robin.thoni
/
docker-pdns-server
Watch 1
Star 0
Fork 0
Code Issues 4 Pull Requests 0 Releases 8 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 Commits
2 Branches
Tree: 2f7b12c9b4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2f7b12c9b4'
${ noResults }
docker-pdns-server/poweradmin/poweradmin-2.1.8/inc/plugins/users_local/users_local.plugin.php

users_local.plugin.php 28KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884 
  1. <?php

  2. 

  3. /*

  4.  * Poweradmin, a friendly web-based admin tool for PowerDNS. See <http://www.poweradmin.org> for more details. Copyright 2007-2009 Rejo Zenger <rejo@zenger.nl> Copyright 2010-2017  Poweradmin Development Team <http://www.poweradmin.org/credits.html> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

  5.  */

  6. 

  7. /**

  8.  * User profile functions

  9.  *

  10.  * @package Poweradmin

  11.  * @copyright 2007-2010 Rejo Zenger <rejo@zenger.nl>

  12.  * @copyright 2010-2017  Poweradmin Development Team

  13.  * @license http://opensource.org/licenses/GPL-3.0 GPL

  14.  *

  15.  */

  16. require_once 'inc/toolkit.inc.php';

  17. 

  18. require_once dirname(dirname(dirname(__DIR__))) . '/vendor/poweradmin/Password.php';

  19. 

  20. /**

  21.  * Verify User has Permission Name

  22.  *

  23.  * Function to see if user has right to do something. It will check if

  24.  * user has "ueberuser" bit set. If it isn't, it will check if the user has

  25.  * the specific permission. It returns "false" if the user doesn't have the

  26.  * right, and "true" if the user has.

  27.  *

  28.  * @param array arg[0] Permission name

  29.  *

  30.  * @return boolean true if user has permission, false otherwise

  31.  */

  32. function verify_permission_local($arg) {

  33.     if (is_array($arg)) {

  34.         $permission = $arg [0];

  35.     } else {

  36.         $permission = $arg;

  37.     }

  38. 

  39.     static $cache = false;

  40. 

  41.     if ($cache !== false) {

  42.         return array_key_exists('user_is_ueberuser', $cache) || array_key_exists($permission, $cache);

  43.     }

  44. 

  45.     global $db;

  46.     if ((!isset($_SESSION['userid'])) || (!is_object($db))) {

  47.         return 0;

  48.     }

  49.     // Set current user ID.

  50.     $userid = $_SESSION['userid'];

  51. 

  52.     $query = $db->prepare("SELECT

  53.         perm_items.name AS permission

  54.         FROM perm_templ_items

  55.         LEFT JOIN perm_items ON perm_items.id = perm_templ_items.perm_id

  56.         LEFT JOIN perm_templ ON perm_templ.id = perm_templ_items.templ_id

  57.         LEFT JOIN users ON perm_templ.id = users.perm_templ

  58.         WHERE users.id = ?");

  59.     $query->execute(array($userid));

  60.     $cache = $query->fetchAll(PDO::FETCH_GROUP | PDO::FETCH_ASSOC);

  61. 

  62.     return array_key_exists('user_is_ueberuser', $cache) || array_key_exists($permission, $cache);

  63. }

  64. 

  65. /**

  66.  * Get a list of all available permission templates

  67.  *

  68.  * @return mixed[] array of templates [id, name, descr]

  69.  */

  70. function list_permission_templates_local() {

  71.     global $db;

  72.     $query = "SELECT * FROM perm_templ ORDER BY name";

  73.     $response = $db->query($query);

  74.     if (PEAR::isError($response)) {

  75.         error($response->getMessage());

  76.         return false;

  77.     }

  78. 

  79.     $template_list = array();

  80.     while ($template = $response->fetchRow()) {

  81.         $template_list [] = array(

  82.             "id" => $template ['id'],

  83.             "name" => $template ['name'],

  84.             "descr" => $template ['descr']

  85.         );

  86.     }

  87.     return $template_list;

  88. }

  89. 

