From 5becdcf4059e18a69b9efc43be741733a9b5754e Mon Sep 17 00:00:00 2001 From: Dennis Date: Mon, 4 Sep 2006 21:25:43 +0000 Subject: [PATCH] new interface for survey rights modified database git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/phpsurveyor@2053 b72ed6b6-b9f8-46b5-92b4-906544132732 --- admin/access_denied.php | 9 +- admin/database.php | 2 +- admin/html.php | 270 ++++++++++++++++++++++++++++---- admin/install/create-mysql.sql | 4 +- admin/install/upgrade-mysql.php | 1 - admin/usercontrol.php | 14 +- common.php | 58 +++++-- images/survey_security.png | Bin 0 -> 1185 bytes 8 files changed, 299 insertions(+), 59 deletions(-) create mode 100644 images/survey_security.png diff --git a/admin/access_denied.php b/admin/access_denied.php index 72ea1f3fce3..65ee7e825b0 100644 --- a/admin/access_denied.php +++ b/admin/access_denied.php @@ -129,7 +129,14 @@ $accesssummary .= ""._("Continue")."
 \n"; }*/ - + else + { + $accesssummary .= "
"._("You are not allowed to perform this operation!")."
\n"; + if($sid) + $accesssummary .= "

"._("Continue")."
 \n"; + else + $accesssummary .= "

"._("Continue")."
 \n"; + } } ?> \ No newline at end of file diff --git a/admin/database.php b/admin/database.php index ec1aaf97b1f..7474cc766e6 100644 --- a/admin/database.php +++ b/admin/database.php @@ -692,7 +692,7 @@ function get_max_order($gid) . "'{$_POST['email_confirm']}', \n" . "'{$_POST['allowsave']}', '{$_POST['autoredirect']}', '{$_POST['allowprev']}','".date("Y-m-d")."')"; $isresult = $connect->Execute($isquery); - $isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES($surveyid,". $_SESSION['loginID'].",1,1,1,1,1,1,1)"; //ADDED by Moses inserts survey rights for creator + $isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES($surveyid,". $_SESSION['loginID'].",1,1,1,1,1,1)"; //ADDED by Moses inserts survey rights for creator $isrresult = $connect->Execute($isrquery) or die ($isrquery."
".$connect->ErrorMsg()); //ADDED by Moses if ($isresult) { diff --git a/admin/html.php b/admin/html.php index 400e8b22f5f..2d04d7d526a 100644 --- a/admin/html.php +++ b/admin/html.php @@ -369,7 +369,7 @@ $surveysummary .= "\t\t\t\t\t" . - ""._("Survey Security Settings").""; } $surveysummary .= "\t\t\t\t\t\n" @@ -502,7 +502,7 @@ . "\t\n"; //SURVEY SUMMARY - if ($gid || $qid || $action=="surveysecurity" || $action=="editsurvey" || $action=="addgroup" || $action=="ordergroups") {$showstyle="style='display: none'";} + if ($gid || $qid || $action=="surveysecurity" || $action=="surveyrights" || $action=="addsurveysecurity" || $action=="setsurveysecurity" || $action=="delsurveysecurity" || $action=="editsurvey" || $action=="addgroup" || $action=="ordergroups") {$showstyle="style='display: none'";} if (!isset($showstyle)) {$showstyle="";} $surveysummary .= "\t" . "$setfont"._("Title:")."\n" @@ -1036,18 +1036,18 @@ } // check data for login -if(($_POST['user'] && $_POST['password']) || ($action == "forgotpass")) // added by Dennis +if(isset($_POST['user']) && isset($_POST['password']) || ($action == "forgotpass")) // added by Dennis { include("usercontrol.php"); } // login form -if(!isset($_SESSION['loginID']) && $action != forgotpass) // added by Dennis +if(!isset($_SESSION['loginID']) && $action != "forgotpass") // added by Dennis { - if($action == forgotpassword) + if($action == "forgotpassword") { - $loginsummary .= "

"._("You have to enter user name and email.")."

