset = 1;
|
|
82
|
}
|
|
83
|
|
|
84
|
$result = array('entries' => array());
|
|
85
|
|
|
86
|
$Qadmins = $osC_Database->query('select SQL_CALC_FOUND_ROWS * from :table_administrators where (user_name like :user_name) order by user_name');
|
|
87
|
$Qadmins->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
|
|
88
|
$Qadmins->bindValue(':user_name', '%' . $search . '%');
|
|
89
|
|
|
90
|
if ( $pageset !== -1 ) {
|
|
91
|
$Qadmins->setBatchLimit($pageset, MAX_DISPLAY_SEARCH_RESULTS);
|
|
92
|
}
|
|
93
|
|
|
94
|
$Qadmins->execute();
|
|
95
|
|
|
96
|
while ( $Qadmins->next() ) {
|
|
97
|
$result['entries'][] = $Qadmins->toArray();
|
|
98
|
}
|
|
99
|
|
|
100
|
$result['total'] = $Qadmins->getBatchSize();
|
|
101
|
|
|
102
|
$Qadmins->freeResult();
|
|
103
|
|
|
104
|
return $result;
|
|
105
|
}
|
|
106
|
|
|
107
|
public static function save($id = null, $data, $modules = null) {
|
|
108
|
global $osC_Database;
|
|
109
|
|
hpdl
|
1200
|
110
|
$error = false;
|
|
111
|
|
|
112
|
$Qcheck = $osC_Database->query('select id from :table_administrators where user_name = :user_name');
|
|
113
|
|
|
114
|
if ( is_numeric($id) ) {
|
|
115
|
$Qcheck->appendQuery('and id != :id');
|
|
116
|
$Qcheck->bindInt(':id', $id);
|
|
117
|
}
|
|
118
|
|
|
119
|
$Qcheck->appendQuery('limit 1');
|
|
120
|
$Qcheck->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
|
|
121
|
$Qcheck->bindValue(':user_name', $data['username']);
|
|
122
|
$Qcheck->execute();
|
|
123
|
|
|
124
|
if ($Qcheck->numberOfRows() < 1) {
|
|
125
|
$osC_Database->startTransaction();
|
|
126
|
|
|
127
|
if ( is_numeric($id) ) {
|
|
128
|
$Qadmin = $osC_Database->query('update :table_administrators set user_name = :user_name');
|
|
129
|
|
|
130
|
if ( isset($data['password']) && !empty($data['password']) ) {
|
hpdl
|
1391
|
131
|
$Qadmin->appendQuery(', user_password = :user_password');
|
hpdl
|
1200
|
132
|
$Qadmin->bindValue(':user_password', osc_encrypt_string(trim($data['password'])));
|
|
133
|
}
|
|
134
|
|
|
135
|
$Qadmin->appendQuery('where id = :id');
|
|
136
|
$Qadmin->bindInt(':id', $id);
|
|
137
|
} else {
|
|
138
|
$Qadmin = $osC_Database->query('insert into :table_administrators (user_name, user_password) values (:user_name, :user_password)');
|
|
139
|
$Qadmin->bindValue(':user_password', osc_encrypt_string(trim($data['password'])));
|
|
140
|
}
|
|
141
|
|
|
142
|
$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
|
|
143
|
$Qadmin->bindValue(':user_name', $data['username']);
|
hpdl
|
1295
|
144
|
$Qadmin->setLogging($_SESSION['module'], $id);
|
hpdl
|
1200
|
145
|
$Qadmin->execute();
|
|
146
|
|
|
147
|
if ( !$osC_Database->isError() ) {
|
|
148
|
if ( !is_numeric($id) ) {
|
|
149
|
$id = $osC_Database->nextID();
|
|
150
|
}
|
|
151
|
} else {
|
|
152
|
$error = true;
|
|
153
|
}
|
|
154
|
|
|
155
|
if ( $error === false ) {
|
|
156
|
if ( !empty($modules) ) {
|
hpdl
|
1851
|
157
|
if ( in_array('0', $modules) ) {
|
hpdl
|
1200
|
158
|
$modules = array('*');
|
|
159
|
}
|
|
160
|
|
|
161
|
foreach ($modules as $module) {
|
|
162
|
$Qcheck = $osC_Database->query('select administrators_id from :table_administrators_access where administrators_id = :administrators_id and module = :module limit 1');
|
|
163
|
$Qcheck->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
|
|
164
|
$Qcheck->bindInt(':administrators_id', $id);
|
|
165
|
$Qcheck->bindValue(':module', $module);
|
|
166
|
$Qcheck->execute();
|
|
167
|
|
|
168
|
if ( $Qcheck->numberOfRows() < 1 ) {
|
|
169
|
$Qinsert = $osC_Database->query('insert into :table_administrators_access (administrators_id, module) values (:administrators_id, :module)');
