From 59ce78a0188ff629e722bc83337fa1b513c941d0 Mon Sep 17 00:00:00 2001 From: Carsten Schmitz Date: Mon, 12 Mar 2007 23:05:52 +0000 Subject: [PATCH] Moved the user-management related actions (except for survey right management) to a separate PHP file git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/phpsurveyor@2570 b72ed6b6-b9f8-46b5-92b4-906544132732 --- admin/admin.php | 18 +- admin/html.php | 938 ---------------------------------- admin/userrighthandling.php | 974 ++++++++++++++++++++++++++++++++++++ 3 files changed, 985 insertions(+), 945 deletions(-) create mode 100644 admin/userrighthandling.php diff --git a/admin/admin.php b/admin/admin.php index a61fd2d6e1a..2a7a8c61347 100644 --- a/admin/admin.php +++ b/admin/admin.php @@ -189,17 +189,21 @@ if ($action=="assessments" || $action=="assessmentdelete" || $action=="assessmentedit" || $action=="foo" || $action=="assessmentadd" || $action=="assessmentupdate" || $action=="foo") { include("assessments.php"); } else - if (isset($surveyid) || $action=="listurveys" || $action=="changelang" || $action=="adduser" || - $action=="deluser" || $action=="moduser" || $action=="userrights" || $action=="modifyuser" || - $action=="editusers" || $action=="addusergroup" || $action=="editusergroup" || $action=="mailusergroup" || - $action=="delusergroup" || $action=="usergroupindb" || $action=="mailsendusergroup" || $action=="editusergroupindb" || - $action=="editusergroups" || $action=="deleteuserfromgroup" || $action=="checksettings" || - $action=="editsurvey" || $action=="updatesurvey" || $action=="ordergroups" || $action=="addusertogroup" || + if (isset($surveyid) || $action=="listurveys" || $action=="changelang" || $action=="checksettings" || + $action=="editsurvey" || $action=="updatesurvey" || $action=="ordergroups" || $action=="uploadf" || $action=="newsurvey" || $action=="listsurveys" || $action=="setuserrights" || - $action=="addgroup" || $action=="editgroup" || $action=="surveyrights" ) include("html.php"); + $action=="surveyrights" ) include("html.php"); if ($action=="addquestion" || $action=="copyquestion" || $action=="editquestion" || $action=="orderquestions" || $action=="editattribute" || $action=="delattribute" || $action=="addattribute" ) include ("questionhandling.php"); + + if ($action=="adduser" || $action=="deluser" || $action=="moduser" || + $action=="userrights" || $action=="modifyuser" || $action=="editusers" || + $action=="addusergroup" || $action=="editusergroup" || $action=="mailusergroup" || + $action=="delusergroup" || $action=="usergroupindb" || $action=="mailsendusergroup" || + $action=="editusergroupindb" || $action=="editusergroups" || $action=="deleteuserfromgroup" || + $action=="addgroup" || $action=="editgroup" || $action=="addusertogroup" ) include ("userrighthandling.php"); + // For some output we dont want to have the standard admin menu bar if (!isset($labelsoutput) && !isset($templatesoutput) && !isset($printablesurveyoutput) && diff --git a/admin/html.php b/admin/html.php index 1eb7d325c77..652699588ea 100644 --- a/admin/html.php +++ b/admin/html.php @@ -812,94 +812,6 @@ } } -if (($ugid && !$surveyid) || $action == "editusergroups" || $action == "addusergroup" || $action=="usergroupindb" || $action == "editusergroup" || $action == "mailusergroup") -{ - if($ugid) - { - $grpquery = "SELECT * FROM ".db_table_name('user_groups')." WHERE ugid = $ugid"; - $grpresult = db_execute_assoc($grpquery); - $grow = array_map('htmlspecialchars', $grpresult->FetchRow()); - } - $usergroupsummary = "\n"; - $usergroupsummary .= "\t\n" - . "\t\t\n" - . "\t\n" - . "\n
\n" - . "\t\t\t\n" - . "\t\t\t\t\n"; - } - else - { - $usergroupsummary .= "\n"; - } - - - $usergroupsummary .= "\t\t\t\t\n" - . "\t\t\t\t\t\n" - . "\t\t\t\t\t\n" - . "\t\t\t
" - . "".$clang->gT("User Groups")." "; - if($ugid) - { - $usergroupsummary .= "{$grow['name']}
\n"; - - $usergroupsummary .= "\t\t\t\t\t\n" - . "\t\t\t\t\t\n"; - - if($ugid) - { - $usergroupsummary .= "gT("Mail to all Members", "js")."');return false\"> " . - "\n" ; - } - $usergroupsummary .= "\t\t\t\t\t\n" - . "\t\t\t\t\t\n"; - - if($ugid && $_SESSION['loginID'] == $grow['owner_id']) - { - $usergroupsummary .= "gT("Edit Current User Group", "js")."');return false\">" . - "\n" ; - } - else - { - $usergroupsummary .= "\t\t\t\t\t\n"; - } - - if($ugid && $_SESSION['loginID'] == $grow['owner_id']) - { - $usergroupsummary .= "\t\t\t\t\tgT("Are you sure you want to delete this entry.")."')\"" - . "onmouseout=\"hideTooltip()\"" - . "onmouseover=\"showTooltip(event,'".$clang->gT("Delete Current User Group", "js")."');return false\">" - . ""; - } - else - { - $usergroupsummary .= "\t\t\t\t\t\n"; - } - $usergroupsummary .= "\t\t\t\t\t\n" - . "\t\t\t\t\t\n" - . "\t\t\t\t\t\n" - . "\t\t\t\t\t\n" - . "\t\t\t\t\t\n"; - - if ($_SESSION['loginID'] == 1) - { - $usergroupsummary .= "gT("Add New User Group", "js")."');return false\">" . - "\n"; - } - $usergroupsummary .= "\t\t\t\t\t".$clang->gT("User Groups").": \n" - . "\t\t\t\t
\n" - . "\t\t
\n"; -} if ($gid) // Show the group toolbar { @@ -1478,856 +1390,6 @@ -if ($action == "adduser" || $action=="deluser" || $action == "moduser" || $action == "userrights") -{ - include("usercontrol.php"); -} - -if ($action == "modifyuser") -{ - if($_SESSION['loginID'] == 1 || $_SESSION['loginID'] == $_POST['uid']) - { - $usersummary = "\n\t\n" - . "\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\n"; - $muq = "SELECT a.users_name, a.full_name, a.email, a.uid, b.users_name AS parent FROM ".db_table_name('users')." AS a LEFT JOIN ".db_table_name('users')." AS b ON a.parent_id = b.uid WHERE a.uid='{$_POST['uid']}'"; // added by Dennis - //echo($muq); - - $mur = db_select_limit_assoc($muq, 1); - $usersummary .= "\t"; - while ($mrw = $mur->FetchRow()) - { - $mrw = array_map('htmlspecialchars', $mrw); - $usersummary .= "\t\n" - . "\t\n" - . "\t\t\n" - . "\t\t\n"; // added by Dennis - $usersummary .= "\t\n"; - } - $usersummary .= "\t\n\t\n" - . "
\n" - . "\t\t".$clang->gT("Modifying User")."
".$clang->gT("Username")."".$clang->gT("Email")."".$clang->gT("Full name")."".$clang->gT("Password")."