+ $loginsummary = "
"._("You have to enter user name and email.")."

@@ -1067,7 +1067,7 @@ } else { - $loginsummary .= "
"._("You have to login first.")."

+ $loginsummary = "
"._("You have to login first.")."

"._("Username")."
@@ -1091,7 +1091,7 @@ } // logout user -if ($action == "logoutuser" && isset($_SESSION['loginID'])) // added by Dennis +if ($action == "logoutuser" && isset($_SESSION['loginID'])) { $action = "logout"; include("usercontrol.php"); @@ -1137,9 +1137,6 @@ else { include("access_denied.php"); - //$addsummary = "
"._("Modifying User")."
\n"; - //$addsummary .= "
"._("You are not allowed to perform this operation!")."
\n"; - //$addsummary .= "

"._("Continue")."
 \n"; } } @@ -1233,18 +1230,12 @@ } $usersummary .= "\t\t\t" // added by Dennis - //."" ."\t\n\t" ."" . "

"._("Username")."

" ."" ."" ."
\n"; - /*$usersummary .= "\t\n" - . "\t\t\n" - . "\n" - . ""*/ - continue; } } @@ -1252,9 +1243,6 @@ else { include("access_denied.php"); - //$addsummary = "
"._("Set User Rights")."
\n"; - //$addsummary .= "
"._("You are not allowed to change your own rights!")."
\n"; - //$addsummary .= "

"._("Continue")."
 \n"; } } @@ -1262,7 +1250,10 @@ { if(isset($_SESSION['loginID'])) { - $usersummary = "\n" + +$usersummary = "
\n" + + //$usersummary = "
\n" . "\t\t\t\t\n" . "\t\n" @@ -1304,7 +1295,25 @@ foreach ($_SESSION['userlist'] as $usr) { $usersummary .= "\t\n" - . "\t\n" + . "\t\n" + . "\t\n"; + // passwords of other users will not be displayed + if ($usr['uid'] == $_SESSION['loginID']) + { + $usersummary .= "\t\t\n"; + } + else + { + $usersummary .= "\t\t\n"; + } + $usersummary .= "\t\t\n" + . "\t\t\n" + . "\t\t\n" . "\t\n"; // passwords of other users will not be displayed if ($usr['uid'] == $_SESSION['loginID']) @@ -1317,7 +1326,7 @@ } $usersummary .= "\t\t\n" . "\t\t\n" - . "\t\t
" . ""._("User Control")."
$setfont{$usr['user']}$setfont{$usr['user']}$setfont{$usr['email']}$setfont{$usr['password']}******$setfont{$usr['level']}$setfont{$usr['parent_id']}\n"; + + + + +/* . "\t$setfont{$usr['user']}$setfont{$usr['email']}$setfont{$usr['level']}$setfont{$usr['parent_id']}\n"; + . "\t\t\n";*/ // users are only allowed to change his own data if ($usr['uid'] == $_SESSION['loginID']) @@ -1900,17 +1909,160 @@ } // ************************************************* +// Survey Rights End **************************** // ************************************************* -// ************************************************* + +if($action == "addsurveysecurity") + { + $addsummary = "
"._("Add User")."
\n"; + + $query = "SELECT sid, creator_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND creator_id = ".$_SESSION['loginID']." AND creator_id != ".$_POST['uid']; + $result = db_execute_assoc($query); + if($result->RecordCount() > 0) + { + if($_POST['uid'] != _("Please Choose...")){ + + $isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES($surveyid,". $_POST['uid'].",0,0,0,0,0,0)"; + $isrresult = $connect->Execute($isrquery); + + if(mysql_affected_rows() < 0) + { + // Username already exists. + $addsummary .= "
"._("Failed to add User.")."
\n" . " " . _("Username already exists.")."
\n"; + } + else + { + $addsummary .= "
"._("User added.")."
\n"; + } + $addsummary .= "
" + ."" + ."" + ."" + ."" + ."
\n"; + $addsummary .= "
"._("Continue")."
 \n"; + } + else + { + $addsummary .= "
"._("Failed to add User.")."
\n" . " " . _("No Username selected.")."
\n"; + $addsummary .= "
"._("Continue")."
 \n"; + } + } + else + { + include("access_denied.php"); + } + } + +if($action == "delsurveysecurity"){ + { + $addsummary = "
"._("Deleting User")."
\n"; + + $query = "SELECT sid, creator_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND creator_id = ".$_SESSION['loginID']." AND creator_id != ".$_POST['uid']; + $result = db_execute_assoc($query); + if($result->RecordCount() > 0) + { + if (isset($_POST['uid'])) + { + $dquery="DELETE FROM {$dbprefix}surveys_rights WHERE uid={$_POST['uid']} AND sid={$surveyid}"; // added by Dennis + $dresult=$connect->Execute($dquery); + + $addsummary .= "
"._("Username").": {$_POST['user']}
\n"; + } + else + { + $addsummary .= "
"._("Could not delete user. User was not supplied.")."
\n"; + } + } + else + { + include("access_denied.php"); + } + $addsummary .= "