  90. /**

  91.  * Retrieve all users

  92.  *

  93.  * Its to show_users therefore the odd name. Has to be changed.

  94.  *

  95.  * @param int $id Exclude User ID

  96.  * @param int $rowstart Startring row number

  97.  * @param int $rowamount Number of rows to return this query

  98.  *

  99.  * @return mixed[] array with all users [id,username,fullname,email,description,active,numdomains]

  100.  */

  101. function show_users_local($id = '', $rowstart = 0, $rowamount = 9999999) {

  102. 

  103.     global $db;

  104.     $add = '';

  105.     if (is_numeric($id)) {

  106.         // When a user id is given, it is excluded from the userlist returned.

  107.         $add = " WHERE users.id!=" . $db->quote($id, 'integer');

  108.     }

  109. 

  110.     // Make a huge query.

  111.     $query = "SELECT users.id AS id,

  112. 	users.username AS username,

  113. 	users.fullname AS fullname,

  114. 	users.email AS email,

  115. 	users.description AS description,

  116. 	users.active AS active,

  117. 	users.perm_templ AS perm_templ,

  118. 	count(zones.owner) AS aantal FROM users

  119. 	LEFT JOIN zones ON users.id=zones.owner$add

  120. 	GROUP BY

  121. 	users.id,

  122. 	users.username,

  123. 	users.fullname,

  124. 	users.email,

  125. 	users.description,

  126. 	users.perm_templ,

  127. 	users.active

  128. 	ORDER BY

  129. 	users.fullname";

  130. 

  131.     // Execute the huge query.

  132.     $db->setLimit($rowamount, $rowstart);

  133.     $response = $db->query($query);

  134.     if (PEAR::isError($response)) {

  135.         error($response->getMessage());

  136.         return false;

  137.     }

  138.     $ret = array();

  139.     while ($r = $response->fetchRow()) {

  140.         $ret [] = array(

  141.             "id" => $r ["id"],

  142.             "username" => $r ["username"],

  143.             "fullname" => $r ["fullname"],

  144.             "email" => $r ["email"],

  145.             "description" => $r ["description"],

  146.             "active" => $r ["active"],

  147.             "numdomains" => $r ["aantal"]

  148.         );

  149.     }

  150.     return $ret;

  151. }

  152. 

  153. /**

  154.  * Check if Valid User

  155.  *

  156.  * Check if the given $userid is connected to a valid user.

  157.  *

  158.  * @param int $id User ID

  159.  *

  160.  * @return boolean true if user exists, false if users doesnt exist

  161.  */

  162. function is_valid_user_local($id) {

  163.     global $db;

  164.     if (is_numeric($id)) {

  165.         $response = $db->queryOne("SELECT id FROM users WHERE id=" . $db->quote($id, 'integer'));

  166.         return ($response ? true : false);

  167.     }

  168. }

  169. 

  170. /**

  171.  * Check if Username Exists

  172.  *

  173.  * Checks if a given username exists in the database.

  174.  *

  175.  * @param string $user Username

  176.  *

  177.  * @return boolean true if exists, false if not

  178.  */

  179. function user_exists($user) {

  180.     global $db;

  181.     $response = $db->queryOne("SELECT id FROM users WHERE username=" . $db->quote($user, 'text'));

  182.     return ($response ? true : false);

  183. }

  184. 

  185. /**

  186.  * Delete User ID

  187.  *

  188.  * Delete a user from the system. Will also delete zones owned by user or

  189.  * re-assign those zones to a new specified owner.

  190.  * $zones is an array of zone 'zid's to delete or re-assign depending on

  191.  * 'target' value [delete,new_owner] and 'newowner' value

  192.  *

  193.  * @param int $uid User ID to delete

  194.  * @param mixed[] $zones Array of zones

  195.  *

  196.  * @return boolean true on success, false otherwise

  197.  */

  198. function delete_user_local($uid, $zones) {

  199.     global $db;

  200. 