{$mrw['users_name']}\n" - . "\t\n\t\t\n\t\t\n\t\t
\n" - . "\t\t\n" - . "
\n"; - } - else - { - include("access_denied.php"); - } -} - -if ($action == "setuserrights") -{ - if($_SESSION['loginID'] != $_POST['uid']) - { - $usersummary = "\n\t\n"; - - foreach ($_SESSION['userlist'] as $usr) - { - if ($usr['uid'] == $_POST['uid']) - { - $squery = "SELECT create_survey, configurator, create_user, delete_user, move_user, manage_template, manage_label FROM {$dbprefix}users WHERE uid={$usr['parent_id']}"; // added by Dennis - $sresult = $connect->Execute($squery); - $parent = $sresult->FetchRow(); - - if($parent['create_survey']) { - $usersummary .= "\t\t\n"; - } - if($parent['configurator']) { - $usersummary .= "\t\t\n"; - } - if($parent['create_user']) { - $usersummary .= "\t\t\n"; - } - if($parent['delete_user']) { - $usersummary .= "\t\t\n"; - } - if($parent['move_user']) { - $usersummary .= "\t\t\n"; - } - if($parent['manage_template']) { - $usersummary .= "\t\t\n"; - } - if($parent['manage_label']) { - $usersummary .= "\t\t\n"; - } - - $usersummary .="\t\t\n\t\n" - ."\t" - ."\n"; - //content - if($parent['create_survey']) { - $usersummary .= "\t\t" - ."" - . "
\n" - . "\t\t".$clang->gT("Set User Rights").": ".$_POST['user']."
create surveyconfiguratorcreate userdelete usermove usermanage templatemanage label
" - ."" - ."" - ."
\n"; - continue; - } // if - } // foreach - } // if - else - { - include("access_denied.php"); - } -} // if - -if($action == "setnewparents") -{ - // muss noch eingeschraenkt werden ... - if($_SESSION['USER_RIGHT_MOVE_USER']) - { - $uid = $_POST['uid']; - $newparentid = $_POST['parent']; - $oldparent = -1; - $query = "SELECT parent_id FROM ".db_table_name('users')." WHERE uid = ".$uid; - $result = $connect->Execute($query) or die($connect->ErrorMsg()); - if($srow = $result->FetchRow()) { - $oldparent = $srow['parent_id']; - } - $query = "SELECT create_survey, configurator, create_user, delete_user, move_user, manage_template, manage_label FROM ".db_table_name('users')." WHERE uid = ".$newparentid; - $result = $connect->Execute($query) or die($connect->ErrorMsg()); - $srow = $result->FetchRow(); - $query = "UPDATE ".db_table_name('users')." SET parent_id = ".$newparentid.", create_survey = IF({$srow['create_survey']} = 1, create_survey, {$srow['create_survey']}), configurator = IF({$srow['configurator']} = 1, configurator, {$srow['configurator']}), create_user = IF({$srow['create_user']} = 1, create_user, {$srow['create_user']}), delete_user = IF({$srow['delete_user']} = 1, delete_user, {$srow['delete_user']}), move_user = IF({$srow['move_user']} = 1, move_user, {$srow['move_user']}), manage_template = IF({$srow['manage_template']} = 1, manage_template, {$srow['manage_template']}), manage_label = IF({$srow['manage_label']} = 1, manage_label, {$srow['manage_label']}) WHERE uid = ".$uid; - $connect->Execute($query) or die($connect->ErrorMsg()." ".$query); - $query = "UPDATE ".db_table_name('users')." SET parent_id = ".$oldparent." WHERE parent_id = ".$uid; - $connect->Execute($query) or die($connect->ErrorMsg()." ".$query); - $usersummary = "
".$clang->gT("Setting new Parent")."
" - . "
".$clang->gT("Set Parent successful.")."
" - . "
".$clang->gT("Continue")."
 \n"; - } - else - { - include("access_denied.php"); - } -} - -if ($action == "editusers") -{ - $usersummary = "\n" - . "\t\t\t\t\n" - . "\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\n"; - - $_SESSION['userlist'] = getuserlist(); - $ui = count($_SESSION['userlist']); - $usrhimself = $_SESSION['userlist'][0]; - unset($_SESSION['userlist'][0]); - - // output users - $usersummary .= "\t\n" - . "\t\n" - . "\t\n" - . "\t\t\n" - . "\t\t\n"; - if(isset($usrhimself['parent_id']) && $usrhimself['parent_id']!=0) { - $usersummary .= "\t\t\n"; - } - else - { - $usersummary .= "\t\t\n"; - } - $usersummary .= "\t\t\n" - . "\t\n"; - - // empty row - if(!empty($_SESSION['userlist'])) - $usersummary .= "\t\n\t\n\t"; - - // other users - $row = 0; - //foreach ($_SESSION['userlist'] as $usr) - $usr_arr = $_SESSION['userlist']; - for($i=1; $i<=count($_SESSION['userlist']); $i++) - { - $usr = $usr_arr[$i]; - if(($row % 2) == 0) $usersummary .= "\t\n"; - else $usersummary .= "\t\n"; - - $usersummary .= "\t\n" - . "\t\n" - . "\t\n"; - - // passwords of other users will not be displayed - $usersummary .= "\t\t\n"; - - // Get Parent's User Name - $uquery = "SELECT users_name FROM ".db_table_name('users')." WHERE uid=".$usr['parent_id']; - $uresult = db_execute_assoc($uquery); - $userlist = array(); - $srow = $uresult->FetchRow(); - $usr['parent'] = $srow['users_name']; - - if($_SESSION['USER_RIGHT_MOVE_USER']) - { - $usersummary .= "\t\t\n" - . "\t\n"; - $row++; - } - - if($_SESSION['USER_RIGHT_CREATE_USER']) - { - $usersummary .= "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\n"; - } - -} - -if ($action == "addusergroup") -{ - if ($_SESSION['loginID'] == 1) - { - $usersummary = "
" - . "".$clang->gT("User Control")."
".$clang->gT("Username")."".$clang->gT("Email")."".$clang->gT("Full name")."".$clang->gT("Password")."".$clang->gT("Created by")."
{$usrhimself['user']}{$usrhimself['email']}{$usrhimself['full_name']}********{$_SESSION['userlist'][$usrhimself['parent_id']]['user']}---\n"; - - if ($_SESSION['loginID'] == 1) - { - $usersummary .= "\t\t\t
" - ."" - ."" - ."" - ."
"; - } - // users are allowed to delete all successor users (but the admin not himself) - if ($usrhimself['parent_id'] != 0 && ($_SESSION['USER_RIGHT_DELETE_USER'] == 1 || ($usrhimself['uid'] == $_SESSION['loginID']))) - { - $usersummary .= "\t\t\t
" - ."" - ."" - ."" - ."" - ."
"; - } - - $usersummary .= "\t\t
{$usr['user']}{$usr['email']}{$usr['full_name']}******" - ."
" - .""; - //.""; - if($usr['uid'] != $usrhimself['uid']) - { - //$usersummary .= "
"; - } - if ($_SESSION['loginID'] == 1 || ($_SESSION['USER_RIGHT_CREATE_USER'] == 1 && ($usr['parent_id'] == $_SESSION['loginID']))) - { - $usersummary .= "\t\t\t
" - ."" - ."" - ."" - ."" - ."
"; - } - if ($_SESSION['loginID'] == 1 || $usr['uid'] == $_SESSION['loginID'] || ($_SESSION['USER_RIGHT_CREATE_USER'] == 1 && $usr['parent_id'] == $_SESSION['loginID'])) - { - $usersummary .= "\t\t\t
" - ."" - ."" - ."" - ."
"; - } - $usersummary .= "\t\t
" - . "
\n\t\n" - . "\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\n" - . "\t\t\n" - . "\t
\n" - . "\t\t".$clang->gT("Add User Group")."
".$clang->gT("Name:")." ".$clang->gT("Required")."
".$clang->gT("Description:")."(".$clang->gT("Optional").")
\n" - . "\t\n" - . "\t
\n" - . "\n"; - } -} - -if ($action == "editusergroup") -{ - if ($_SESSION['loginID'] == 1) - { - $query = "SELECT * FROM ".db_table_name('user_groups')." WHERE ugid = ".$_GET['ugid']." AND owner_id = ".$_SESSION['loginID']; - $result = db_select_limit_assoc($query, 1); - $esrow = $result->FetchRow(); - $usersummary = "
" - . "\n\t\n" - . "\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\n" - . "\t\t\n" - . "\t\n" - . "
\n" - . "\t\t".$clang->gT("Edit User Group (Owner: ").$_SESSION['user'].")