"._("Continue")."
 \n"; + } +} + +if($action == "setsurveysecurity") + { + $query = "SELECT sid, creator_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND creator_id = ".$_SESSION['loginID']." AND creator_id != ".$_POST['uid']; + $result = db_execute_assoc($query); + if($result->RecordCount() > 0) + { + $query2 = "SELECT uid, edit_survey_property, define_questions, browse_response, export, delete_survey, activate_survey FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid} AND uid = ".$_POST['uid']; + $result2 = db_execute_assoc($query2); + + if($result2->RecordCount() > 0) + { + $resul2row = $result2->FetchRow(); + + $usersummary = "\n\t\n"; + + $usersummary .= "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n" + . "\t\t\n\t\n" + . "\n"; + + //content + $usersummary .= "\t\t" + ."" + . "
\n" + . "\t\t$setfont"._("Set Survey Rights").": ".$_POST['user']."
edit_survey_propertydefine_questionsbrowse_responseexportdelete_surveyactivate_survey
" + ."" + ."
\n"; + } + } + else + { + include("access_denied.php"); + } + } + if($action == "surveysecurity") { $query = "SELECT sid FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND creator_id = ".$_SESSION['loginID']; $result = db_execute_assoc($query); if($result->RecordCount() > 0) { - $query2 = "SELECT uid FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid} AND uid != ".$_SESSION['loginID']; + $query2 = "SELECT a.uid, b.user FROM ".db_table_name('surveys_rights')."AS a INNER JOIN ".db_table_name('users')." AS b ON a.uid = b.uid WHERE a.sid = {$surveyid} AND b.uid != ".$_SESSION['loginID']; + //$query2 = "SELECT uid FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid} AND uid != ".$_SESSION['loginID']; $result2 = db_execute_assoc($query2); - $surveysecurity = "\n\t\n"; } - if($_SESSION['loginID']) //ADDED by Moses to prevent errors by reading db while not logged in. + if(isset($_SESSION['loginID'])) //ADDED by Moses to prevent errors by reading db while not logged in. { $adminmenu .= "\t\t\t\t
\n" + $surveysecurity = "\n\t\n" . "\t\n" . "\t\t\n" @@ -1922,16 +2074,39 @@ while ($resul2row = $result2->FetchRow()) { $surveysecurity .= "\t\n" - . "\t\n" - . "\t\n" - . "\t\n"; - } + . "\t\n" + . "\t\t\n" + . "\t\n"; + } } - $surveysecurity .= "\t\t\n" + $surveysecurity .= "\t\t\n" . "\t\t\n" - . "\t\t\n" + + . "\t\t\t\t\t\n" + . "\t\t\n" + . "\n" . "\t\n" . "\t
\n" . "\t\t$setfont"._("Survey Security")."
$setfont"._("Username")."
$setfont{$resul2row['uid']}Action
$setfont{$resul2row['user']}\n"; + + $surveysecurity .= "
" + ."" + ."" + ."" + ."" + ."
"; + + $surveysecurity .= "
" + ."" + ."" + ."" + ."" + ."
\n"; + + $surveysecurity .= "\t\t
" + . "\t\t\t\t\t\n" + . "\t\t\t\t" - . "
\n"; } @@ -1940,8 +2115,35 @@ include("access_denied.php"); } } + +elseif ($action == "surveyrights") + { + $addsummary = "
"._("Set Survey Rights")."
\n"; + + $query = "SELECT sid, creator_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND creator_id = ".$_SESSION['loginID']." AND creator_id != ".$_POST['uid']; + $result = db_execute_assoc($query); + if($result->RecordCount() > 0) + { + $rights = array(); + + if(isset($_POST['edit_survey_property']))$rights['edit_survey_property']=1; else $rights['edit_survey_property']=0; + if(isset($_POST['define_questions']))$rights['define_questions']=1; else $rights['define_questions']=0; + if(isset($_POST['browse_response']))$rights['browse_response']=1; else $rights['browse_response']=0; + if(isset($_POST['export']))$rights['export']=1; else $rights['export']=0; + if(isset($_POST['delete_survey']))$rights['delete_survey']=1; else $rights['delete_survey']=0; + if(isset($_POST['activate_survey']))$rights['activate_survey']=1; else $rights['activate_survey']=0; + + setsurveyrights($_POST['uid'], $rights); + $addsummary .= "
"._("Update survey rights successful.")."
\n"; + $addsummary .= "

