open(); /*************************************************************************** userprivilege.php Christopher Scollo scollo@taurix.com *************************************************************************** Function Synopses: void displayUserSelection (arr aUsers) // Generate page for selecting a user void displayPrivileges (obj oUser, arr aPrivileges) // Generate page for privilege assignment array getUsers() // Returns an array of all users array getPrivileges() // Returns an array of all privileges bool validate () // Validate form data and set the global user object bool save () // Save the current settings void main (str sAction) // Flow control *************************************************************************** Function Declarations: ***************************************************************************/ function displayUserSelection($aUsers) { // Generate page for selecting a user echo("\n"); ?> User Privilege


\n"); ?> User Privilege

Privileges for User getFullname()))); ?>

$sDescription) { echo( "hasPrivilege($iPrivID) ? " checked=\"checked\"" : "") . " />" . stripslashes(htmlspecialchars($sDescription)) . "
\n" ); } ?>

query("SELECT username, fullname FROM User"); while ($row = $sql->fetchObject()) { $aRet[$row->username] = $row->fullname; } return $aRet; } // end getUsers() /***************************************************************************/ function getPrivileges() { // Returns an array of all privileges global $sql; $aRet = array(); $sql->query("SELECT * FROM Privilege ORDER BY priv_id"); while ($row = $sql->fetchObject()) { $aRet[(int)$row->priv_id] = $row->description; } return $aRet; } // end getPrivileges() /***************************************************************************/ function validate() { // Validate form data and set the global user object global $priv_id, $username, $oUser; if ($username) { // Make sure it's a valid username: $oUser = new User(addslashes($username)); if (!$oUser->userExists) return 0; if ($priv_id) { if (is_array($priv_id)) { foreach ($priv_id as $iPrivID) { // Make sure it's a valid privilege: $oPriv = new Privilege((int)$iPrivID); if (!$oPriv->privilegeExists) return 0; } } else { return 0; } } else { $priv_id = array(); } } return 1; } // end validate() /***************************************************************************/ function save() { // Save the current settings global $priv_id, $oUser, $sql; $bRet = 1; // Remove all privileges from user $sUsername = $oUser->getUsername(); $sql->query("DELETE FROM UserPrivilege WHERE username='$sUsername'"); // Now add back the selected privileges foreach ($priv_id as $iPrivID) { if (!$oUser->addPrivilege($iPrivID)) $bRet = 0; } return $bRet; } // end save() /***************************************************************************/ function main($sAction) { // Flow control if (!validate()) return; switch ($sAction) { case "": // Fall through case "Cancel": displayUserSelection(getUsers()); break; case "Exit": header("Location: index.php"); exit; case "View Privileges": if ($oUser = $GLOBALS["oUser"]) { displayPrivileges($oUser, getPrivileges()); } break; case "Save": save(); displayUserSelection(getUsers()); break; default: // Illegal action crack_attempt(); } } // end main() /***************************************************************************/ main($action); ?>