".$clang->gT("Name:")."
".$clang->gT("Description:")."(optional)
\n" - . "\t\n" - . "\t\n" - . "\t\n" - . "\t
\n" - . "\t
\n"; - } -} - -if ($action == "mailusergroup") -{ - $query = "SELECT a.ugid, a.name, a.owner_id, b.uid FROM ".db_table_name('user_groups') ." AS a LEFT JOIN ".db_table_name('user_in_groups') ." AS b ON a.ugid = b.ugid WHERE a.ugid = {$ugid} AND uid = {$_SESSION['loginID']} ORDER BY name"; - $result = db_execute_assoc($query); - $crow = $result->FetchRow(); - $eguquery = "SELECT * FROM ".db_table_name("user_in_groups")." AS a INNER JOIN ".db_table_name("users")." AS b ON a.uid = b.uid WHERE ugid = " . $ugid . " AND b.uid != {$_SESSION['loginID']} ORDER BY b.users_name"; - $eguresult = db_execute_assoc($eguquery); - $addressee = ''; - $to = ''; - while ($egurow = $eguresult->FetchRow()) - { - $to .= $egurow['users_name']. ' <'.$egurow['email'].'>'. ', ' ; - $addressee .= $egurow['users_name'].', '; - } - - $to = substr("$to", 0, -2); - $addressee = substr("$addressee", 0, -2); - - $usersummary = "
" - . "\n\t\n" - . "\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\n" - . "\t\t\n" - . "\t\n" - . "
\n" - . "\t\t".$clang->gT("Mail to all Members")."
".$clang->gT("To:")."
".$clang->gT("Send me a copy:")."
".$clang->gT("Subject:")."
".$clang->gT("Message:")."
\n" - . "
" - . "\t\n" - . "\t\n" - . "\t\n" - . "\t
\n" - . "\t
\n"; -} - -if ($action == "delusergroup") -{ - if ($_SESSION['loginID'] == 1) - { - $usersummary = "
".$clang->gT("Deleting User Group")."
\n"; - - if(!empty($_GET['ugid']) && $_GET['ugid'] > -1) - { - $query = "SELECT ugid, name, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = ".$_GET['ugid']." AND owner_id = ".$_SESSION['loginID']; - $result = db_select_limit_assoc($query, 1); - if($result->RecordCount() > 0) - { - $row = $result->FetchRow(); - - $remquery = "DELETE FROM ".db_table_name('user_groups')." WHERE ugid = {$_GET['ugid']} AND owner_id = {$_SESSION['loginID']}"; - if($connect->Execute($remquery)) - { - $usersummary .= "
".$clang->gT("Group Name").": {$row['name']}
\n"; - } - else - { - $usersummary .= "
".$clang->gT("Could not delete user group.")."
\n"; - } - } - else - { - include("access_denied.php"); - } - } - else - { - $usersummary .= "
".$clang->gT("Could not delete user group. No group selected.")."
\n"; - } - $usersummary .= "
".$clang->gT("Continue")."
 \n"; - } -} - -if ($action == "usergroupindb") { - $usersummary = "
".$clang->gT("Adding User Group")."...
\n"; - - $group_name = $_POST['group_name']; - $group_description = $_POST['group_description']; - if(isset($group_name) && strlen($group_name) > 0) - { - $ugid = addUserGroupInDB($group_name, $group_description); - if($ugid > 0) - { - $usersummary .= "
".$clang->gT("Group Name").": {$group_name}
\n"; - - if(isset($group_description) && strlen($group_description) > 0) - { - $usersummary .= $clang->gT("Description: ").$group_description."
\n"; - } - - $usersummary .= "
".$clang->gT("User group successfully added!")."
\n"; - $usersummary .= "
".$clang->gT("Continue")."
 \n"; - } - else - { - $usersummary .= "
".$clang->gT("Failed to add Group!")."
\n" - . $clang->gT("Group already exists!")."
\n" - . "
".$clang->gT("Continue")."
 \n"; - } - } - else - { - $usersummary .= "
".$clang->gT("Failed to add Group!")."
\n" - . $clang->gT("Group name was not supplied!")."
\n" - . "
".$clang->gT("Continue")."
 \n"; - } -} - -if ($action == "mailsendusergroup") -{ - $usersummary = "
".$clang->gT("Mail to all Members")."
\n"; - - // user musst be in user group - $query = "SELECT uid FROM ".db_table_name('user_in_groups') ." WHERE ugid = {$ugid} AND uid = {$_SESSION['loginID']}"; - $result = db_execute_assoc($query); - - if($result->RecordCount() > 0) - { - $from_user = "SELECT email, user FROM ".db_table_name("users")." WHERE uid = " .$_SESSION['loginID']; - $from_user_result = mysql_query($from_user); - $from_user_row = mysql_fetch_array($from_user_result, MYSQL_BOTH); - $from = $from_user_row['user'].' <'.$from_user_row['email'].'> '; - - $ugid = $_POST['ugid']; - $to = $_POST['to']; - $body = $_POST['body']; - $subject = $_POST['subject']; - $addressee = $_POST['addressee']; - - if(isset($_POST['copymail']) && $_POST['copymail'] == 1) - { - $to .= ", " . $from; - } - - $body = str_replace("\n.", "\n..", $body); - $body = wordwrap($body, 70); - - if (mail($to, $subject, $body, "From: $from")) - { - $usersummary = "
".("Message sent successfully!")."
\n" - . "
To: $addressee
\n" - . "
".$clang->gT("Continue")."
 \n"; - } - else - { - $usersummary .= "
".$clang->gT("Mail not sent!")."
\n"; - $usersummary .= "
".$clang->gT("Continue")."
 \n"; - } - } - else - { - include("access_denied.php"); - } -} - -if ($action == "editusergroupindb"){ - - $ugid = $_POST['ugid']; - $name = $_POST['name']; - $description = $_POST['description']; - - if(updateusergroup($name, $description, $ugid)) - { - $usersummary = "
".$clang->gT("Edit User Group Successfully!")."
\n"; - $usersummary .= "
".$clang->gT("Name").": {$name}
\n"; - $usersummary .= $clang->gT("Description: ").$description."
\n"; - $usersummary .= "
".$clang->gT("Continue")."
 \n"; - } - else $usersummary .= "
".$clang->gT("Failed to update!")."
\n" - . "
".$clang->gT("Continue")."