  201.     if (($uid != $_SESSION ['userid'] && !do_hook('verify_permission', 'user_edit_others')) || ($uid == $_SESSION ['userid'] && !do_hook('verify_permission', 'user_edit_own'))) {

  202.         error(ERR_PERM_DEL_USER);

  203.         return false;

  204.     } else {

  205. 

  206.         if (is_array($zones)) {

  207.             foreach ($zones as $zone) {

  208.                 if ($zone ['target'] == "delete") {

  209.                     delete_domain($zone ['zid']);

  210.                 } elseif ($zone ['target'] == "new_owner") {

  211.                     add_owner_to_zone($zone ['zid'], $zone ['newowner']);

  212.                 }

  213.             }

  214.         }

  215. 

  216.         $query = "DELETE FROM zones WHERE owner = " . $db->quote($uid, 'integer');

  217.         $response = $db->query($query);

  218.         if (PEAR::isError($response)) {

  219.             error($response->getMessage());

  220.             return false;

  221.         }

  222. 

  223.         $query = "DELETE FROM users WHERE id = " . $db->quote($uid, 'integer');

  224.         $response = $db->query($query);

  225.         if (PEAR::isError($response)) {

  226.             error($response->getMessage());

  227.             return false;

  228.         }

  229. 

  230.         delete_zone_templ_userid($uid);

  231.     }

  232.     return true;

  233. }

  234. 

  235. /**

  236.  * Delete Permission Template ID

  237.  *

  238.  * @param int $ptid Permission template ID

  239.  *

  240.  * @return boolean true on success, false otherwise

  241.  */

  242. function delete_perm_templ_local($ptid) {

  243.     global $db;

  244.     if (!(do_hook('verify_permission', 'user_edit_templ_perm'))) {

  245.         error(ERR_PERM_DEL_PERM_TEMPL);

  246.     } else {

  247.         $query = "SELECT id FROM users WHERE perm_templ = " . $ptid;

  248.         $response = $db->queryOne($query);

  249.         if (PEAR::isError($response)) {

  250.             error($response->getMessage());

  251.             return false;

  252.         }

  253. 

  254.         if ($response) {

  255.             error(ERR_PERM_TEMPL_ASSIGNED);

  256.             return false;

  257.         } else {

  258.             $query = "DELETE FROM perm_templ_items WHERE templ_id = " . $ptid;

  259.             $response = $db->query($query);

  260.             if (PEAR::isError($response)) {

  261.                 error($response->getMessage());

  262.                 return false;

  263.             }

  264. 

  265.             $query = "DELETE FROM perm_templ WHERE id = " . $ptid;

  266.             $response = $db->query($query);

  267.             if (PEAR::isError($response)) {

  268.                 error($response->getMessage());

  269.                 return false;

  270.             }

  271. 

  272.             return true;

  273.         }

  274.     }

  275. }

  276. 

  277. /**

  278.  * Modify User Details

  279.  *

  280.  * Edit the information of an user.. sloppy implementation with too many queries.. (2) :)

  281.  *

  282.  * @param int $id User ID

  283.  * @param string $user Username

  284.  * @param string $fullname Full Name

  285.  * @param string $email Email address

  286.  * @param string $perm_templ Permission Template Name

  287.  * @param string $description Description

  288.  * @param int $active Active User

  289.  * @param string $password Password

  290.  *

  291.  * @return boolean true if succesful, false otherwise

  292.  */

  293. function edit_user_local($id, $user, $fullname, $email, $perm_templ, $description, $active, $password) {

  294.     global $db;

  295. 

  296.     do_hook('verify_permission', 'user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0";

  297.     do_hook('verify_permission', 'user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0";

  298. 

  299.     if (($id == $_SESSION ["userid"] && $perm_edit_own == "1") || ($id != $_SESSION ["userid"] && $perm_edit_others == "1")) {

  300. 

