$ax['grp_all_cats']); $stH = dbQuery("SELECT `ID`,`name` FROM `categories` WHERE `status` >= 0"); while ($row = $stH->fetch(PDO::FETCH_ASSOC)) { $catArray[$row['ID']] = $row['name']; } //display group list echo "
{$ax['grp_list_of_groups']}\n"; $stH = dbQuery("SELECT * FROM `groups` WHERE `status` >= 0 ORDER BY CASE WHEN `ID` <= 2 THEN `ID` ELSE `name` END"); $rows = $stH->fetchAll(PDO::FETCH_ASSOC); echo "\n\n"; foreach ($rows as $group) { $style = $group['color'] ? " style='background-color:{$group['color']};'" : ''; echo "\n{$group['name']}"; echo ""; echo "'; echo "\n"; $noYes = array($ax['no'], $ax['yes']); echo " "; echo ($usr['privs'] == 9 or $group['privs'] < 9) ? "" : ''; echo ($group['ID'] > 2) ? "" : ''; echo "\n"; } echo "
 {$ax['id']} {$ax['grp_name']}{$ax['grp_priv']}{$ax['grp_categories']}
{$ax['grp_view']}
{$ax['grp_categories']}
{$ax['grp_add']}
{$ax['grp_rep_events']}{$ax['grp_m-d_events']}{$ax['grp_priv_events']}{$ax['grp_upload_files']}{$ax['grp_send_sms']}{$ax['grp_tnail_privs']}
{$group['ID']}{$ax['grp_priv'.$group['privs']]}"; if ($group['privs'] > 0) { $catIDs = explode(',',$group['vCatIDs']); foreach ($catIDs as $id) { if (isset($catArray[$id])) { echo $catArray[$id].'
'; } } } echo '
"; if ($group['privs'] > 1) { $catIDs = explode(',',$group['eCatIDs']); foreach ($catIDs as $id) { if (isset($catArray[$id])) { echo $catArray[$id].'
'; } } } echo "
{$noYes[$group['rEvents']]} {$noYes[$group['mEvents']]} {$noYes[$group['pEvents']]} {$noYes[$group['upload']]} {$noYes[$group['sendSms']]} {$ax["grp_tn_privs".$group['tnPrivs']]}
\n"; echo "
   \n"; } function editGroup(&$group) { global $ax, $usr, $mode, $lcI; echo "
\n "; echo "
"; if ($mode != 'add') { $stH = stPrep("SELECT * FROM `groups` WHERE `ID` = ?"); stExec($stH,array($group['id'])); $row = $stH->fetch(PDO::FETCH_ASSOC); $stH = null; if ($row and !isset($_POST['name'])) { $group['name'] = $row['name']; $group['privs'] = $row['privs']; $group['vCatIDs'] = explode(',',$row['vCatIDs']); $group['eCatIDs'] = explode(',',$row['eCatIDs']); $group['rEvts'] = $row['rEvents']; $group['mEvts'] = $row['mEvents']; $group['pEvts'] = $row['pEvents']; $group['upload'] = $row['upload']; $group['sndSms'] = $row['sendSms']; $group['tnPrivs'] = $row['tnPrivs']; $group['color'] = $row['color']; } echo "{$ax['grp_edit_group']}\n"; } else { echo "{$ax['grp_add_group']}\n"; $pwNote = ':'; } $style = ($group['color'] ? " style='background-color:{$group['color']};'" : ''); echo " "; echo "\n"; if ($mode != 'add') { echo "\n"; } echo "\n"; echo "\n"; echo ""; if (isset($row) and $row['ID'] == 2) { echo "\n"; } else { echo "\n"; } $stH = dbQuery("SELECT `ID`,`name` FROM `categories` WHERE `status` >= 0 ORDER BY `sequence`"); $cats = $stH->fetchAll(PDO::FETCH_ASSOC); echo ""; $checked = in_array('0',$group['vCatIDs']) ? " checked" : ''; echo "\n"; $checked = in_array('0',$group['eCatIDs']) ? " checked" : ''; echo "\n"; echo "\n"; foreach ($cats as $cat) { $checked = in_array(strval($cat['ID']),$group['vCatIDs']) ? " checked" : ''; echo ""; $checked = in_array(strval($cat['ID']),$group['eCatIDs']) ? " checked" : ''; echo ""; echo "\n"; } echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo ""; echo "\n"; echo "
