diff --git a/core/groups/group_permissions.php b/core/groups/group_permissions.php
index 250f55177c..9db79e0cc4 100644
--- a/core/groups/group_permissions.php
+++ b/core/groups/group_permissions.php
@@ -58,65 +58,64 @@
}
//if there are no permissions listed in v_group_permissions then set the default permissions
- $sql = "select count(*) as count from v_group_permissions ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
- $group_permission_count = $row["count"];
- break; //limit to 1 row
- }
- unset ($prep_statement);
+ $sql = "select count(*) from v_group_permissions ";
+ $database = new database;
+ $group_permission_count = $database->select($sql, null, 'column');
+ unset($sql);
+
if ($group_permission_count == 0) {
//no permissions found add the defaults
foreach($apps as $app) {
foreach ($app['permissions'] as $row) {
- foreach ($row['groups'] as $group) {
+ foreach ($row['groups'] as $index => $group) {
//add the record
- $sql = "insert into v_group_permissions ";
- $sql .= "(";
- $sql .= "group_permission_uuid, ";
- $sql .= "permission_name, ";
- $sql .= "group_name ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".uuid()."', ";
- $sql .= "'".$row['name']."', ";
- $sql .= "'".$group."' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['group_permissions'][$index]['group_permission_uuid'] = uuid();
+ $array['group_permissions'][$index]['permission_name'] = $row['name'];
+ $array['group_permissions'][$index]['group_name'] = $group;
+ }
+ if (is_array($array) && sizeof($array) != 0) {
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->save($array);
+ unset($array);
}
}
}
}
//get the group uuid, lookup domain uuid (if any) and name
- $group_uuid = check_str($_REQUEST['group_uuid']);
+ $group_uuid = $_REQUEST['group_uuid'];
$sql = "select domain_uuid, group_name from v_groups ";
- $sql .= "where group_uuid = '".$group_uuid."' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where group_uuid = :group_uuid ";
+ $parameters['group_uuid'] = $group_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$domain_uuid = $row["domain_uuid"];
$group_name = $row["group_name"];
- break; //limit to 1 row
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
//get the permissions assigned to this group
- $sql = " select * from v_group_permissions ";
- $sql .= "where group_name = '$group_name' ";
- $sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
- $permission_name = $row["permission_name"];
- $permissions_db[$permission_name] = "true";
+ $sql = "select * from v_group_permissions ";
+ $sql .= "where group_name = :group_name ";
+ if (is_uuid($domain_uuid)) {
+ $sql .= "and domain_uuid = :domain_uuid ";
+ $parameters['domain_uuid'] = $domain_uuid;
}
+ else {
+ $sql .= "and domain_uuid is null ";
+ }
+ $parameters['group_name'] = $group_name;
+ $database = new database;
+ $result = $database->select($sql, $parameters, 'all');
+ if (is_array($result) && sizeof($result) != 0) {
+ foreach ($result as &$row) {
+ $permissions_db[$row["permission_name"]] = "true";
+ }
+ }
+ unset($sql, $parameters, $result, $row);
//show the db checklist
//echo "";
@@ -175,52 +174,68 @@
}
if ($permissions_db_checklist[$permission] == "true" && $permissions_form_checklist[$permission] == "false") {
//delete the record
- $sql = "delete from v_group_permissions ";
- $sql .= "where group_name = '$group_name' ";
- $sql .= "and permission_name = '$permission' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['group_permissions'][0]['group_name'] = $group_name;
+ $array['group_permissions'][0]['permission_name'] = $permission;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->delete($array);
+ unset($array);
foreach($apps as $app) {
foreach ($app['permissions'] as $row) {
if ($row['name'] == $permission) {
- $sql = "delete from v_menu_item_groups ";
- $sql .= "where menu_item_uuid = '".$row['menu']['uuid']."' ";
- $sql .= "and group_name = '$group_name' ";
- $sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['menu_item_groups'][0]['menu_item_uuid'] = $row['menu']['uuid'];
+ $array['menu_item_groups'][0]['group_name'] = $group_name;
+ $array['menu_item_groups'][0]['menu_uuid'] = 'b4750c3f-2a86-b00d-b7d0-345c14eca286';
- $sql = " select menu_item_parent_uuid from v_menu_items ";
- $sql .= "where menu_item_uuid = '".$row['menu']['uuid']."' ";
- $sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
- $menu_item_parent_uuid = $row["menu_item_parent_uuid"];
- }
- unset ($prep_statement);
+ $p = new permissions;
+ $p->add('menu_item_group_delete', 'temp');
- $sql = " select * from v_menu_items as i, v_menu_item_groups as g ";
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->delete($array);
+ unset($array);
+
+ $p->delete('menu_item_group_delete', 'temp');
+
+ $sql = "select menu_item_parent_uuid from v_menu_items ";
+ $sql .= "where menu_item_uuid = :menu_item_uuid ";
+ $sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
+ $parameters['menu_item_uuid'] = $row['menu']['uuid'];
+ $database = new database;
+ $menu_item_parent_uuid = $database->select($sql, $parameters, 'column');
+ unset($sql, $parameters);
+
+ $sql = "select count(*) from v_menu_items as i, v_menu_item_groups as g ";
$sql .= "where i.menu_item_uuid = g.menu_item_uuid ";
$sql .= "and i.menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
- $sql .= "and i.menu_item_parent_uuid = '$menu_item_parent_uuid' ";
- $sql .= "and g.group_name = '$group_name' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- $result_count = count($result);