"._("Continue")."
 \n"; + } + else + { + include("access_denied.php"); + } + } // ************************************************* - // ************************************************* + // Survey Rights End **************************** // ************************************************* diff --git a/admin/install/create-mysql.sql b/admin/install/create-mysql.sql index f55a38b6556..6851f280f0c 100644 --- a/admin/install/create-mysql.sql +++ b/admin/install/create-mysql.sql @@ -239,9 +239,9 @@ CREATE TABLE `prefix_surveys_rights` ( `define_questions` tinyint(1) NOT NULL default '0', `browse_response` tinyint(1) NOT NULL default '0', `export` tinyint(1) NOT NULL default '0', - `add_user` tinyint(1) NOT NULL default '0', `delete_survey` tinyint(1) NOT NULL default '0', - `activate_survey` tinyint(1) NOT NULL default '0' + `activate_survey` tinyint(1) NOT NULL default '0', + PRIMARY KEY (sid, uid) ) TYPE=MyISAM; CREATE TABLE `prefix_user_groups` ( diff --git a/admin/install/upgrade-mysql.php b/admin/install/upgrade-mysql.php index 9212e3a450a..225cf989f7f 100644 --- a/admin/install/upgrade-mysql.php +++ b/admin/install/upgrade-mysql.php @@ -202,7 +202,6 @@ function mysqlcheckfields() $allfields[]=array("{$dbprefix}surveys_rights", "define_questions", "DEFINE_QUESTIONS tinyint(1) NOT NULL default '0'"); $allfields[]=array("{$dbprefix}surveys_rights", "browse_response", "LOOK_STATISTICS tinyint(1) NOT NULL default '0'"); $allfields[]=array("{$dbprefix}surveys_rights", "export", "EXPORT tinyint(1) NOT NULL default '0'"); -$allfields[]=array("{$dbprefix}surveys_rights", "add_user", "ADD_USER tinyint(1) NOT NULL default '0'"); $allfields[]=array("{$dbprefix}surveys_rights", "delete_survey", "DELETE_SURVEY tinyint(1) NOT NULL default '0'"); $allfields[]=array("{$dbprefix}surveys_rights", "activate_survey", "DO_SURVEY tinyint(1) NOT NULL default '0'"); diff --git a/admin/usercontrol.php b/admin/usercontrol.php index a4e084db105..5174de40efe 100644 --- a/admin/usercontrol.php +++ b/admin/usercontrol.php @@ -255,7 +255,7 @@ $addsummary .= "