  301.         if (!is_valid_email($email)) {

  302.             error(ERR_INV_EMAIL);

  303.             return false;

  304.         }

  305. 

  306.         if ($active != 1) {

  307.             $active = 0;

  308.         }

  309. 

  310.         // Before updating the database we need to check whether the user wants to

  311.         // change the username. If the user wants to change the username, we need

  312.         // to make sure it doesn't already exists.

  313.         //

  314. 		// First find the current username of the user ID we want to change. If the

  315.         // current username is not the same as the username that was given by the

  316.         // user, the username should apparantly changed. If so, check if the "new"

  317.         // username already exists.

  318. 

  319.         $query = "SELECT username FROM users WHERE id = " . $db->quote($id, 'integer');

  320.         $response = $db->query($query);

  321.         if (PEAR::isError($response)) {

  322.             error($response->getMessage());

  323.             return false;

  324.         }

  325. 

  326.         $usercheck = array();

  327.         $usercheck = $response->fetchRow();

  328. 

  329.         if ($usercheck ['username'] != $user) {

  330. 

  331.             // Username of user ID in the database is different from the name

  332.             // we have been given. User wants a change of username. Now, make

  333.             // sure it doesn't already exist.

  334. 

  335.             $query = "SELECT id FROM users WHERE username = " . $db->quote($user, 'text');

  336.             $response = $db->queryOne($query);

  337.             if ($response) {

  338.                 error(ERR_USER_EXIST);

  339.                 return false;

  340.             }

  341.         }

  342. 

  343.         // So, user doesn't want to change username or, if he wants, there is not

  344.         // another user that goes by the wanted username. So, go ahead!

  345. 

  346.         $query = "UPDATE users SET username = " . $db->quote($user, 'text') . ",

  347. fullname = " . $db->quote($fullname, 'text') . ",

  348. email = " . $db->quote($email, 'text') . ",";

  349.         if (do_hook('verify_permission', 'user_edit_templ_perm')) {

  350.             $query .= "perm_templ = " . $db->quote($perm_templ, 'integer') . ",";

  351.         }

  352.         $query .= "description = " . $db->quote($description, 'text') . ",

  353. 				active = " . $db->quote($active, 'integer');

  354. 

  355.         if ($password != "") {

  356.             $query .= ", password = " . $db->quote(Poweradmin\Password::hash($password), 'text');

  357.         }

  358. 

  359.         $query .= " WHERE id = " . $db->quote($id, 'integer');

  360. 

  361.         $response = $db->query($query);

  362.         if (PEAR::isError($response)) {

  363.             error($response->getMessage());

  364.             return false;

  365.         }

  366.     } else {

  367.         error(ERR_PERM_EDIT_USER);

  368.         return false;

  369.     }

  370.     return true;

  371. }

  372. 

  373. /**

  374.  * Change User Password

  375.  *

  376.  * Change the pass of the user.

  377.  * The user is automatically logged out after the pass change.

  378.  *

  379.  * @param mixed[] $details User Details

  380.  *

  381.  * @return null

  382.  */

  383. function change_user_pass_local($details) {

  384.     global $db;

  385. 

  386.     if ($details ['newpass'] != $details ['newpass2']) {

  387.         error(ERR_USER_MATCH_NEW_PASS);

  388.         return false;

  389.     }

  390. 

  391.     $query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION ["userlogin"], 'text');

  392.     $response = $db->query($query);

  393.     if (PEAR::isError($response)) {

  394.         error($response->getMessage());

  395.         return false;

  396.     }

  397. 

  398.     $rinfo = $response->fetchRow();

  399. 

  400.     if (Poweradmin\Password::verify($details['currentpass'], $rinfo['password'])) {

  401.         $query = "UPDATE users SET password = " . $db->quote(Poweradmin\Password::hash($details['newpass']), 'text') . " WHERE id = " . $db->quote($rinfo ['id'], 'integer');

  402.         $response = $db->query($query);

  403.         if (PEAR::isError($response)) {

  404.             error($response->getMessage());

  405.             return false;

  406.         }

  407. 