|
|
170
|
$Qinsert->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
|
|
171
|
$Qinsert->bindInt(':administrators_id', $id);
|
|
172
|
$Qinsert->bindValue(':module', $module);
|
hpdl
|
1295
|
173
|
$Qinsert->setLogging($_SESSION['module'], $id);
|
hpdl
|
1200
|
174
|
$Qinsert->execute();
|
|
175
|
|
|
176
|
if ( $osC_Database->isError() ) {
|
|
177
|
$error = true;
|
|
178
|
break;
|
|
179
|
}
|
|
180
|
}
|
|
181
|
}
|
|
182
|
}
|
|
183
|
}
|
|
184
|
|
|
185
|
if ( $error === false ) {
|
|
186
|
$Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');
|
|
187
|
|
|
188
|
if ( !empty($modules) ) {
|
|
189
|
$Qdel->appendQuery('and module not in (":module")');
|
|
190
|
$Qdel->bindRaw(':module', implode('", "', $modules));
|
|
191
|
}
|
|
192
|
|
|
193
|
$Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
|
|
194
|
$Qdel->bindInt(':administrators_id', $id);
|
hpdl
|
1295
|
195
|
$Qdel->setLogging($_SESSION['module'], $id);
|
hpdl
|
1200
|
196
|
$Qdel->execute();
|
|
197
|
|
|
198
|
if ( $osC_Database->isError() ) {
|
|
199
|
$error = true;
|
|
200
|
}
|
|
201
|
}
|
|
202
|
|
|
203
|
if ( $error === false ) {
|
|
204
|
$osC_Database->commitTransaction();
|
|
205
|
|
hpdl
|
1446
|
206
|
return 1;
|
hpdl
|
1200
|
207
|
} else {
|
|
208
|
$osC_Database->rollbackTransaction();
|
|
209
|
|
hpdl
|
1446
|
210
|
return -1;
|
hpdl
|
1200
|
211
|
}
|
|
212
|
} else {
|
hpdl
|
1446
|
213
|
return -2;
|
hpdl
|
1200
|
214
|
}
|
|
215
|
}
|
|
216
|
|
hpdl
|
1851
|
217
|
public static function delete($id) {
|
hpdl
|
1200
|
218
|
global $osC_Database;
|
|
219
|
|
|
220
|
$osC_Database->startTransaction();
|
|
221
|
|
|
222
|
$Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');
|
|
223
|
$Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
|
|
224
|
$Qdel->bindInt(':administrators_id', $id);
|
hpdl
|
1295
|
225
|
$Qdel->setLogging($_SESSION['module'], $id);
|
hpdl
|
1200
|
226
|
$Qdel->execute();
|
|
227
|
|
|
228
|
if ( !$osC_Database->isError() ) {
|
|
229
|
$Qdel = $osC_Database->query('delete from :table_administrators where id = :id');
|
|
230
|
$Qdel->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
|
|
231
|
$Qdel->bindInt(':id', $id);
|
hpdl
|
1295
|
232
|
$Qdel->setLogging($_SESSION['module'], $id);
|
hpdl
|
1200
|
233
|
$Qdel->execute();
|
|
234
|
|
|
235
|
if ( !$osC_Database->isError() ) {
|
|
236
|
$osC_Database->commitTransaction();
|
|
237
|
|
|
238
|
return true;
|
|
239
|
}
|
|
240
|
}
|
|
241
|
|
|
242
|
$osC_Database->rollbackTransaction();
|
|
243
|
|
|
244
|
return false;
|
|
245
|
}
|
|
246
|
|
hpdl
|
1851
|
247
|
public static function setAccessLevels($id, $modules, $mode = self::ACCESS_MODE_ADD) {
|
hpdl
|
1200
|
248
|
global $osC_Database;
|
|
249
|
|
|
250
|
$error = false;
|
|
251
|
|
hpdl
|
1851
|
252
|
if ( in_array('0', $modules) ) {
|
hpdl
|
1200
|
253
|
$modules = array('*');
|
|
254
|
}
|
|
255
|
|
|
256
|
$osC_Database->startTransaction();
|
|
257
|
|
hpdl
|
1851
|
258
|
if ( ($mode == self::ACCESS_MODE_ADD) || ($mode == self::ACCESS_MODE_SET) ) {
|
hpdl
|
1200
|
259
|
foreach ($modules as $module) {
|
|
260
|
$execute = true;
|
|
261
|
|
|
262
|
if ( $module != '*' ) {
|
|
263
|
$Qcheck = $osC_Database->query('select administrators_id from :table_administrators_access where administrators_id = :administrators_id and module = :module limit 1');
|
|
264
|
$Qcheck->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
|
|
265
|
$Qcheck->bindInt(':administrators_id', $id);
|
|
266
|
$Qcheck->bindValue(':module', '*');
|
|
267
|
$Qcheck->execute();
|
|
268
|
|
|
269
|
if ( $Qcheck->numberOfRows() === 1 ) {
|
|
270
|
$execute = false;