+ $sql .= "and i.menu_item_parent_uuid = :menu_item_parent_uuid ";
+ $sql .= "and g.group_name = :group_name ";
+ $parameters['menu_item_parent_uuid'] = $menu_item_parent_uuid;
+ $parameters['group_name'] = $group_name;
+ $database = new database;
+ $result_count = $database->select($sql, $parameters, 'column');
+
if ($result_count == 0) {
- $sql = "delete from v_menu_item_groups ";
- $sql .= "where menu_item_uuid = '$menu_item_parent_uuid' ";
- $sql .= "and group_name = '$group_name' ";
- $sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['menu_item_groups'][0]['menu_item_uuid'] = $menu_item_parent_uuid;
+ $array['menu_item_groups'][0]['group_name'] = $group_name;
+ $array['menu_item_groups'][0]['menu_uuid'] = 'b4750c3f-2a86-b00d-b7d0-345c14eca286';
+
+ $p = new permissions;
+ $p->add('menu_item_group_delete', 'temp');
+
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->delete($array);
+ unset($array);
+
+ $p->delete('menu_item_group_delete', 'temp');
}
- unset ($prep_statement);
+ unset($sql, $parameters, $result_count);
}
}
}
@@ -229,82 +244,72 @@
}
if ($permissions_db_checklist[$permission] == "false" && $permissions_form_checklist[$permission] == "true") {
//add the record
- $sql = "insert into v_group_permissions ";
- $sql .= "(";
- $sql .= "group_permission_uuid, ";
- if ($domain_uuid != '') {
- $sql .= "domain_uuid, ";
+ $array['group_permissions'][0]['group_permission_uuid'] = uuid();
+ if (is_uuid($domain_uuid)) {
+ $array['group_permissions'][0]['domain_uuid'] = $domain_uuid;
}
- $sql .= "permission_name, ";
- $sql .= "group_name ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".uuid()."', ";
- if ($domain_uuid != '') {
- $sql .= "'".$domain_uuid."', ";
- }
- $sql .= "'$permission', ";
- $sql .= "'$group_name' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['group_permissions'][0]['permission_name'] = $permission;
+ $array['group_permissions'][0]['group_name'] = $group_name;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->save($array);
+ unset($array);
foreach($apps as $app) {
foreach ($app['permissions'] as $row) {
if ($row['name'] == $permission) {
- $sql = "insert into v_menu_item_groups ";
- $sql .= "(";
- $sql .= "menu_uuid, ";
- $sql .= "menu_item_uuid, ";
- $sql .= "group_name ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'b4750c3f-2a86-b00d-b7d0-345c14eca286', ";
- $sql .= "'".$row['menu']['uuid']."', ";
- $sql .= "'$group_name' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['menu_item_groups'][0]['menu_uuid'] = 'b4750c3f-2a86-b00d-b7d0-345c14eca286';
+ $array['menu_item_groups'][0]['menu_item_uuid'] = $row['menu']['uuid'];
+ $array['menu_item_groups'][0]['group_name'] = $group_name;
- $sql = " select menu_item_parent_uuid from v_menu_items ";
- $sql .= "where menu_item_uuid = '".$row['menu']['uuid']."' ";
- $sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
- $menu_item_parent_uuid = $row["menu_item_parent_uuid"];
- }
- unset ($prep_statement);
+ $p = new permissions;
+ $p->add('menu_item_group_add', 'temp');
- $sql = " select * from v_menu_item_groups ";
- $sql .= "where menu_item_uuid = '$menu_item_parent_uuid' ";
- $sql .= "and group_name = '$group_name' ";
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->save($array);
+ unset($array);
+
+ $p->delete('menu_item_group_add', 'temp');
+
+ $sql = "select menu_item_parent_uuid from v_menu_items ";
+ $sql .= "where menu_item_uuid = :menu_item_uuid ";
$sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- $result_count = count($result);
+ $parameters['menu_item_uuid'] = $row['menu']['uuid'];
+ $database = new database;
+ $menu_item_parent_uuid = $database->select($sql, $parameters, 'column');
+ unset($sql, $parameters);
+
+ $sql = "select count(*) from v_menu_item_groups ";
+ $sql .= "where menu_item_uuid = :menu_item_uuid ";
+ $sql .= "and group_name = :group_name ";
+ $sql .= "and menu_uuid = 'b4750c3f-2a86-b00d-b7d0-345c14eca286' ";
+ $parameters['menu_item_uuid'] = $menu_item_parent_uuid;
+ $parameters['group_name'] = $group_name;
+ $database = new database;
+ $result_count = $database->select($sql, $parameters, 'column');
+
if ($result_count == 0) {
- $sql = "insert into v_menu_item_groups ";
- $sql .= "(";
- $sql .= "menu_uuid, ";
- $sql .= "menu_item_uuid, ";
- $sql .= "group_name ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'b4750c3f-2a86-b00d-b7d0-345c14eca286', ";
- $sql .= "'$menu_item_parent_uuid', ";
- $sql .= "'$group_name' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['menu_item_groups'][0]['menu_uuid'] = 'b4750c3f-2a86-b00d-b7d0-345c14eca286';
+ $array['menu_item_groups'][0]['menu_item_uuid'] = $menu_item_parent_uuid;
+ $array['menu_item_groups'][0]['group_name'] = $group_name;
+
+ $p = new permissions;
+ $p->add('menu_item_group_add', 'temp');
+
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->save($array);
+ unset($array);
+
+ $p->delete('menu_item_group_add', 'temp');
}
- unset ($prep_statement);
+
+ unset($sql, $parameters, $result_count);
}
}
}
@@ -328,7 +333,7 @@
echo " if (new_group_name != null) {\n";
echo " new_group_desc = prompt('".$text['message-new_group_description']."');\n";
echo " if (new_group_desc != null) {\n";
- echo " window.location = 'permissions_copy.php?group_name=".escape($group_name)."&new_group_name=' + new_group_name + '&new_group_desc=' + new_group_desc;\n";
+ echo " window.location = 'permissions_copy.php?id=".escape($group_uuid)."&new_group_name=' + new_group_name + '&new_group_desc=' + new_group_desc;\n";
echo " }\n";
echo " }\n";
echo " }\n";