 \n"; -} - -if ($action == "editusergroups" ) -{ - if(isset($_GET['ugid'])) - { - $ugid = $_GET['ugid']; - - $query = "SELECT a.ugid, a.name, a.owner_id, a.description, b.uid FROM ".db_table_name('user_groups') ." AS a LEFT JOIN ".db_table_name('user_in_groups') ." AS b ON a.ugid = b.ugid WHERE a.ugid = {$ugid} AND uid = {$_SESSION['loginID']} ORDER BY name"; - $result = db_execute_assoc($query); - $crow = $result->FetchRow(); - - if($result->RecordCount() > 0) - { - - if(!empty($crow['description'])) - { - $usergroupsummary .= "\n" - . "\t\t\t\t\n" - . "
" - . "".$clang->gT("Description: ")."" - . "{$crow['description']}
"; - } - - - $eguquery = "SELECT * FROM ".db_table_name("user_in_groups")." AS a INNER JOIN ".db_table_name("users")." AS b ON a.uid = b.uid WHERE ugid = " . $ugid . " ORDER BY b.users_name"; - $eguresult = db_execute_assoc($eguquery); - $usergroupsummary .= "\n" - . "\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\n"; - - $query2 = "SELECT ugid FROM ".db_table_name('user_groups')." WHERE ugid = ".$ugid." AND owner_id = ".$_SESSION['loginID']; - $result2 = db_select_limit_assoc($query2, 1); - $row2 = $result2->FetchRow(); - - $row = 1; - $usergroupentries=''; - while ($egurow = $eguresult->FetchRow()) - { - if($egurow['uid'] == $crow['owner_id']) - { - $usergroupowner = "\t\n" - . "\t\n" - . "\t\n" - . "\t\t\n\t\n\t"; $row++;} - if(($row % 2) == 0) $usergroupentries .= "\t\n"; - else $usergroupentries .= "\t\n"; - $usergroupentries .= "\t\n" - . "\t\n" - . "\t\t\n" - . "\t\n"; - $row++; - } - $usergroupsummary .= $usergroupowner; - if (isset($usergroupentries)) {$usergroupsummary .= $usergroupentries;}; - - if(isset($row2['ugid'])) - { - $usergroupsummary .= "\t\t\n" - . "\t\t\n" - . "\t\t\t\n" - . "\t\t\t\t\n" - . "\t\t\t\n" - . "\t\t\n" - . "\t\n"; - } - } - else - { - include("access_denied.php"); - } - } -} - -if($action == "deleteuserfromgroup") { - $ugid = $_POST['ugid']; - $uid = $_POST['uid']; - $usersummary = "
".$clang->gT("Delete User")."
\n"; - - $query = "SELECT ugid, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = ".$ugid." AND ((owner_id = ".$_SESSION['loginID']." AND owner_id != ".$uid.") OR (owner_id != ".$_SESSION['loginID']." AND $uid = ".$_SESSION['loginID']."))"; - $result = db_execute_assoc($query); - if($result->RecordCount() > 0) - { - $remquery = "DELETE FROM ".db_table_name('user_in_groups')." WHERE ugid = {$ugid} AND uid = {$uid}"; - if($connect->Execute($remquery)) - { - $usersummary .= "
".$clang->gT("Username").": {$_POST['user']}
\n"; - } - else - { - $usersummary .= "
".$clang->gT("Could not delete user. User was not supplied.")."
\n"; - } - } - else - { - include("access_denied.php"); - } - if($_SESSION['loginID'] != $_POST['uid']) - { - $usersummary .= "
".$clang->gT("Continue")."
 \n"; - } - else - { - $usersummary .= "
".$clang->gT("Continue")."
 \n"; - } -} - -if ($action == "addgroup") -{ - if($sumrows5['define_questions']) - { - $grplangs = GetAdditionalLanguagesFromSurveyID($surveyid); - $baselang = GetBaseLanguageFromSurveyID($surveyid); - $grplangs[] = $baselang; - $grplangs = array_reverse($grplangs); - - $newgroupoutput = "\n" - . "\n" - . "
".$clang->gT("Username")."".$clang->gT("Email")."".$clang->gT("Action")."
{$egurow['users_name']}{$egurow['email']}\n"; - continue; - } - // output users - - if($row == 1){ $usergroupentries .= "\t
{$egurow['users_name']}{$egurow['email']}\n"; - - // owner and not himself or not owner and himself - if((isset($row2['ugid']) && $_SESSION['loginID'] != $egurow['uid']) || (!isset($row2['ugid']) && $_SESSION['loginID'] == $egurow['uid'])) - { - $usergroupentries .= "\t\t\t
" - ." " - ." " - ." " - ." "; - } - $usergroupentries .= "
" - . "\t\t
" - . "\t\t\t\t\n" - . "\t\t\t\t
" - ."\n" - ."\t" - ."
\n\t\t".$clang->gT("Add Group")."
\n"; - - - $newgroupoutput .="\n\t" - . "\t
\n" - . '
'; - foreach ($grplangs as $grouplang) - { - $newgroupoutput .= '

'.GetLanguageNameFromCode($grouplang); - if ($grouplang==$baselang) {$newgroupoutput .= '('.$clang->gT("Base Language").')';} - $newgroupoutput .= "

" - . "" - . "\t\t\n" - . "\t\t\n" - . "\t\n" - . "\t\t\n" - . "
".$clang->gT("Title").": ".$clang->gT("Required")."
".$clang->gT("Description:")."(".$clang->gT("Optional").")
"; - } - - $newgroupoutput.= "
" - . "\t\n" - . "\t
\n" - . "\t
\n" - . "
".$clang->gT("OR")."
" - . "\n\t\n\t" - . "\t\n" - . "\t\t\n" - . "\t\t\n" - . "\t\n
\n" - . "\t\t".$clang->gT("Import Group")."
".$clang->gT("Select CSV File:")."
\n" - . "\t\n" - . "\t\n" - . "\t
\n"; - - } - else - { - include("access_denied.php"); - } -} - -if ($action == "editgroup") -{ - if ($sumrows5['edit_survey_property']) - { - $grplangs = GetAdditionalLanguagesFromSurveyID($surveyid); - $baselang = GetBaseLanguageFromSurveyID($surveyid); - $grplangs[] = $baselang; - $grplangs = array_flip($grplangs); - - $egquery = "SELECT * FROM ".db_table_name('groups')." WHERE sid=$surveyid AND gid=$gid"; - $egresult = db_execute_assoc($egquery); - while ($esrow = $egresult->FetchRow()) - { - if(!array_key_exists($esrow['language'], $grplangs)) // Language Exists, BUT ITS NOT ON THE SURVEY ANYMORE. - { - $egquery = "DELETE FROM ".db_table_name('groups')." WHERE sid='{$surveyid}' AND gid='{$gid}' AND language='".$esrow['language']."'"; - $egresultD = $connect->Execute($egquery); - } else { - $grplangs[$esrow['language']] = 99; - } - if ($esrow['language'] == $baselang) $basesettings = array('group_name' => $esrow['group_name'],'description' => $esrow['description'],'group_order' => $esrow['group_order']); - - } - - while (list($key,$value) = each($grplangs)) - { - if ($value != 99) - { - //die("INSERT:".$key); - $egquery = "INSERT INTO ".db_table_name('groups')." (gid, sid, group_name, description,group_order,language) VALUES ('{$gid}', '{$surveyid}', '{$basesettings['group_name']}', '{$basesettings['description']}','{$basesettings['group_order']}', '{$key}')"; - $egresult = $connect->Execute($egquery); - } - } - - $egquery = "SELECT * FROM ".db_table_name('groups')." WHERE sid=$surveyid AND gid=$gid"; - $egresult = db_execute_assoc($egquery); - $editgroup ="\n\t
" - . "\t\t".$clang->gT("Edit Group")."
\n" - . '
'; - while ($esrow = $egresult->FetchRow()) - { - $editgroup .= '

'.getLanguageNameFromCode($esrow['language'],false); - if ($esrow['language']==GetBaseLanguageFromSurveyID($surveyid)) {$editgroup .= '('.$clang->gT("Base Language").')';} - $esrow = array_map('htmlspecialchars', $esrow); - $editgroup .= '

'; - $editgroup .= "
\n"; - $editgroup .= "\t
".$clang->gT("Title").":\n" - . "\t\t\n" - . "\t
\n" - . "\t
".$clang->gT("Description:")."\n" - . "\t\t\n" - . "\t
"; // THis empty div class is needed for forcing the tabpage border under the button - } - $editgroup .= '
'; - $editgroup .= "\t

\n" - . "\t\n" - . "\t\n" - . "\t\n" - . "\t\n" - . "\t

\n" - . "\n"; - } - else - { - include("access_denied.php"); - } -} - -if($action == "addusertogroup") -{ - $addsummary = "
".$clang->gT("Adding User to group")."...