|
|
271
|
}
|
|
272
|
}
|
|
273
|
|
|
274
|
if ( $execute === true ) {
|
|
275
|
$Qcheck = $osC_Database->query('select administrators_id from :table_administrators_access where administrators_id = :administrators_id and module = :module limit 1');
|
|
276
|
$Qcheck->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
|
|
277
|
$Qcheck->bindInt(':administrators_id', $id);
|
|
278
|
$Qcheck->bindValue(':module', $module);
|
|
279
|
$Qcheck->execute();
|
|
280
|
|
|
281
|
if ( $Qcheck->numberOfRows() < 1 ) {
|
|
282
|
$Qinsert = $osC_Database->query('insert into :table_administrators_access (administrators_id, module) values (:administrators_id, :module)');
|
|
283
|
$Qinsert->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
|
|
284
|
$Qinsert->bindInt(':administrators_id', $id);
|
|
285
|
$Qinsert->bindValue(':module', $module);
|
hpdl
|
1295
|
286
|
$Qinsert->setLogging($_SESSION['module'], $id);
|
hpdl
|
1200
|
287
|
$Qinsert->execute();
|
|
288
|
|
|
289
|
if ( $osC_Database->isError() ) {
|
|
290
|
$error = true;
|
|
291
|
break;
|
|
292
|
}
|
|
293
|
}
|
|
294
|
}
|
|
295
|
}
|
|
296
|
}
|
|
297
|
|
|
298
|
if ( $error === false ) {
|
hpdl
|
1851
|
299
|
if ( ($mode == self::ACCESS_MODE_REMOVE) || ($mode == self::ACCESS_MODE_SET) || in_array('*', $modules) ) {
|
hpdl
|
1200
|
300
|
if ( !empty($modules) ) {
|
|
301
|
$Qdel = $osC_Database->query('delete from :table_administrators_access where administrators_id = :administrators_id');
|
|
302
|
|
hpdl
|
1851
|
303
|
if ( $mode == self::ACCESS_MODE_REMOVE ) {
|
hpdl
|
1200
|
304
|
if ( !in_array('*', $modules) ) {
|
|
305
|
$Qdel->appendQuery('and module in (":module")');
|
|
306
|
$Qdel->bindRaw(':module', implode('", "', $modules));
|
|
307
|
}
|
|
308
|
} else {
|
|
309
|
$Qdel->appendQuery('and module not in (":module")');
|
|
310
|
$Qdel->bindRaw(':module', implode('", "', $modules));
|
|
311
|
}
|
|
312
|
|
|
313
|
$Qdel->bindTable(':table_administrators_access', TABLE_ADMINISTRATORS_ACCESS);
|
|
314
|
$Qdel->bindInt(':administrators_id', $id);
|
hpdl
|
1295
|
315
|
$Qdel->setLogging($_SESSION['module'], $id);
|
hpdl
|
1200
|
316
|
$Qdel->execute();
|
|
317
|
|
|
318
|
if ( $osC_Database->isError() ) {
|
|
319
|
$error = true;
|
|
320
|
break;
|
|
321
|
}
|
|
322
|
}
|
|
323
|
}
|
|
324
|
}
|
|
325
|
|
|
326
|
if ( $error === false ) {
|
|
327
|
$osC_Database->commitTransaction();
|
|
328
|
|
|
329
|
return true;
|
|
330
|
}
|
|
331
|
|
|
332
|
$osC_Database->rollbackTransaction();
|
|
333
|
|
|
334
|
return false;
|
|
335
|
}
|
hpdl
|
1851
|
336
|
|
|
337
|
public static function getAccessModules() {
|
|
338
|
global $osC_Language;
|
|
339
|
|
|
340
|
$osC_DirectoryListing = new osC_DirectoryListing('includes/modules/access');
|
|
341
|
$osC_DirectoryListing->setIncludeDirectories(false);
|
|
342
|
|
|
343
|
$modules = array();
|
|
344
|
|
|
345
|
foreach ( $osC_DirectoryListing->getFiles() as $file ) {
|
|
346
|
$module = substr($file['name'], 0, strrpos($file['name'], '.'));
|
|
347
|
|
|
348
|
if ( !class_exists('osC_Access_' . ucfirst($module)) ) {
|
|
349
|
$osC_Language->loadIniFile('modules/access/' . $file['name']);
|
|
350
|
include($osC_DirectoryListing->getDirectory() . '/' . $file['name']);
|
|
351
|
}
|
|
352
|
|
|
353
|
$module = 'osC_Access_' . ucfirst($module);
|
|
354
|
$module = new $module();
|
|
355
|
|
|
356
|
$modules[osC_Access::getGroupTitle( $module->getGroup() )][] = array('id' => $module->getModule(),
|
|
357
|
'text' => $module->getTitle());
|
|
358
|
}
|
|
359
|
|
|
360
|
ksort($modules);
|
|
361
|
|
|
362
|
return $modules;
|
|
363
|
}
|
hpdl
|
1200
|
364
|
}
|
|
365
|
?>
|