@@ -427,7 +432,6 @@
} //end foreach
echo "
";
- unset($sql, $result, $row_count);
echo "\n";
diff --git a/core/groups/groupadd.php b/core/groups/groupadd.php
index 904a05aa4f..ea644f4dd1 100644
--- a/core/groups/groupadd.php
+++ b/core/groups/groupadd.php
@@ -45,55 +45,42 @@
//get the http values and set them as variables
if (count($_POST) > 0) {
//set the variables
- $group_name = check_str($_POST["group_name"]);
+ $group_name = $_POST["group_name"];
if (permission_exists('group_domain')) {
- $domain_uuid = check_str($_POST["domain_uuid"]);
+ $domain_uuid = $_POST["domain_uuid"];
}
else {
$domain_uuid = $_SESSION['domain_uuid'];
}
- $group_description = check_str($_POST["group_description"]);
+ $group_description = $_POST["group_description"];
//check for global/domain duplicates
- $sql = "select count(*) as num_rows from v_groups where ";
- $sql .= "group_name = '".$group_name."' ";
- $sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
- $prep_statement = $db->prepare($sql);
- if ($prep_statement) {
- $prep_statement->execute();
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
- $group_exists = ($row['num_rows'] > 0) ? true : false;
+ $sql = "select count(*) from v_groups where ";
+ $sql .= "group_name = :group_name ";
+ if (is_uuid($domain_uuid)) {
+ $sql .= "and domain_uuid = :domain_uuid ";
+ $parameters['domain_uuid'] = $domain_uuid;
}
else {
- $group_exists = false;
+ $sql .= "and domain_uuid is null ";
}
- unset($sql, $prep_statement, $row);
+ $parameters['group_name'] = $group_name;
+ $database = new database;
+ $num_rows = $database->select($sql, $parameters, 'column');
+ $group_exists = ($num_rows > 0) ? true : false;
+ unset($sql, $parameters, $num_rows);
//insert group
if (!$group_exists) {
- $sql = "insert into v_groups ";
- $sql .= "(";
- $sql .= "group_uuid, ";
- $sql .= "domain_uuid, ";
- $sql .= "group_name, ";
- $sql .= "group_description ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".uuid()."', ";
- $sql .= (($domain_uuid != '') ? "'".$domain_uuid."'" : "null").", ";
- $sql .= "'".$group_name."', ";
- $sql .= "'".$group_description."' ";
- $sql .= ")";
- if (!$db->exec($sql)) {
- //echo $db->errorCode() . "
";
- $info = $db->errorInfo();
- echo "".print_r($info, true)."
";
- exit;
- // $info[0] == $db->errorCode() unified error code
- // $info[1] is the driver specific error code
- // $info[2] is the driver specific error string
- }
+ $array['groups'][0]['group_uuid'] = uuid();
+ $array['groups'][0]['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : null;
+ $array['groups'][0]['group_name'] = $group_name;
+ $array['groups'][0]['group_description'] = $group_description;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->save($array);
+ unset($array);
message::add($text['message-add']);
header("Location: groups.php");
diff --git a/core/groups/groupdelete.php b/core/groups/groupdelete.php
index 6181481fa7..c1a7e9e8cd 100644
--- a/core/groups/groupdelete.php
+++ b/core/groups/groupdelete.php
@@ -42,57 +42,97 @@
$language = new text;
$text = $language->get();
-//get the http value and set as a variable
- $group_uuid = check_str($_GET["id"]);
-
//validate the uuid
- if (is_uuid($group_uuid)) {
+ if (is_uuid($_GET["id"])) {
+ $group_uuid = $_GET["id"];
+
//get the group from v_groups
$sql = "select domain_uuid, group_name from v_groups ";
- $sql .= "where group_uuid = '".$group_uuid."' ";
+ $sql .= "where group_uuid = :group_uuid ";
if (!permission_exists('group_domain')) {
- $sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null); ";
+ $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
}
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $parameters['group_uuid'] = $group_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ unset($sql, $parameters);
+
+ if (is_array($row) && sizeof($row) != 0) {
+
$domain_uuid = $row["domain_uuid"];
$group_name = $row["group_name"];
- }
- unset ($prep_statement);
- //delete the user groups
- $sql = "delete from v_user_groups ";
- $sql .= "where group_uuid = '".$group_uuid."' ";
- if (!$db->exec($sql)) {
- $error = $db->errorInfo();
- print_r($error);
- }
+ //delete the user groups
+ $array['user_groups'][0]['group_uuid'] = $group_uuid;
- //delete the group permissions
- if (strlen($group_name) > 0) {
- $sql = "delete from v_group_permissions ";
- $sql .= "where group_name = '".$group_name."' ";
- $sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
- if (!$db->exec($sql)) {
- $error = $db->errorInfo();
- print_r($error);
- }
- }
+ $p = new permissions;
+ $p->add('user_group_delete', 'temp');
+
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->delete($array);
+ unset($array);
+
+ $p->delete('user_group_delete', 'temp');
+
+ //get the group permissions
+ $sql = "select group_permission_uuid ";
+ $sql .= "from v_group_permissions ";
+ $sql .= "where group_name = :group_name ";
+ if (is_uuid($domain_uuid)) {
+ $sql .= "and domain_uuid = :domain_uuid ";
+ $parameters['domain_uuid'] = $domain_uuid;
+ }
+ else {
+ $sql .= "and domain_uuid is null ";
+ }
+ $parameters['group_name'] = $group_name;
+ $database = new database;
+ $result = $database->select($sql, $parameters, 'all');
+ if (is_array($result) && sizeof($result) != 0) {
+ foreach ($result as $index => $row) {
+ //build array
+ $array['group_permissions'][$index]['group_permission_uuid'] = $row['group_permission_uuid'];
+ $array['group_permissions'][$index]['group_name'] = $group_name;
+ }
+ if (is_array($array) && sizeof($array) != 0) {
+ //delete the group permissions
+ $p = new permissions;