\n"; - - $query = "SELECT ugid, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = ".$_GET['ugid']." AND owner_id = ".$_SESSION['loginID']." AND owner_id != ".$_POST['uid']; - $result = db_execute_assoc($query); - if($result->RecordCount() > 0) - { - if($_POST['uid'] > 0) - { - $isrquery = "INSERT INTO {$dbprefix}user_in_groups VALUES(".$_GET['ugid'].",". $_POST['uid'].")"; - $isrresult = $connect->Execute($isrquery); - - if($isrresult) - { - $addsummary .= "
".$clang->gT("User added.")."
\n"; - } - else // ToDo: for this to happen the keys on the table must still be set accordingly - { - // Username already exists. - $addsummary .= "
".$clang->gT("Failed to add User.")."
\n" . " " . $clang->gT("Username already exists.")."
\n"; - } - $addsummary .= "
".$clang->gT("Continue")."
 \n"; - } - else - { - $addsummary .= "
".$clang->gT("Failed to add User.")."
\n" . " " . $clang->gT("No Username selected.")."
\n"; - $addsummary .= "
".$clang->gT("Continue")."
 \n"; - } - } - else - { - include("access_denied.php"); - } -} // ************************************************* // Survey Rights Start **************************** diff --git a/admin/userrighthandling.php b/admin/userrighthandling.php new file mode 100644 index 00000000000..1bd2601e08e --- /dev/null +++ b/admin/userrighthandling.php @@ -0,0 +1,974 @@ +>> PHPSurveyor # +############################################################# +# # +# This set of scripts allows you to develop, publish and # +# perform data-entry on surveys. # +############################################################# +# # +# Copyright (C) 2007 PHPSurveyor community # +# # +# This program is free software; you can redistribute # +# it and/or modify it under the terms of the GNU General # +# Public License Version 2 as published by the Free # +# Software Foundation. # +# # +# # +# This program is distributed in the hope that it will be # +# useful, but WITHOUT ANY WARRANTY; without even the # +# implied warranty of MERCHANTABILITY or FITNESS FOR A # +# PARTICULAR PURPOSE. See the GNU General Public License # +# for more details. # +# # +# You should have received a copy of the GNU General # +# Public License along with this program; if not, write to # +# the Free Software Foundation, Inc., 59 Temple Place - # +# Suite 330, Boston, MA 02111-1307, USA. # +############################################################# +*/ + +//Ensure script is not run directly, avoid path disclosure +if (!isset($dbprefix)) {die ("Cannot run this script directly");} + +if (($ugid && !$surveyid) || $action == "editusergroups" || $action == "addusergroup" || $action=="usergroupindb" || $action == "editusergroup" || $action == "mailusergroup") +{ + if($ugid) + { + $grpquery = "SELECT * FROM ".db_table_name('user_groups')." WHERE ugid = $ugid"; + $grpresult = db_execute_assoc($grpquery); + $grow = array_map('htmlspecialchars', $grpresult->FetchRow()); + } + $usergroupsummary = "\n"; + $usergroupsummary .= "\t\n" + . "\t\t\n" + . "\t\n" + . "\n
\n" + . "\t\t\t\n" + . "\t\t\t\t\n"; + } + else + { + $usergroupsummary .= "\n"; + } + + + $usergroupsummary .= "\t\t\t\t\n" + . "\t\t\t\t\t\n" + . "\t\t\t\t\t\n" + . "\t\t\t
" + . "".$clang->gT("User Groups")." "; + if($ugid) + { + $usergroupsummary .= "{$grow['name']}
\n"; + + $usergroupsummary .= "\t\t\t\t\t\n" + . "\t\t\t\t\t\n"; + + if($ugid) + { + $usergroupsummary .= "gT("Mail to all Members", "js")."');return false\"> " . + "\n" ; + } + $usergroupsummary .= "\t\t\t\t\t\n" + . "\t\t\t\t\t\n"; + + if($ugid && $_SESSION['loginID'] == $grow['owner_id']) + { + $usergroupsummary .= "gT("Edit Current User Group", "js")."');return false\">" . + "\n" ; + } + else + { + $usergroupsummary .= "\t\t\t\t\t\n"; + } + + if($ugid && $_SESSION['loginID'] == $grow['owner_id']) + { + $usergroupsummary .= "\t\t\t\t\tgT("Are you sure you want to delete this entry.")."')\"" + . "onmouseout=\"hideTooltip()\"" + . "onmouseover=\"showTooltip(event,'".$clang->gT("Delete Current User Group", "js")."');return false\">" + . ""; + } + else + { + $usergroupsummary .= "\t\t\t\t\t\n"; + } + $usergroupsummary .= "\t\t\t\t\t\n" + . "\t\t\t\t\t\n" + . "\t\t\t\t\t\n" + . "\t\t\t\t\t\n" + . "\t\t\t\t\t\n"; + + if ($_SESSION['loginID'] == 1) + { + $usergroupsummary .= "gT("Add New User Group", "js")."');return false\">" . + "\n"; + } + $usergroupsummary .= "\t\t\t\t\t".$clang->gT("User Groups").": \n" + . "\t\t\t\t
\n" + . "\t\t
\n"; +} + + +if ($action == "adduser" || $action=="deluser" || $action == "moduser" || $action == "userrights") +{ + include("usercontrol.php"); +} + +if ($action == "modifyuser") +{ + if($_SESSION['loginID'] == 1 || $_SESSION['loginID'] == $_POST['uid']) + { + $usersummary = "\n\t\n" + . "\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\n"; + $muq = "SELECT a.users_name, a.full_name, a.email, a.uid, b.users_name AS parent FROM ".db_table_name('users')." AS a LEFT JOIN ".db_table_name('users')." AS b ON a.parent_id = b.uid WHERE a.uid='{$_POST['uid']}'"; // added by Dennis + //echo($muq); + + $mur = db_select_limit_assoc($muq, 1); + $usersummary .= "\t"; + while ($mrw = $mur->FetchRow()) + { + $mrw = array_map('htmlspecialchars', $mrw); + $usersummary .= "\t\n" + . "\t\n" + . "\t\t\n" + . "\t\t\n"; // added by Dennis + $usersummary .= "\t\n"; + } + $usersummary .= "\t\n\t\n" + . "
\n" + . "\t\t".$clang->gT("Modifying User")."
".$clang->gT("Username")."".$clang->gT("Email")."".$clang->gT("Full name")."".$clang->gT("Password")."
{$mrw['users_name']}\n" + . "\t\n\t\t\n\t\t\n\t\t
\n" + . "\t\t\n" + . "
\n"; + } + else + { + include("access_denied.php"); + } +} + +if ($action == "setuserrights") +{ + if($_SESSION['loginID'] != $_POST['uid']) + { + $usersummary = "\n\t\n"; + + foreach ($_SESSION['userlist'] as $usr) + { + if ($usr['uid'] == $_POST['uid']) + { + $squery = "SELECT create_survey, configurator, create_user, delete_user, move_user, manage_template, manage_label FROM {$dbprefix}users WHERE uid={$usr['parent_id']}"; // added by Dennis + $sresult = $connect->Execute($squery); + $parent = $sresult->FetchRow(); + + if($parent['create_survey']) { + $usersummary .= "\t\t\n"; + } + if($parent['configurator']) { + $usersummary .= "\t\t\n"; + } + if($parent['create_user']) { + $usersummary .= "\t\t\n"; + } + if($parent['delete_user']) { + $usersummary .= "\t\t\n"; + } + if($parent['move_user']) { + $usersummary .= "\t\t\n"; + } + if($parent['manage_template']) { + $usersummary .= "\t\t\n"; + } + if($parent['manage_label']) { + $usersummary .= "\t\t\n"; + } + + $usersummary .="\t\t\n\t\n" + ."\t" + ."\n"; + //content + if($parent['create_survey']) { + $usersummary .= "\t\t" + ."" + . "
\n" + . "\t\t".$clang->gT("Set User Rights").": ".$_POST['user']."
create surveyconfiguratorcreate userdelete usermove usermanage templatemanage label
" + ."" + ."" + ."