{$ax['id']}: {$group['id']}
{$ax['grp_name']}:
{$ax['grp_background']}:
{$ax['grp_priv']}:{$ax['grp_priv9']}
{$ax['grp_categories']}:{$ax['grp_view']}{$ax['grp_add']}
{$ax['grp_all_cats']}
{$cat['name']}
:
:
:
:
:
{$ax['grp_tn_privs']}:
\n"; if ($mode == 'add') { echo ""; } else { echo ""; } echo "   
\n"; } function addGroup(&$group) { //add group global $ax, $set, $mode; do { if ($group['color'] and !preg_match("/^#[0-9A-Fa-f]{6}$/", $group['color'])) { $msg = $ax['grp_invalid_color']; break; } if (!$group['name']) { $msg = $ax['grp_cred_required']; break; } if (!preg_match("/^[\w\s\._-]{2,}$/u", $group['name'])) { $msg = $ax['grp_name_invalid']; break; } $stH = stPrep("SELECT `name` FROM `groups` WHERE `name` = ? AND `status` >= 0"); stExec($stH,array($group['name'])); $row = $stH->fetch(PDO::FETCH_ASSOC); $stH = null; if ($row) { //name already exists $msg = $ax['grp_name_exists']; break; } $stH = stPrep("INSERT INTO `groups` (`name`,`privs`,`vCatIDs`,`eCatIDs`,`rEvents`,`mEvents`,`pEvents`,`upload`,`sendSms`,`tnPrivs`,`color`) VALUES (?,?,?,?,?,?,?,?,?,?,?)"); stExec($stH,array($group['name'],$group['privs'],implode(',',$group['vCatIDs']),implode(',',$group['eCatIDs']),$group['rEvts'],$group['mEvts'],$group['pEvts'],$group['upload'],$group['sndSms'],$group['tnPrivs'],$group['color'])); $msg = $ax['grp_added']; $mode = ''; } while (false); return $msg; } function updateGroup($group) { //update group global $ax, $mode; do { if ($group['color'] and !preg_match("/^#[0-9A-Fa-f]{6}$/", $group['color'])) { $msg = $ax['grp_invalid_color']; break; } if (!preg_match("/^[\w\s\._-]{2,}$/u", $group['name'])) { $msg = $ax['grp_name_invalid']; break; } $stH = stPrep("UPDATE `groups` SET `name` = ?,`privs` = ?,`vCatIDs` = ?,`eCatIDs` = ?,`rEvents` = ?,`mEvents` = ?,`pEvents` = ?,`upload` = ?,`sendSms` = ?,`tnPrivs` = ?,`color` = ? WHERE `ID` = ?"); stExec($stH,array($group['name'],$group['privs'],implode(',',$group['vCatIDs']),implode(',',$group['eCatIDs']),$group['rEvts'],$group['mEvts'],$group['pEvts'],$group['upload'],$group['sndSms'],$group['tnPrivs'],$group['color'], $group['id'])); $msg = $ax['grp_updated']; $mode = ''; } while (false); return $msg; } function deleteGroup($group) { //delete user group global $ax; do { $stH = stPrep("SELECT `name` FROM `users` WHERE `groupID` = ? AND `status` >= 0 limit 1"); stExec($stH,array($group['id'])); $row = $stH->fetch(PDO::FETCH_ASSOC); $stH = null; if ($row) { //group is in use $msg = $ax['grp_in_use'].' - '.$ax['grp_not_deleted']; break; } $stH = stPrep("UPDATE `groups` SET `status` = -1 WHERE `ID` = ?"); stExec($stH,array($group['id'])); $deleted = $stH->rowCount(); if (!$deleted) { $msg = "Database Error: {$ax['grp_not_deleted']}"; break; } $msg = $ax['grp_deleted']; } while (false); return $msg; } //Control logic if ($usr['privs'] >= 4) { //manager or admin $msg = ''; if (isset($_POST['addExe'])) { $msg = addGroup($group); } elseif (isset($_POST['updExe'])) { $msg = updateGroup($group); } elseif (isset($_POST['delExe'])) { $msg = deleteGroup($group); } echo "

{$msg}

\n"; if (!$mode or isset($_POST["back"])) { showGroups(); //no add / no edit } else { editGroup($group); //add or edit } echo "
\n
\n"; } else { echo "

{$ax['no_way']}

\n"; } ?>