+ $p->add('group_permission_delete', 'temp');
+
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->delete($array);
+ unset($array);
+
+ $p->delete('group_permission_delete', 'temp');
+ }
+ }
+ unset($sql, $parameters, $result, $row);
+
+ //delete the group
+ $array['groups'][0]['group_uuid'] = $group_uuid;
+ if (is_uuid($domain_uuid)) {
+ $array['groups'][0]['domain_uuid'] = $domain_uuid;
+ }
+
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->delete($array);
+ unset($array);
+
+ //set message
+ message::add($text['message-delete']);
- //delete the group
- $sql = "delete from v_groups ";
- $sql .= "where group_uuid = '".$group_uuid."' ";
- $sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
- if (!$db->exec($sql)) {
- $error = $db->errorInfo();
- print_r($error);
}
+ unset($sql, $parameters, $row);
}
//redirect the user
- message::add($text['message-delete']);
header("Location: groups.php");
?>
diff --git a/core/groups/groupedit.php b/core/groups/groupedit.php
index 985e6c482c..3fd8df5a43 100644
--- a/core/groups/groupedit.php
+++ b/core/groups/groupedit.php
@@ -45,128 +45,176 @@
//process update
if (count($_POST) > 0) {
//set the variables
- $group_uuid = check_str($_POST['group_uuid']);
- $group_name = check_str($_POST['group_name']);
- $group_name_previous = check_str($_POST['group_name_previous']);
- $domain_uuid = check_str($_POST["domain_uuid"]);
- $domain_uuid_previous = check_str($_POST["domain_uuid_previous"]);
- $group_description = check_str($_POST["group_description"]);
+ $group_uuid = $_POST['group_uuid'];
+ $group_name = $_POST['group_name'];
+ $group_name_previous = $_POST['group_name_previous'];
+ $domain_uuid = $_POST["domain_uuid"];
+ $domain_uuid_previous = $_POST["domain_uuid_previous"];
+ $group_description = $_POST["group_description"];
//check for global/domain duplicates
- $sql = "select count(*) as num_rows from v_groups where ";
- $sql .= "group_name = '".$group_name."' ";
- $sql .= "and group_uuid <> '".$group_uuid."' ";
- $sql .= "and domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ");
- $prep_statement = $db->prepare($sql);
- if ($prep_statement) {
- $prep_statement->execute();
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
- $group_exists = ($row['num_rows'] > 0) ? true : false;
+ $sql = "select count(*) from v_groups where ";
+ $sql .= "group_name = :group_name ";
+ $sql .= "and group_uuid <> :group_uuid ";
+ if (is_uuid($domain_uuid)) {
+ $sql .= "and domain_uuid = :domain_uuid ";
+ $parameters['domain_uuid'] = $domain_uuid;
}
else {
- $group_exists = false;
+ $sql .= "and domain_uuid is null ";
}
- unset($sql, $prep_statement, $row);
+ $parameters['group_name'] = $group_name;
+ $parameters['group_uuid'] = $group_uuid;
+ $database = new database;
+ $num_rows = $database->select($sql, $parameters, 'column');
+ $group_exists = ($num_rows > 0) ? true : false;
+ unset($sql, $parameters, $num_rows);
//update group
if (!$group_exists) {
- $sql = "update v_groups ";
- $sql .= "set ";
- $sql .= "group_name = '".$group_name."', ";
- $sql .= "domain_uuid = ".(($domain_uuid != '') ? "'".$domain_uuid."'" : "null").", ";
- $sql .= "group_description = '".$group_description."' ";
- $sql .= "where group_uuid = '".$group_uuid."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- echo "".print_r($error, true)."
";
- exit;
- }
+ $array['groups'][0]['group_uuid'] = $group_uuid;
+ $array['groups'][0]['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : null;
+ $array['groups'][0]['group_name'] = $group_name;
+ $array['groups'][0]['group_description'] = $group_description;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->save($array);
+ unset($array);
//group changed from global to domain-specific
- if ($domain_uuid_previous == '' && $domain_uuid != '') {
+ if (!is_uuid($domain_uuid_previous) && is_uuid($domain_uuid)) {
//remove any users assigned to the group from the old domain
- $sql = "delete from v_user_groups where group_uuid = '".$group_uuid."' and domain_uuid <> '".$domain_uuid."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "delete from v_user_groups where group_uuid = :group_uuid and domain_uuid <> :domain_uuid ";
+ $parameters['group_uuid'] = $group_uuid;
+ $parameters['domain_uuid'] = $domain_uuid;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
+
//update permissions to use new domain uuid
- $sql = "update v_group_permissions set domain_uuid = '".$domain_uuid."' where group_name = '".$group_name_previous."' and domain_uuid is null ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_group_permissions set domain_uuid = :domain_uuid where group_name = :group_name and domain_uuid is null ";
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['group_name'] = $group_name_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
+
//change group name
if ($group_name != $group_name_previous && $group_name != '') {
//change group name in group users
- $sql = "update v_user_groups set group_name = '".$group_name."' where group_uuid = '".$group_uuid."' and group_name = '".$group_name_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old ";
+ $parameters['group_name_new'] = $group_name;
+ $parameters['group_uuid'] = $group_uuid;
+ $parameters['group_name_old'] = $group_name_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
+
//change group name in permissions
- $sql = "update v_group_permissions set group_name = '".$group_name."' where domain_uuid = '".$domain_uuid."' and group_name = '".$group_name_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_group_permissions set group_name = :group_name_new where domain_uuid = :domain_uuid and group_name = :group_name_old ";