\n"; + continue; + } // if + } // foreach + } // if + else + { + include("access_denied.php"); + } +} // if + +if($action == "setnewparents") +{ + // muss noch eingeschraenkt werden ... + if($_SESSION['USER_RIGHT_MOVE_USER']) + { + $uid = $_POST['uid']; + $newparentid = $_POST['parent']; + $oldparent = -1; + $query = "SELECT parent_id FROM ".db_table_name('users')." WHERE uid = ".$uid; + $result = $connect->Execute($query) or die($connect->ErrorMsg()); + if($srow = $result->FetchRow()) { + $oldparent = $srow['parent_id']; + } + $query = "SELECT create_survey, configurator, create_user, delete_user, move_user, manage_template, manage_label FROM ".db_table_name('users')." WHERE uid = ".$newparentid; + $result = $connect->Execute($query) or die($connect->ErrorMsg()); + $srow = $result->FetchRow(); + $query = "UPDATE ".db_table_name('users')." SET parent_id = ".$newparentid.", create_survey = IF({$srow['create_survey']} = 1, create_survey, {$srow['create_survey']}), configurator = IF({$srow['configurator']} = 1, configurator, {$srow['configurator']}), create_user = IF({$srow['create_user']} = 1, create_user, {$srow['create_user']}), delete_user = IF({$srow['delete_user']} = 1, delete_user, {$srow['delete_user']}), move_user = IF({$srow['move_user']} = 1, move_user, {$srow['move_user']}), manage_template = IF({$srow['manage_template']} = 1, manage_template, {$srow['manage_template']}), manage_label = IF({$srow['manage_label']} = 1, manage_label, {$srow['manage_label']}) WHERE uid = ".$uid; + $connect->Execute($query) or die($connect->ErrorMsg()." ".$query); + $query = "UPDATE ".db_table_name('users')." SET parent_id = ".$oldparent." WHERE parent_id = ".$uid; + $connect->Execute($query) or die($connect->ErrorMsg()." ".$query); + $usersummary = "
".$clang->gT("Setting new Parent")."
" + . "
".$clang->gT("Set Parent successful.")."
" + . "
".$clang->gT("Continue")."
 \n"; + } + else + { + include("access_denied.php"); + } +} + +if ($action == "editusers") +{ + $usersummary = "\n" + . "\t\t\t\t\n" + . "\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\n"; + + $_SESSION['userlist'] = getuserlist(); + $ui = count($_SESSION['userlist']); + $usrhimself = $_SESSION['userlist'][0]; + unset($_SESSION['userlist'][0]); + + // output users + $usersummary .= "\t\n" + . "\t\n" + . "\t\n" + . "\t\t\n" + . "\t\t\n"; + if(isset($usrhimself['parent_id']) && $usrhimself['parent_id']!=0) { + $usersummary .= "\t\t\n"; + } + else + { + $usersummary .= "\t\t\n"; + } + $usersummary .= "\t\t\n" + . "\t\n"; + + // empty row + if(!empty($_SESSION['userlist'])) + $usersummary .= "\t\n\t\n\t"; + + // other users + $row = 0; + //foreach ($_SESSION['userlist'] as $usr) + $usr_arr = $_SESSION['userlist']; + for($i=1; $i<=count($_SESSION['userlist']); $i++) + { + $usr = $usr_arr[$i]; + if(($row % 2) == 0) $usersummary .= "\t\n"; + else $usersummary .= "\t\n"; + + $usersummary .= "\t\n" + . "\t\n" + . "\t\n"; + + // passwords of other users will not be displayed + $usersummary .= "\t\t\n"; + + // Get Parent's User Name + $uquery = "SELECT users_name FROM ".db_table_name('users')." WHERE uid=".$usr['parent_id']; + $uresult = db_execute_assoc($uquery); + $userlist = array(); + $srow = $uresult->FetchRow(); + $usr['parent'] = $srow['users_name']; + + if($_SESSION['USER_RIGHT_MOVE_USER']) + { + $usersummary .= "\t\t\n" + . "\t\n"; + $row++; + } + + if($_SESSION['USER_RIGHT_CREATE_USER']) + { + $usersummary .= "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\n"; + } + +} + +if ($action == "addusergroup") +{ + if ($_SESSION['loginID'] == 1) + { + $usersummary = "
" + . "".$clang->gT("User Control")."
".$clang->gT("Username")."".$clang->gT("Email")."".$clang->gT("Full name")."".$clang->gT("Password")."".$clang->gT("Created by")."
{$usrhimself['user']}{$usrhimself['email']}{$usrhimself['full_name']}********{$_SESSION['userlist'][$usrhimself['parent_id']]['user']}---\n"; + + if ($_SESSION['loginID'] == 1) + { + $usersummary .= "\t\t\t
" + ."" + ."" + ."" + ."
"; + } + // users are allowed to delete all successor users (but the admin not himself) + if ($usrhimself['parent_id'] != 0 && ($_SESSION['USER_RIGHT_DELETE_USER'] == 1 || ($usrhimself['uid'] == $_SESSION['loginID']))) + { + $usersummary .= "\t\t\t
" + ."" + ."" + ."" + ."" + ."
"; + } + + $usersummary .= "\t\t
{$usr['user']}{$usr['email']}{$usr['full_name']}******" + ."
" + .""; + //.""; + if($usr['uid'] != $usrhimself['uid']) + { + //$usersummary .= "
"; + } + if ($_SESSION['loginID'] == 1 || ($_SESSION['USER_RIGHT_CREATE_USER'] == 1 && ($usr['parent_id'] == $_SESSION['loginID']))) + { + $usersummary .= "\t\t\t
" + ."" + ."" + ."" + ."" + ."
"; + } + if ($_SESSION['loginID'] == 1 || $usr['uid'] == $_SESSION['loginID'] || ($_SESSION['USER_RIGHT_CREATE_USER'] == 1 && $usr['parent_id'] == $_SESSION['loginID'])) + { + $usersummary .= "\t\t\t
" + ."" + ."" + ."" + ."
"; + } + $usersummary .= "\t\t
" + . "
\n\t\n" + . "\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\n" + . "\t\t\n" + . "\t
\n" + . "\t\t".$clang->gT("Add User Group")."
".$clang->gT("Name:")." ".$clang->gT("Required")."
".$clang->gT("Description:")."(".$clang->gT("Optional").")
\n" + . "\t\n" + . "\t
\n" + . "\n"; + } +} + +if ($action == "editusergroup") +{ + if ($_SESSION['loginID'] == 1) + { + $query = "SELECT * FROM ".db_table_name('user_groups')." WHERE ugid = ".$_GET['ugid']." AND owner_id = ".$_SESSION['loginID']; + $result = db_select_limit_assoc($query, 1); + $esrow = $result->FetchRow(); + $usersummary = "
" + . "\n\t\n" + . "\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\n" + . "\t\t\n" + . "\t\n" + . "
\n" + . "\t\t".$clang->gT("Edit User Group (Owner: ").$_SESSION['user'].")
".$clang->gT("Name:")."
