Portions created by the Initial Developer are Copyright (C) 2008-2012 the Initial Developer. All Rights Reserved. Contributor(s): Mark J Crane */ include "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; if (permission_exists('group_member_add') || if_group("superadmin")) { //access allowed } else { echo "access denied"; return; } //requires a superadmin to add a user to the superadmin group if (!if_group("superadmin") && $_GET["group_name"] == "superadmin") { echo "access denied"; return; } //get the http values and set them as variables $domain_uuid = check_str($_POST["domain_uuid"]); $group_uuid = check_str($_POST["group_uuid"]); $group_name = check_str($_POST["group_name"]); $user_uuid = check_str($_POST["user_uuid"]); //add the user to the group if (is_uuid($user_uuid) && is_uuid($group_uuid) && strlen($group_name) > 0) { $sql = "insert into v_group_users "; $sql .= "("; $sql .= "group_user_uuid, "; $sql .= "domain_uuid, "; $sql .= "group_uuid, "; $sql .= "group_name, "; $sql .= "user_uuid "; $sql .= ")"; $sql .= "values "; $sql .= "("; $sql .= "'".uuid()."', "; $sql .= "'".$domain_uuid."', "; $sql .= "'".$group_uuid."', "; $sql .= "'".$group_name."', "; $sql .= "'".$user_uuid."' "; $sql .= ")"; if (!$db->exec($sql)) { $info = $db->errorInfo(); echo "

".print_r($info, true)."

"; exit; } else { //log the success //$log_type = 'group'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." added to group: ".$group_name; //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]); } } //redirect the user $_SESSION["message"] = $text['message-update']; header("Location: groupmembers.php?group_uuid=".$group_uuid."&group_name=".$group_name); ?>