  408.         logout(_('Password has been changed, please login.'), 'success');

  409.     } else {

  410.         error(ERR_USER_WRONG_CURRENT_PASS);

  411.         return false;

  412.     }

  413. }

  414. 

  415. /**

  416.  * Get User FullName from User ID

  417.  *

  418.  * Get a fullname when you have a userid.

  419.  *

  420.  * @param int $id User ID

  421.  *

  422.  * @return string Full Name

  423.  */

  424. function get_fullname_from_userid_local($id) {

  425.     global $db;

  426.     if (is_numeric($id)) {

  427.         $response = $db->query("SELECT fullname FROM users WHERE id=" . $db->quote($id, 'integer'));

  428.         if (PEAR::isError($response)) {

  429.             error($response->getMessage());

  430.             return false;

  431.         }

  432.         $r = $response->fetchRow();

  433.         return $r ["fullname"];

  434.     } else {

  435.         error(ERR_INV_ARG);

  436.         return false;

  437.     }

  438. }

  439. 

  440. /**

  441.  * Get User FullName from User ID

  442.  * fixme: Duplicate function

  443.  *

  444.  * Get a fullname when you have a userid.

  445.  *

  446.  * @param int $id User ID

  447.  *

  448.  * @return string Full Name

  449.  */

  450. function get_owner_from_id_local($id) {

  451.     global $db;

  452.     if (is_numeric($id)) {

  453.         $response = $db->queryRow("SELECT fullname FROM users WHERE id=" . $db->quote($id, 'integer'));

  454. 

  455.         if ($response) {

  456.             return $response ["fullname"];

  457.         } else {

  458.             error(ERR_USER_NOT_EXIST);

  459.         }

  460.     }

  461.     error(ERR_INV_ARG);

  462. }

  463. 

  464. /**

  465.  * Get Full Names of owners for a Domain ID

  466.  *

  467.  * @todo also fetch the subowners

  468.  *

  469.  * @param int $id Domain ID

  470.  *

  471.  * @return string[] array of owners for domain

  472.  */

  473. function get_fullnames_owners_from_domainid_local($id) {

  474.     global $db;

  475.     if (is_numeric($id)) {

  476.         $response = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=" . $db->quote($id, 'integer') . " AND zones.owner=users.id ORDER by fullname");

  477.         if ($response) {

  478.             $names = array();

  479.             while ($r = $response->fetchRow()) {

  480.                 $names [] = $r ['fullname'];

  481.             }

  482.             return implode(', ', $names);

  483.         }

  484.         return "";

  485.     }

  486.     error(ERR_INV_ARG);

  487. }

  488. 

  489. /**

  490.  * Verify User is Zone ID owner

  491.  *

  492.  * @param int $zoneid Zone ID

  493.  *

  494.  * @return int 1 if owner, 0 if not owner

  495.  */

  496. function verify_user_is_owner_zoneid_local($zoneid) {

  497.     global $db;

  498. 

  499.     $userid = $_SESSION ["userid"];

  500.     if (is_numeric($zoneid)) {

  501.         $response = $db->queryOne("SELECT zones.id FROM zones

  502. 				WHERE zones.owner = " . $db->quote($userid, 'integer') . "

  503. 				AND zones.domain_id = " . $db->quote($zoneid, 'integer'));

  504.         return ($response ? "1" : "0");

  505.     }

  506.     error(ERR_INV_ARG);

  507. }

  508. 

  509. /**

  510.  * Get User Details

  511.  *

  512.  * Gets an array of all users and their details

  513.  *

  514.  * @param int $specific User ID (optional)

  515.  *

  516.  * @return mixed[] array of user details

  517.  */

  518. function get_user_detail_list_local($specific) {

  519.     global $db;

  520.     global $ldap_use;

  521. 

  522.     $userid = $_SESSION ['userid'];

  523. 

  524.     // fixme: does this actually verify the permission?