".$clang->gT("Description:")."(optional)
\n" + . "\t\n" + . "\t\n" + . "\t\n" + . "\t
\n" + . "\t
\n"; + } +} + +if ($action == "mailusergroup") +{ + $query = "SELECT a.ugid, a.name, a.owner_id, b.uid FROM ".db_table_name('user_groups') ." AS a LEFT JOIN ".db_table_name('user_in_groups') ." AS b ON a.ugid = b.ugid WHERE a.ugid = {$ugid} AND uid = {$_SESSION['loginID']} ORDER BY name"; + $result = db_execute_assoc($query); + $crow = $result->FetchRow(); + $eguquery = "SELECT * FROM ".db_table_name("user_in_groups")." AS a INNER JOIN ".db_table_name("users")." AS b ON a.uid = b.uid WHERE ugid = " . $ugid . " AND b.uid != {$_SESSION['loginID']} ORDER BY b.users_name"; + $eguresult = db_execute_assoc($eguquery); + $addressee = ''; + $to = ''; + while ($egurow = $eguresult->FetchRow()) + { + $to .= $egurow['users_name']. ' <'.$egurow['email'].'>'. ', ' ; + $addressee .= $egurow['users_name'].', '; + } + + $to = substr("$to", 0, -2); + $addressee = substr("$addressee", 0, -2); + + $usersummary = "
" + . "\n\t\n" + . "\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\n" + . "\t\t\n" + . "\t\n" + . "
\n" + . "\t\t".$clang->gT("Mail to all Members")."
".$clang->gT("To:")."
".$clang->gT("Send me a copy:")."
".$clang->gT("Subject:")."
".$clang->gT("Message:")."
\n" + . "
" + . "\t\n" + . "\t\n" + . "\t\n" + . "\t
\n" + . "\t
\n"; +} + +if ($action == "delusergroup") +{ + if ($_SESSION['loginID'] == 1) + { + $usersummary = "
".$clang->gT("Deleting User Group")."
\n"; + + if(!empty($_GET['ugid']) && $_GET['ugid'] > -1) + { + $query = "SELECT ugid, name, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = ".$_GET['ugid']." AND owner_id = ".$_SESSION['loginID']; + $result = db_select_limit_assoc($query, 1); + if($result->RecordCount() > 0) + { + $row = $result->FetchRow(); + + $remquery = "DELETE FROM ".db_table_name('user_groups')." WHERE ugid = {$_GET['ugid']} AND owner_id = {$_SESSION['loginID']}"; + if($connect->Execute($remquery)) + { + $usersummary .= "
".$clang->gT("Group Name").": {$row['name']}
\n"; + } + else + { + $usersummary .= "
".$clang->gT("Could not delete user group.")."
\n"; + } + } + else + { + include("access_denied.php"); + } + } + else + { + $usersummary .= "
".$clang->gT("Could not delete user group. No group selected.")."
\n"; + } + $usersummary .= "
".$clang->gT("Continue")."
 \n"; + } +} + +if ($action == "usergroupindb") { + $usersummary = "
".$clang->gT("Adding User Group")."...
\n"; + + $group_name = $_POST['group_name']; + $group_description = $_POST['group_description']; + if(isset($group_name) && strlen($group_name) > 0) + { + $ugid = addUserGroupInDB($group_name, $group_description); + if($ugid > 0) + { + $usersummary .= "
".$clang->gT("Group Name").": {$group_name}
\n"; + + if(isset($group_description) && strlen($group_description) > 0) + { + $usersummary .= $clang->gT("Description: ").$group_description."
\n"; + } + + $usersummary .= "
".$clang->gT("User group successfully added!")."
\n"; + $usersummary .= "
".$clang->gT("Continue")."
 \n"; + } + else + { + $usersummary .= "
".$clang->gT("Failed to add Group!")."
\n" + . $clang->gT("Group already exists!")."
\n" + . "
".$clang->gT("Continue")."
 \n"; + } + } + else + { + $usersummary .= "
".$clang->gT("Failed to add Group!")."
\n" + . $clang->gT("Group name was not supplied!")."
\n" + . "
".$clang->gT("Continue")."
 \n"; + } +} + +if ($action == "mailsendusergroup") +{ + $usersummary = "
".$clang->gT("Mail to all Members")."
\n"; + + // user musst be in user group + $query = "SELECT uid FROM ".db_table_name('user_in_groups') ." WHERE ugid = {$ugid} AND uid = {$_SESSION['loginID']}"; + $result = db_execute_assoc($query); + + if($result->RecordCount() > 0) + { + $from_user = "SELECT email, user FROM ".db_table_name("users")." WHERE uid = " .$_SESSION['loginID']; + $from_user_result = mysql_query($from_user); + $from_user_row = mysql_fetch_array($from_user_result, MYSQL_BOTH); + $from = $from_user_row['user'].' <'.$from_user_row['email'].'> '; + + $ugid = $_POST['ugid']; + $to = $_POST['to']; + $body = $_POST['body']; + $subject = $_POST['subject']; + $addressee = $_POST['addressee']; + + if(isset($_POST['copymail']) && $_POST['copymail'] == 1) + { + $to .= ", " . $from; + } + + $body = str_replace("\n.", "\n..", $body); + $body = wordwrap($body, 70); + + if (mail($to, $subject, $body, "From: $from")) + { + $usersummary = "
".("Message sent successfully!")."
\n" + . "
To: $addressee
\n" + . "
".$clang->gT("Continue")."
 \n"; + } + else + { + $usersummary .= "
".$clang->gT("Mail not sent!")."
\n"; + $usersummary .= "
".$clang->gT("Continue")."
 \n"; + } + } + else + { + include("access_denied.php"); + } +} + +if ($action == "editusergroupindb"){ + + $ugid = $_POST['ugid']; + $name = $_POST['name']; + $description = $_POST['description']; + + if(updateusergroup($name, $description, $ugid)) + { + $usersummary = "
".$clang->gT("Edit User Group Successfully!")."
\n"; + $usersummary .= "
".$clang->gT("Name").": {$name}
\n"; + $usersummary .= $clang->gT("Description: ").$description."
\n"; + $usersummary .= "
".$clang->gT("Continue")."
 \n"; + } + else $usersummary .= "
".$clang->gT("Failed to update!")."
\n" + . "
".$clang->gT("Continue")."
 \n"; +} + +if ($action == "editusergroups" ) +{ + if(isset($_GET['ugid'])) + { + $ugid = $_GET['ugid']; + + $query = "SELECT a.ugid, a.name, a.owner_id, a.description, b.uid FROM ".db_table_name('user_groups') ." AS a LEFT JOIN ".db_table_name('user_in_groups') ." AS b ON a.ugid = b.ugid WHERE a.ugid = {$ugid} AND uid = {$_SESSION['loginID']} ORDER BY name"; + $result = db_execute_assoc($query); + $crow = $result->FetchRow(); + + if($result->RecordCount() > 0) + { + + if(!empty($crow['description'])) + { + $usergroupsummary .= "\n" + . "\t\t\t\t\n" + . "
" + . "".$clang->gT("Description: ")."" + . "{$crow['description']}
"; + } + + + $eguquery = "SELECT * FROM ".db_table_name("user_in_groups")." AS a INNER JOIN ".db_table_name("users")." AS b ON a.uid = b.uid WHERE ugid = " . $ugid . " ORDER BY b.users_name"; + $eguresult = db_execute_assoc($eguquery); + $usergroupsummary .= "\n" + . "\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\n"; + + $query2 = "SELECT ugid FROM ".db_table_name('user_groups')." WHERE ugid = ".$ugid." AND owner_id = ".$_SESSION['loginID']; + $result2 = db_select_limit_assoc($query2, 1); + $row2 = $result2->FetchRow(); + + $row = 1; + $usergroupentries=''; + while ($egurow = $eguresult->FetchRow()) + { + if($egurow['uid'] == $crow['owner_id']) + { + $usergroupowner = "\t\n" + . "\t\n" + . "\t\n" + . "\t\t\n\t\n\t"; $row++;} + if(($row % 2) == 0) $usergroupentries .= "\t\n"; + else $usergroupentries .= "\t\n"; + $usergroupentries .= "\t\n" + . "\t\n" + . "\t\t\n" + . "\t\n"; + $row++; + } + $usergroupsummary .= $usergroupowner; + if (isset($usergroupentries)) {$usergroupsummary .= $usergroupentries;}; + + if(isset($row2['ugid'])) + { + $usergroupsummary .= "\t\t\n" + . "\t\t\n" + . "\t\t\t\n" + . "\t\t\t\t\n" + . "\t\t\t\n" + . "\t\t\n" + . "\t\n"; + } + } + else + { + include("access_denied.php"); + } + } +} + +if($action == "deleteuserfromgroup") { + $ugid = $_POST['ugid']; + $uid = $_POST['uid']; + $usersummary = "
".$clang->gT("Delete User")."