"._("Continue")."
 \n"; } -elseif ($action == "moduser")// && $_POST['uid'] == $_SESSION['loginID']) +elseif ($action == "moduser") { $addsummary = "
"._("Modifying User")."
\n"; @@ -280,7 +280,7 @@ } elseif($valid_email) { - $uquery = "UPDATE {$dbprefix}users SET email='{$email}', password=ENCODE('{$pass}', '{$codeString}') WHERE uid={$_POST['uid']}"; // added by Dennis + $uquery = "UPDATE {$dbprefix}users SET email='{$email}', password=ENCODE('{$pass}', '{$codeString}') WHERE uid={$_POST['uid']}"; //echo($uquery); $uresult = $connect->Execute($uquery); if(mysql_affected_rows() < 0) @@ -295,8 +295,7 @@ } if($failed) { - //$addsummary .= "

"._("Continue")."
 \n"; - $addsummary .= "

" // added by Dennis + $addsummary .= "

" ."" ."" ."" @@ -310,8 +309,6 @@ else { include("access_denied.php"); - //$addsummary .= "
"._("You are not allowed to perform this operation!")."
\n"; - //$addsummary .= "

"._("Continue")."
 \n"; } } @@ -342,14 +339,13 @@ if(isset($_POST['push_down_user']))$rights['push_down_user']=1; else $rights['push_down_user']=0; if(isset($_POST['create_template']))$rights['create_template']=1; else $rights['create_template']=0; - setrights($_POST['uid'], $rights); + setuserrights($_POST['uid'], $rights); $addsummary .= "
"._("Update user rights successful.")."
\n"; $addsummary .= "