+ $parameters['group_name_new'] = $group_name;
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['group_name_old'] = $group_name_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
}
}
//group changed from one domain to another
- else if ($domain_uuid_previous != '' && $domain_uuid != '' && $domain_uuid_previous != $domain_uuid) {
+ else if (is_uuid($domain_uuid_previous) && is_uuid($domain_uuid) && $domain_uuid_previous != $domain_uuid) {
//remove any users assigned to the group from the old domain
- $sql = "delete from v_user_groups where group_uuid = '".$group_uuid."' and domain_uuid = '".$domain_uuid_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $array['user_groups'][0]['group_uuid'] = $group_uuid;
+ $array['user_groups'][0]['domain_uuid'] = $domain_uuid_previous;
+
+ $p = new permissions;
+ $p->add('user_group_delete', 'temp');
+
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->delete($array);
+ unset($array);
+
+ $p->delete('user_group_delete', 'temp');
//update permissions to use new domain uuid
- $sql = "update v_group_permissions set domain_uuid = '".$domain_uuid."' where group_name = '".$group_name_previous."' and domain_uuid = '".$domain_uuid_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_group_permissions set domain_uuid = :domain_uuid_new where group_name = :group_name and domain_uuid = :domain_uuid_old ";
+ $parameters['domain_uuid_new'] = $domain_uuid;
+ $parameters['group_name'] = $group_name_previous;
+ $parameters['domain_uuid_old'] = $domain_uuid_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
//change group name
if ($group_name != $group_name_previous && $group_name != '') {
//change group name in group users
- $sql = "update v_user_groups set group_name = '".$group_name."' where group_uuid = '".$group_uuid."' and group_name = '".$group_name_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old ";
+ $parameters['group_name_new'] = $group_name;
+ $parameters['group_uuid'] = $group_uuid;
+ $parameters['group_name_old'] = $group_name_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
//change group name in permissions
- $sql = "update v_group_permissions set group_name = '".$group_name."' where domain_uuid = '".$domain_uuid."' and group_name = '".$group_name_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_group_permissions set group_name = :group_name_new where domain_uuid = :domain_uuid and group_name = :group_name_old ";
+ $parameters['group_name_new'] = $group_name;
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['group_name_old'] = $group_name_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
}
}
//group changed from domain-specific to global
- else if ($domain_uuid_previous != '' && $domain_uuid == '') {
+ else if (is_uuid($domain_uuid_previous) && !is_uuid($domain_uuid)) {
//change group name
if ($group_name != $group_name_previous && $group_name != '') {
//change group name in group users
- $sql = "update v_user_groups set group_name = '".$group_name."' where group_uuid = '".$group_uuid."' and group_name = '".$group_name_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old ";
+ $parameters['group_name_new'] = $group_name;
+ $parameters['group_uuid'] = $group_uuid;
+ $parameters['group_name_old'] = $group_name_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
//change group name in permissions
- $sql = "update v_group_permissions set group_name = '".$group_name."' where domain_uuid = '".$domain_uuid_previous."' and group_name = '".$group_name_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_group_permissions set group_name = :group_name_new where domain_uuid = :domain_uuid and group_name = :group_name_old ";
+ $parameters['group_name_new'] = $group_name;
+ $parameters['domain_uuid'] = $domain_uuid_previous;
+ $parameters['group_name_old'] = $group_name_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
}
//update permissions to not use a domain uuid
- $sql = "update v_group_permissions set domain_uuid = null where group_name = '".$group_name."' and domain_uuid = '".$domain_uuid_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_group_permissions set domain_uuid = null where group_name = :group_name and domain_uuid = :domain_uuid ";
+ $parameters['group_name'] = $group_name;
+ $parameters['domain_uuid'] = $domain_uuid_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
}
//domain didn't change, but name may still
@@ -174,17 +222,32 @@
//change group name
if ($group_name != $group_name_previous && $group_name != '') {
//change group name in group users
- $sql = "update v_user_groups set group_name = '".$group_name."' where group_uuid = '".$group_uuid."' and group_name = '".$group_name_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
- }
+ $sql = "update v_user_groups set group_name = :group_name_new where group_uuid = :group_uuid and group_name = :group_name_old ";
+ $parameters['group_name_new'] = $group_name;
+ $parameters['group_uuid'] = $group_uuid;
+ $parameters['group_name_old'] = $group_name_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
//change group name in permissions
- $sql = "update v_group_permissions set group_name = '".$group_name."' where domain_uuid ".(($domain_uuid != '') ? " = '".$domain_uuid."' " : " is null ")." and group_name = '".$group_name_previous."' ";
- if (!$db->exec(check_sql($sql))) {
- $error = $db->errorInfo();
- //echo "".print_r($error, true)."