\n"; + + $query = "SELECT ugid, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = ".$ugid." AND ((owner_id = ".$_SESSION['loginID']." AND owner_id != ".$uid.") OR (owner_id != ".$_SESSION['loginID']." AND $uid = ".$_SESSION['loginID']."))"; + $result = db_execute_assoc($query); + if($result->RecordCount() > 0) + { + $remquery = "DELETE FROM ".db_table_name('user_in_groups')." WHERE ugid = {$ugid} AND uid = {$uid}"; + if($connect->Execute($remquery)) + { + $usersummary .= "
".$clang->gT("Username").": {$_POST['user']}
\n"; + } + else + { + $usersummary .= "
".$clang->gT("Could not delete user. User was not supplied.")."
\n"; + } + } + else + { + include("access_denied.php"); + } + if($_SESSION['loginID'] != $_POST['uid']) + { + $usersummary .= "
".$clang->gT("Continue")."
 \n"; + } + else + { + $usersummary .= "
".$clang->gT("Continue")."
 \n"; + } +} + +if ($action == "addgroup") +{ + if($sumrows5['define_questions']) + { + $grplangs = GetAdditionalLanguagesFromSurveyID($surveyid); + $baselang = GetBaseLanguageFromSurveyID($surveyid); + $grplangs[] = $baselang; + $grplangs = array_reverse($grplangs); + + $newgroupoutput = "\n" + . "\n" + . "
".$clang->gT("Username")."".$clang->gT("Email")."".$clang->gT("Action")."
{$egurow['users_name']}{$egurow['email']}\n"; + continue; + } + // output users + + if($row == 1){ $usergroupentries .= "\t
{$egurow['users_name']}{$egurow['email']}\n"; + + // owner and not himself or not owner and himself + if((isset($row2['ugid']) && $_SESSION['loginID'] != $egurow['uid']) || (!isset($row2['ugid']) && $_SESSION['loginID'] == $egurow['uid'])) + { + $usergroupentries .= "\t\t\t
" + ." " + ." " + ." " + ." "; + } + $usergroupentries .= "
" + . "\t\t
" + . "\t\t\t\t\n" + . "\t\t\t\t
" + ."\n" + ."\t" + ."
\n\t\t".$clang->gT("Add Group")."
\n"; + + + $newgroupoutput .="\n\t" + . "\t
\n" + . '
'; + foreach ($grplangs as $grouplang) + { + $newgroupoutput .= '

'.GetLanguageNameFromCode($grouplang); + if ($grouplang==$baselang) {$newgroupoutput .= '('.$clang->gT("Base Language").')';} + $newgroupoutput .= "

" + . "" + . "\t\t\n" + . "\t\t\n" + . "\t\n" + . "\t\t\n" + . "
".$clang->gT("Title").": ".$clang->gT("Required")."
".$clang->gT("Description:")."(".$clang->gT("Optional").")
"; + } + + $newgroupoutput.= "
" + . "\t\n" + . "\t
\n" + . "\t
\n" + . "
".$clang->gT("OR")."
" + . "\n\t\n\t" + . "\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\n
\n" + . "\t\t".$clang->gT("Import Group")."
".$clang->gT("Select CSV File:")."
\n" + . "\t\n" + . "\t\n" + . "\t
\n"; + + } + else + { + include("access_denied.php"); + } +} + +if ($action == "editgroup") +{ + if ($sumrows5['edit_survey_property']) + { + $grplangs = GetAdditionalLanguagesFromSurveyID($surveyid); + $baselang = GetBaseLanguageFromSurveyID($surveyid); + $grplangs[] = $baselang; + $grplangs = array_flip($grplangs); + + $egquery = "SELECT * FROM ".db_table_name('groups')." WHERE sid=$surveyid AND gid=$gid"; + $egresult = db_execute_assoc($egquery); + while ($esrow = $egresult->FetchRow()) + { + if(!array_key_exists($esrow['language'], $grplangs)) // Language Exists, BUT ITS NOT ON THE SURVEY ANYMORE. + { + $egquery = "DELETE FROM ".db_table_name('groups')." WHERE sid='{$surveyid}' AND gid='{$gid}' AND language='".$esrow['language']."'"; + $egresultD = $connect->Execute($egquery); + } else { + $grplangs[$esrow['language']] = 99; + } + if ($esrow['language'] == $baselang) $basesettings = array('group_name' => $esrow['group_name'],'description' => $esrow['description'],'group_order' => $esrow['group_order']); + + } + + while (list($key,$value) = each($grplangs)) + { + if ($value != 99) + { + //die("INSERT:".$key); + $egquery = "INSERT INTO ".db_table_name('groups')." (gid, sid, group_name, description,group_order,language) VALUES ('{$gid}', '{$surveyid}', '{$basesettings['group_name']}', '{$basesettings['description']}','{$basesettings['group_order']}', '{$key}')"; + $egresult = $connect->Execute($egquery); + } + } + + $egquery = "SELECT * FROM ".db_table_name('groups')." WHERE sid=$surveyid AND gid=$gid"; + $egresult = db_execute_assoc($egquery); + $editgroup ="\n\t
" + . "\t\t".$clang->gT("Edit Group")."
\n" + . '
'; + while ($esrow = $egresult->FetchRow()) + { + $editgroup .= '

'.getLanguageNameFromCode($esrow['language'],false); + if ($esrow['language']==GetBaseLanguageFromSurveyID($surveyid)) {$editgroup .= '('.$clang->gT("Base Language").')';} + $esrow = array_map('htmlspecialchars', $esrow); + $editgroup .= '

'; + $editgroup .= "
\n"; + $editgroup .= "\t
".$clang->gT("Title").":\n" + . "\t\t\n" + . "\t
\n" + . "\t
".$clang->gT("Description:")."\n" + . "\t\t\n" + . "\t
"; // THis empty div class is needed for forcing the tabpage border under the button + } + $editgroup .= '
'; + $editgroup .= "\t

\n" + . "\t\n" + . "\t\n" + . "\t\n" + . "\t\n" + . "\t

\n" + . "\n"; + } + else + { + include("access_denied.php"); + } +} + +if($action == "addusertogroup") +{ + $addsummary = "
".$clang->gT("Adding User to group")."...
\n"; + + $query = "SELECT ugid, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = ".$_GET['ugid']." AND owner_id = ".$_SESSION['loginID']." AND owner_id != ".$_POST['uid']; + $result = db_execute_assoc($query); + if($result->RecordCount() > 0) + { + if($_POST['uid'] > 0) + { + $isrquery = "INSERT INTO {$dbprefix}user_in_groups VALUES(".$_GET['ugid'].",". $_POST['uid'].")"; + $isrresult = $connect->Execute($isrquery); + + if($isrresult) + { + $addsummary .= "
".$clang->gT("User added.")."
\n"; + } + else // ToDo: for this to happen the keys on the table must still be set accordingly + { + // Username already exists. + $addsummary .= "
".$clang->gT("Failed to add User.")."
\n" . " " . $clang->gT("Username already exists.")."
\n"; + } + $addsummary .= "
".$clang->gT("Continue")."
 \n"; + } + else + { + $addsummary .= "
".$clang->gT("Failed to add User.")."
\n" . " " . $clang->gT("No Username selected.")."
\n"; + $addsummary .= "
".$clang->gT("Continue")."
 \n"; + } + } + else + { + include("access_denied.php"); + } +}