  525.     if (v_num($specific)) {

  526.         $sql_add = "AND users.id = " . $db->quote($specific, 'integer');

  527.     } else {

  528.         if (do_hook('verify_permission', 'user_view_others')) {

  529.             $sql_add = "";

  530.         } else {

  531.             $sql_add = "AND users.id = " . $db->quote($userid, 'integer');

  532.         }

  533.     }

  534. 

  535.     $query = "SELECT users.id AS uid,

  536. 			username,

  537. 			fullname,

  538. 			email,

  539. 			description AS descr,

  540. 			active,";

  541.     if ($ldap_use) {

  542.         $query .= "use_ldap,";

  543.     }

  544. 

  545.     $query .= "perm_templ.id AS tpl_id,

  546. 			perm_templ.name AS tpl_name,

  547. 			perm_templ.descr AS tpl_descr

  548. 			FROM users, perm_templ

  549. 			WHERE users.perm_templ = perm_templ.id " . $sql_add . "

  550. 			ORDER BY username";

  551. 

  552.     $response = $db->query($query);

  553.     if (PEAR::isError($response)) {

  554.         error($response->getMessage());

  555.         return false;

  556.     }

  557. 

  558.     while ($user = $response->fetchRow()) {

  559.         $userlist [] = array(

  560.             "uid" => $user ['uid'],

  561.             "username" => $user ['username'],

  562.             "fullname" => $user ['fullname'],

  563.             "email" => $user ['email'],

  564.             "descr" => $user ['descr'],

  565.             "active" => $user ['active'],

  566.             "use_ldap" => isset($user['use_ldap']) ? $user ['use_ldap'] : 0,

  567.             "tpl_id" => $user ['tpl_id'],

  568.             "tpl_name" => $user ['tpl_name'],

  569.             "tpl_descr" => $user ['tpl_descr']

  570.         );

  571.     }

  572.     return $userlist;

  573. }

  574. 

  575. /**

  576.  * Get List of Permissions

  577.  *

  578.  * Get a list of permissions that are available. If first argument is "0", it

  579.  * should return all available permissions. If the first argument is > "0", it

  580.  * should return the permissions assigned to that particular template only. If

  581.  * second argument is true, only the permission names are returned.

  582.  *

  583.  * @param int $templ_id Template ID (optional) [default=0]

  584.  * @param boolean $return_name_only Return name only or all details (optional) [default=false]

  585.  *

  586.  * @return mixed[] array of permissions [id,name,descr] or permission names [name]

  587.  */

  588. function get_permissions_by_template_id_local($templ_id = 0, $return_name_only = false) {

  589.     global $db;

  590. 

  591.     $limit = '';

  592.     if ($templ_id > 0) {

  593.         $limit = ", perm_templ_items

  594. 			WHERE perm_templ_items.templ_id = " . $db->quote($templ_id, 'integer') . "

  595. 			AND perm_templ_items.perm_id = perm_items.id";

  596.     }

  597. 

  598.     $query = "SELECT perm_items.id AS id,

  599. 			perm_items.name AS name,

  600. 			perm_items.descr AS descr

  601. 			FROM perm_items" . $limit . "

  602. 			ORDER BY name";

  603.     $response = $db->query($query);

  604.     if (PEAR::isError($response)) {

  605.         error($response->getMessage());

  606.         return false;

  607.     }

  608. 

  609.     $permission_list = array();

  610.     while ($permission = $response->fetchRow()) {

  611.         if ($return_name_only == false) {

  612.             $permission_list [] = array(

  613.                 "id" => $permission ['id'],

  614.                 "name" => $permission ['name'],

  615.                 "descr" => $permission ['descr']

  616.             );

  617.         } else {

  618.             $permission_list [] = $permission ['name'];

  619.         }

  620.     }

  621.     return $permission_list;

  622. }

  623. 