"; exit;
+ $sql = "update v_group_permissions set group_name = :group_name_new ";
+ if (is_uuid($domain_uuid)) {
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $parameters['domain_uuid'] = $domain_uuid;
}
+ else {
+ $sql .= "where domain_uuid is null ";
+ }
+ $sql .= "and group_name = :group_name_old ";
+ $parameters['group_name_new'] = $group_name;
+ $parameters['group_name_old'] = $group_name_previous;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
}
}
@@ -201,18 +264,19 @@
}
//pre-populate the form
- $group_uuid = check_str($_REQUEST['id']);
- if ($group_uuid != '') {
+ $group_uuid = $_REQUEST['id'];
+ if (is_uuid($group_uuid)) {
$sql = "select * from v_groups where ";
- $sql .= "group_uuid = '".$group_uuid."' ";
- $prep_statement = $db->prepare($sql);
- if ($prep_statement) {
- $prep_statement->execute();
- $row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+ $sql .= "group_uuid = :group_uuid ";
+ $parameters['group_uuid'] = $group_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$group_name = $row['group_name'];
$domain_uuid = $row['domain_uuid'];
$group_description = $row['group_description'];
}
+ unset($sql, $parameters, $row);
}
//include the header
diff --git a/core/groups/groupmemberadd.php b/core/groups/groupmemberadd.php
index 6e980f6337..a8294a9001 100644
--- a/core/groups/groupmemberadd.php
+++ b/core/groups/groupmemberadd.php
@@ -45,43 +45,34 @@
}
//get the http values and set them as variables
- $domain_uuid = check_str($_POST["domain_uuid"]);
- $group_uuid = check_str($_POST["group_uuid"]);
- $group_name = check_str($_POST["group_name"]);
- $user_uuid = check_str($_POST["user_uuid"]);
+ $domain_uuid = $_POST["domain_uuid"];
+ $group_uuid = $_POST["group_uuid"];
+ $group_name = $_POST["group_name"];
+ $user_uuid = $_POST["user_uuid"];
//add the user to the group
if (is_uuid($user_uuid) && is_uuid($group_uuid) && strlen($group_name) > 0) {
- $sql = "insert into v_user_groups ";
- $sql .= "(";
- $sql .= "user_group_uuid, ";
- $sql .= "domain_uuid, ";
- $sql .= "group_uuid, ";
- $sql .= "group_name, ";
- $sql .= "user_uuid ";
- $sql .= ")";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".uuid()."', ";
- $sql .= "'".$domain_uuid."', ";
- $sql .= "'".$group_uuid."', ";
- $sql .= "'".$group_name."', ";
- $sql .= "'".$user_uuid."' ";
- $sql .= ")";
- if (!$db->exec($sql)) {
- $info = $db->errorInfo();
- echo "".print_r($info, true)."
";
- exit;
- }
- else {
- //log the success
- //$log_type = 'group'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." added to group: ".$group_name;
- //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
- }
+ $array['user_groups'][0]['user_group_uuid'] = uuid();
+ $array['user_groups'][0]['domain_uuid'] = $domain_uuid;
+ $array['user_groups'][0]['group_uuid'] = $group_uuid;
+ $array['user_groups'][0]['group_name'] = $group_name;
+ $array['user_groups'][0]['user_uuid'] = $user_uuid;
+
+ $p = new permissions;
+ $p->add('user_group_add', 'temp');
+
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->save($array);
+ unset($array);
+
+ $p->delete('user_group_add', 'temp');
+
+ message::add($text['message-update']);
}
//redirect the user
- message::add($text['message-update']);
header("Location: groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name);
?>
diff --git a/core/groups/groupmemberdelete.php b/core/groups/groupmemberdelete.php
index 1569829262..03cfa32652 100644
--- a/core/groups/groupmemberdelete.php
+++ b/core/groups/groupmemberdelete.php
@@ -45,23 +45,23 @@
}
//get the http values and set them as variables
- $group_name = check_str($_GET["group_name"]);
- $user_uuid = check_str($_GET["user_uuid"]);
- $group_uuid = check_str($_GET["group_uuid"]);
+ $group_name = $_GET["group_name"];
+ $user_uuid = $_GET["user_uuid"];
+ $group_uuid = $_GET["group_uuid"];
//delete the group membership
- $sql_delete = "delete from v_user_groups ";
- $sql_delete .= "where user_uuid = '".$user_uuid."' ";
- $sql_delete .= "and group_uuid = '".$group_uuid."' ";
- if (!$db->exec($sql_delete)) {
- $info = $db->errorInfo();
- echo "".print_r($info, true)."
";
- exit;
- }
- else {
- //$log_type = 'group'; $log_status='remove'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." removed from group: ".$group_name;
- //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
- }
+ $p = new permissions;
+ $p->add('user_group_delete', 'temp');
+
+ $array['user_groups'][0]['user_uuid'] = $user_uuid;
+ $array['user_groups'][0]['group_uuid'] = $group_uuid;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->delete($array);
+ unset($array);
+
+ $p->delete('user_group_delete', 'temp');
//redirect the user
message::add($text['message-delete']);
diff --git a/core/groups/groupmembers.php b/core/groups/groupmembers.php
index ece52b7215..ce1ceeda43 100644
--- a/core/groups/groupmembers.php
+++ b/core/groups/groupmembers.php
@@ -49,46 +49,44 @@
$text = $language->get();
//get the group uuid, lookup domain uuid (if any) and name
- $group_uuid = check_str($_REQUEST['group_uuid']);
+ $group_uuid = $_REQUEST['group_uuid'];
$sql = "select domain_uuid, group_name from v_groups ";
- $sql .= "where group_uuid = '".$group_uuid."' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where group_uuid = :group_uuid ";
+ $parameters['group_uuid'] = $group_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$domain_uuid = $row["domain_uuid"];
$group_name = $row["group_name"];
- break; //limit to 1 row
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
//define the if group members function
function is_group_member($group_uuid, $user_uuid) {
- global $db, $domain_uuid;
- $sql = "select * from v_user_groups ";