"._("Continue")."
 \n"; } else { - include("access_denied.php"); - //$addsummary .= "
"._("You are not allowed to perform this operation!")."
\n"; + include("access_denied.php"); } } else diff --git a/common.php b/common.php index a9517a8ea60..63d0fc5327f 100644 --- a/common.php +++ b/common.php @@ -238,7 +238,7 @@ function showadminmenu() . "\t\t\t\t\t\n"; // check data cosistency - if($_SESSION['USER_RIGHT_CONFIGURATOR']) + if(isset($_SESSION['USER_RIGHT_CONFIGURATOR'])) { $adminmenu .= "\n" . "\t\t\t\t\t\n"; } - if($_SESSION['USER_RIGHT_CREATE_TEMPLATE']) + if(isset($_SESSION['USER_RIGHT_CREATE_TEMPLATE'])) { $adminmenu .= "\n" . "\t\t\t\t
\n" . "\n" . "\t\t\t\t\t\n"; - if($_SESSION['USER_RIGHT_CREATE_SURVEY']) + if(isset($_SESSION['USER_RIGHT_CREATE_SURVEY'])) { $adminmenu .= "Execute($uquery); } + +// set the rights for a survey +function setsurveyrights($uid, $rights) + { + global $connect, $surveyid; + + $updates = "edit_survey_property=".$rights['edit_survey_property'] + . ", define_questions=".$rights['define_questions'] + . ", browse_response=".$rights['browse_response'] + . ", export=".$rights['export'] + . ", delete_survey=".$rights['delete_survey'] + . ", activate_survey=".$rights['activate_survey']; + $uquery = "UPDATE ".db_table_name('surveys_rights')." SET ".$updates." WHERE sid = {$surveyid} AND uid = ".$uid; + + return $connect->Execute($uquery); + } - function createPassword() +function createPassword() { $pwchars = "abcdefhjmnpqrstuvwxyz23456789"; $password_length = 8; @@ -2489,6 +2503,28 @@ function createPassword() $passwd .= $pwchars[floor(rand(0,strlen($pwchars)))]; } return $passwd; - } + } +function getsurveyuserlist() + { + global $surveyid, $dbprefix, $scriptname, $connect; + + $surveyidquery = "SELECT a.uid, a.user FROM ".db_table_name('users')." AS a LEFT OUTER JOIN (SELECT uid AS id FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid}) AS b ON a.uid = b.id WHERE ISNULL(id)"; + + $surveyidresult = db_execute_assoc($surveyidquery); + if (!$surveyidresult) {return "Database Error";} + $surveyselecter = ""; + $surveynames = $surveyidresult->GetRows(); + if ($surveynames) + { + foreach($surveynames as $sv) + { + $surveyselecter .= "\t\t\t\n".$surveyselecter;} + else {$surveyselecter = "\t\t\t\n".$surveyselecter;} + return $surveyselecter; + } ?> diff --git a/images/survey_security.png b/images/survey_security.png new file mode 100644 index 0000000000000000000000000000000000000000..11c0c31f81e5f5b36ac4b9cb81a4b48dd60c5ab3 GIT binary patch literal 1185 zcmV;S1YY}zP)e zSad^gZEa<4bO1wgWnpw>WFU8GbZ8()Nlj2!fese{00aq1L_t(o3GG*1NK`=-o?DwC z7APV~W{8y(lx2|yM&-g*R!|YyW3^!QR7CX9OAiG>_)zv@&`WO-1oj6Nm25$5Ng8B9 z2=!2j)$&g`9a?%g~0XLk_^4}5p#&iVW9%$eC)Es;pD=`6FRGdbcmLonMF znwi1>eg*^Cexb@=)3oEzZ3R99BZl28w532RjyKI1b8NI+pMxNF0U37zap0pRdj;PA z0DZs#FC=qH5ajM6@oM0GVx+7Qtx~jn;>egAN!ukxqO_kEw?ObYjeLthY%yAbqri>{ zl1_%U1j(WJ4XsjA25at%u5Al)%c0nhq&2n%>cMYnRZ^oQ=;jDg+hDU0m=93lXCg5- zr;G@KTr&dK17dd;qW=z95BQOCH)Bo^3DauM>S$y07)u(m+U5G4?_x?W*PL4tqb7Sn zu*%KWNl%-^ZS!UGTbz;arjXv5U)1+Q>|jhziPJ}9l*9L~B z1m8U4{qBF;GoJTdkJHW{9F4KExp~gSgq9Pu)`882P}Ryl*q(dc9jhB1 zWprfB0SW-IGSnxbmX4#L9YI#^l^i*yW{_So5q#WPkR$?iKnn=0RmD*dD~7$U^2wSY z1qR7sknBOXKtV#4pL{Mt@tTZwdwglar9Q2n+7scVDT55?LnHJH*NpgK3q+`V6;&EC* zJQn~@sYLjQ<&pIaqU=h5CV+m=IXNVw;^)9v6nH?8#%|!9qywOf#u0k472)K!MKGEz zA|-GceY)k`L@Y;vO$4C-EW(#AoQHuHIHo?1`X2Th+$>_u79U+#Pp1o)6ZGtQvFZ-= z%?N%iIc$DLA`!X)U4&mNX<$#yPT&hbCqXTIJ86)__YxyOThf)Cm&h4IyrG!84I=V5 z?>96woI)oe6jF?17^?(A$dS50_}(ONPDnvT9#e~1q04I&GeJvk68K+*KanwsF_ScQ z8+Z<1ej@mqK_X|0s(1l`l~8TAs^Px^WAv{tO{9_Z(6KX!5A5(f5QFdJe_3H*(@OPN=Xr?{r@|(d>kvq7fYB$f`E>h17jAy`XV@0_5}X{h^wa2?*kA900000NkvXXu0mjfSc3=L literal 0 HcmV?d00001