- $sql .= "where user_uuid = '".$user_uuid."' ";
- $sql .= "and group_uuid = '".$group_uuid."' ";
- $sql .= "and domain_uuid = '".(($domain_uuid != '') ? $domain_uuid : $_SESSION['domain_uuid'])."' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- if (count($prep_statement->fetchAll(PDO::FETCH_NAMED)) == 0) { return true; } else { return false; }
- unset ($sql, $prep_statement);
+ global $domain_uuid;
+ $sql = "select count(*) from v_user_groups ";
+ $sql .= "where user_uuid = :user_uuid ";
+ $sql .= "and group_uuid = :group_uuid ";
+ $sql .= "and domain_uuid = :domain_uuid ";
+ $parameters['user_uuid'] = $user_uuid;
+ $parameters['group_uuid'] = $group_uuid;
+ $parameters['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : $_SESSION['domain_uuid'];
+ $database = new database;
+ $num_rows = $database->select($sql, $parameters, 'column');
+ return $num_rows == 0 ? true : false;
+ unset($sql, $parameters, $num_rows);
}
//$exampledatareturned = example("apples", 1);
//get the the users array
if (permission_exists('group_member_add')) {
$sql = "select * from v_users where ";
- if ($domain_uuid != '') {
- $sql .= "domain_uuid = '".$domain_uuid."' ";
- }
- else {
- $sql .= "domain_uuid = '".$_SESSION['domain_uuid']."' ";
- }
+ $sql .= "domain_uuid = :domain_uuid ";
$sql .= "order by username ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+ $parameters['domain_uuid'] = is_uuid($domain_uuid) ? $domain_uuid : $_SESSION['domain_uuid'];
+ $database = new database;
+ $users = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
}
//get the groups users
@@ -96,17 +94,20 @@
$sql .= "from v_user_groups as ug, v_users as u, v_domains as d ";
$sql .= "where ug.user_uuid = u.user_uuid ";
$sql .= "and ug.domain_uuid = d.domain_uuid ";
- if ($domain_uuid != '') {
- $sql .= "and ug.domain_uuid = '".$domain_uuid."' ";
+ if (is_uuid($domain_uuid)) {
+ $sql .= "and ug.domain_uuid = :domain_uuid_ug ";
+ $parameters['domain_uuid_ug'] = $domain_uuid;
}
if (!permission_exists('user_all')) {
- $sql .= "and u.domain_uuid = '".$_SESSION['domain_uuid']."' ";
+ $sql .= "and u.domain_uuid = :domain_uuid_u ";
+ $parameters['domain_uuid_u'] = $_SESSION['domain_uuid'];
}
- $sql .= "and ug.group_uuid = '".$group_uuid."' ";
+ $sql .= "and ug.group_uuid = :group_uuid ";
$sql .= "order by d.domain_name asc, u.username asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+ $parameters['group_uuid'] = $group_uuid;
+ $database = new database;
+ $result = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//include the header
require_once "resources/header.php";
@@ -158,27 +159,29 @@
$echo .= "\n";
$count = 0;
- foreach ($result as &$row) {
- $username = $row["username"];
- $user_uuid = $row["user_uuid"];
- $domain_uuid = $row["domain_uuid"];
- $group_uuid = $row["group_uuid"];
- $echo .= "";
- if (permission_exists('user_all')) {
- $echo .= "| ".$_SESSION['domains'][$domain_uuid]['domain_name']." | \n";
- }
- $echo .= "".$username." | \n";
- $echo .= "";
- if (permission_exists('group_member_delete')) {
- $echo .= "".$v_link_label_delete."";
- }
- $echo .= " | \n";
- $echo .= "
\n";
+ if (is_array($result) && sizeof($result) != 0) {
+ foreach ($result as &$row) {
+ $username = $row["username"];
+ $user_uuid = $row["user_uuid"];
+ $domain_uuid = $row["domain_uuid"];
+ $group_uuid = $row["group_uuid"];
+ $echo .= "";
+ if (permission_exists('user_all')) {
+ $echo .= "| ".$_SESSION['domains'][$domain_uuid]['domain_name']." | \n";
+ }
+ $echo .= "".$username." | \n";
+ $echo .= "";
+ if (permission_exists('group_member_delete')) {
+ $echo .= "".$v_link_label_delete."";
+ }
+ $echo .= " | \n";
+ $echo .= "
\n";
- $c = ($c) ? 0 : 1;
+ $c = ($c) ? 0 : 1;
- $user_groups[] = $row["user_uuid"];
- $count++;
+ $user_groups[] = $row["user_uuid"];
+ $count++;
+ }
}
$echo .= "\n";
diff --git a/core/groups/groups.php b/core/groups/groups.php
index 973e70e9eb..9c54cc0aaf 100644
--- a/core/groups/groups.php
+++ b/core/groups/groups.php
@@ -47,20 +47,24 @@
$document['title'] = $text['title-group_manager'];
if (isset($_REQUEST["change"])) {
//get the values from the HTTP POST and save them as PHP variables
- $change = check_str($_REQUEST["change"]);
- $group_uuid = check_str($_REQUEST["group_uuid"]);
- $group_name = check_str($_REQUEST["group_name"]);
+ $change = $_REQUEST["change"];
+ $group_uuid = $_REQUEST["group_uuid"];
+ $group_name = $_REQUEST["group_name"];
- $sql = "update v_groups set group_protected = '".$change."' ";
- $sql .= "where group_uuid = '".$group_uuid."' ";
+ $sql = "update v_groups set group_protected = :group_protected ";
+ $sql .= "where group_uuid = :group_uuid ";
if (!permission_exists('group_domain')) {
$sql .= "and (";
- $sql .= " domain_uuid = '".$domain_uuid."' ";
+ $sql .= " domain_uuid = :domain_uuid ";
$sql .= " or domain_uuid is null ";
$sql .= ") ";
+ $parameters['domain_uuid'] = $domain_uuid;
}
- $db->exec(check_sql($sql));
- unset($sql);
+ $parameters['group_protected'] = $change;
+ $parameters['group_uuid'] = $group_uuid;
+ $database = new database;
+ $database->execute($sql, $parameters);
+ unset($sql, $parameters);
message::add($text['message-update']);
}
@@ -68,14 +72,14 @@
//get the groups
$sql = "select * from v_groups ";
if (!(permission_exists('group_all') && $_GET['show'] == 'all')) {
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
+ $sql .= "where domain_uuid = :domain_uuid ";
$sql .= "or domain_uuid is null ";
+ $parameters['domain_uuid'] = $domain_uuid;
}
$sql .= "order by domain_uuid desc, group_name asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- unset($sql, $prep_statement);
+ $database = new database;
+ $groups = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
//$system_groups = array('superadmin','admin','user','public','agent');
$system_groups = array();
@@ -83,16 +87,18 @@
//get group counts
$sql = "select group_uuid, count(user_uuid) as group_count from v_user_groups ";
if (!permission_exists('user_all')) {
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
}
$sql .= "group by group_uuid ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as $row) {
- $group_counts[$row['group_uuid']] = $row['group_count'];
+ $database = new database;
+ $result = $database->select($sql, $parameters, 'all');
+ if (is_array($result) && sizeof($result) != 0) {
+ foreach ($result as $row) {
+ $group_counts[$row['group_uuid']] = $row['group_count'];
+ }
}
- unset($sql, $prep_statement, $result, $row);
+ unset($sql, $parameters, $result, $row);
//show the content
echo "";
diff --git a/core/groups/permissions_copy.php b/core/groups/permissions_copy.php
index 57ff586637..0d1ce9b3dc 100644
--- a/core/groups/permissions_copy.php
+++ b/core/groups/permissions_copy.php
@@ -30,7 +30,7 @@
require_once "resources/check_auth.php";
//check permissions
- if (permission_exists('extension_add')) {
+ if (permission_exists('group_permission_add')) {
//access granted
}
else {
@@ -46,76 +46,87 @@
require_once "resources/paging.php";
//set the http get/post variable(s) to a php variable
- if (isset($_REQUEST["group_name"]) && isset($_REQUEST["new_group_name"])) {
+ if (is_uuid($_REQUEST["id"]) && isset($_REQUEST["new_group_name"])) {
//get HTTP values and set as variables
- $group_name = check_str($_REQUEST["group_name"]);
- $new_group_name = check_str($_REQUEST["new_group_name"]);
- $new_group_desc = check_str($_REQUEST["new_group_desc"]);
+ $group_uuid = $_REQUEST["id"];
+ $new_group_name = $_REQUEST["new_group_name"];
+ $new_group_desc = $_REQUEST["new_group_desc"];
- //get the groups data
+ //get the source groups data
$sql = "select * from v_groups ";
- $sql .= "where domain_uuid = '".$domain_uuid."' ";
- $sql .= "or domain_uuid is null ";
- $sql .= "and group_name = '".$group_name."' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
+ $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
+ $sql .= "and group_uuid = :group_uuid ";
+ $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['group_uuid'] = $group_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
$domain_uuid = $row["domain_uuid"];
$group_name = $row["group_name"];
}
- unset ($prep_statement);
+ unset($sql, $parameters, $row);
- //create new group
- $group_uuid = uuid();
- $sql = "insert into v_groups ";
- $sql .= "( ";
- $sql .= "group_uuid, ";
- $sql .= "group_name, ";
- $sql .= "group_description ";
- $sql .= ") ";
- $sql .= "values ";
- $sql .= "( ";
- $sql .= "'".$group_uuid."', ";
- $sql .= "'".$new_group_name."', ";
- $sql .= "'".$new_group_desc."' ";
- $sql .= ") ";
- $db->exec(check_sql($sql));
- unset($sql);
+ //create new target group
+ $new_group_uuid = uuid();
+ $array['groups'][0]['group_uuid'] = $new_group_uuid;
+ if (is_uuid($domain_uuid)) {
+ $array['groups'][0]['domain_uuid'] = $domain_uuid;
+ }
+ $array['groups'][0]['group_name'] = $new_group_name;
+ $array['groups'][0]['group_description'] = $new_group_desc;
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->save($array);
+ unset($array);
- //get the group permissions data
+ //get the source group permissions data
$sql = "select * from v_group_permissions ";
- $sql .= "where group_name = '".$group_name."' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
- foreach ($result as &$row) {
- $domain_uuid = $row["domain_uuid"];
- $permission_name = $row["permission_name"];
- $group_name = $row["group_name"];
+ $sql .= "where group_name = :group_name ";
+ if (is_uuid($domain_uuid)) {
+ $sql .= "and domain_uuid = :domain_uuid ";
+ $parameters['domain_uuid'] = $domain_uuid;
+ }
+ else {
+ $sql .= "and domain_uuid is null ";
+ }
+ $parameters['group_name'] = $group_name;
+ $database = new database;
+ $result = $database->select($sql, $parameters, 'all');
+ unset($sql, $parameters);
- //copy the group permissions
- $group_permission_uuid = uuid();
- $sql = "insert into v_group_permissions ";
- $sql .= "( ";
- $sql .= "group_permission_uuid, ";
- $sql .= "permission_name, ";
- $sql .= "group_name ";
- $sql .= ") ";
- $sql .= "values ";
- $sql .= "( ";
- $sql .= "'".$group_permission_uuid."', ";
- $sql .= "'".$permission_name."', ";
- $sql .= "'".$new_group_name."' ";
- $sql .= ") ";
- $db->exec(check_sql($sql));
- unset($sql);
+ if (is_array($result) && sizeof($result) != 0) {
+ foreach ($result as $index => &$row) {
+ $domain_uuid = $row["domain_uuid"];
+ $permission_name = $row["permission_name"];
+ $group_name = $row["group_name"];
+
+ //copy the group permissions
+ $array['group_permissions'][$index]['group_permission_uuid'] = uuid();
+ if (is_uuid($domain_uuid)) {
+ $array['group_permissions'][$index]['domain_uuid'] = $domain_uuid;
+ }
+ $array['group_permissions'][$index]['permission_name'] = $permission_name;
+ $array['group_permissions'][$index]['group_name'] = $new_group_name;
+ $array['group_permissions'][$index]['group_uuid'] = $new_group_uuid;
+ }
+ if (is_array($array) && sizeof($array) != 0) {
+ $p = new permissions;
+ $p->add('group_permission_add', 'temp');
+
+ $database = new database;
+ $database->app_name = 'groups';
+ $database->app_uuid = '2caf27b0-540a-43d5-bb9b-c9871a1e4f84';
+ $database->save($array);
+ unset($array);
+
+ $p->delete('group_permission_add', 'temp');
+
+ message::add($text['message-copy']);
+ }
}
unset ($prep_statement);
-
- //redirect the user
- message::add($text['message-copy']);
}
//redirect