  624. /**

  625.  * Get name and description of template from Template ID

  626.  *

  627.  * @param int $templ_id Template ID

  628.  *

  629.  * @return mixed[] Template details

  630.  */

  631. function get_permission_template_details_local($templ_id) {

  632.     global $db;

  633. 

  634.     $query = "SELECT *

  635. 			FROM perm_templ

  636. 			WHERE perm_templ.id = " . $db->quote($templ_id, 'integer');

  637. 

  638.     $response = $db->query($query);

  639.     if (PEAR::isError($response)) {

  640.         error($response->getMessage());

  641.         return false;

  642.     }

  643. 

  644.     $details = $response->fetchRow();

  645.     return $details;

  646. }

  647. 

  648. /**

  649.  * Add a Permission Template

  650.  *

  651.  * @param mixed[] $details Permission template details [templ_name,templ_descr,perm_id]

  652.  *

  653.  * @return boolean true on success, false otherwise

  654.  */

  655. function add_perm_templ_local($details) {

  656.     global $db;

  657.     global $db_type;

  658. 

  659.     // Fix permission template name and description first.

  660. 

  661.     $query = "INSERT INTO perm_templ (name, descr)

  662. 			VALUES (" . $db->quote($details ['templ_name'], 'text') . ", " . $db->quote($details ['templ_descr'], 'text') . ")";

  663. 

  664.     $response = $db->query($query);

  665.     if (PEAR::isError($response)) {

  666.         error($response->getMessage());

  667.         return false;

  668.     }

  669. 

  670.     if ($db_type == 'pgsql') {

  671.         $perm_templ_id = $db->lastInsertId('perm_templ_id_seq');

  672.     } else {

  673.         $perm_templ_id = $db->lastInsertId();

  674.     }

  675. 

  676.     if (isset($details ['perm_id'])) {

  677.         foreach ($details ['perm_id'] as $perm_id) {

  678.             $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($perm_templ_id, 'integer') . "," . $db->quote($perm_id, 'integer') . ")";

  679.             $response = $db->query($query);

  680.             if (PEAR::isError($response)) {

  681.                 error($response->getMessage());

  682.                 return false;

  683.             }

  684.         }

  685.     }

  686. 

  687.     return true;

  688. }

  689. 

  690. /**

  691.  * Update permission template details

  692.  *

  693.  * @param mixed[] $details Permission Template Details

  694.  *

  695.  * @return boolean true on success, false otherwise

  696.  */

  697. function update_perm_templ_details_local($details) {

  698.     global $db;

  699. 

  700.     // Fix permission template name and description first.

  701. 

  702.     $query = "UPDATE perm_templ

  703. 			SET name = " . $db->quote($details ['templ_name'], 'text') . ",

  704. 			descr = " . $db->quote($details ['templ_descr'], 'text') . "

  705. 			WHERE id = " . $db->quote($details ['templ_id'], 'integer');

  706.     $response = $db->query($query);

  707.     if (PEAR::isError($response)) {

  708.         error($response->getMessage());

  709.         return false;

  710.     }

  711. 

  712.     // Now, update list of permissions assigned to this template. We could do

  713.     // this The Correct Way [tm] by comparing the list of permissions that are

  714.     // currently assigned with a list of permissions that should be assigned and

  715.     // apply the difference between these two lists to the database. That sounds

  716.     // like too much work. Just delete all the permissions currently assigned to

  717.     // the template, than assign all the permessions the template should have.

  718. 

  719.     $query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details ['templ_id'];

  720.     $response = $db->query($query);

  721.     if (PEAR::isError($response)) {

  722.         error($response->getMessage());

  723.         return false;

  724.     }

  725. 

  726.     if (isset($details ['perm_id'])) {

  727.         foreach ($details ['perm_id'] as $perm_id) {

  728.             $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($details ['templ_id'], 'integer') . "," . $db->quote($perm_id, 'integer') . ")";

  729.             $response = $db->query($query);

  730.             if (PEAR::isError($response)) {

  731.                 error($response->getMessage());

  732.                 return false;

  733.             }

  734.         }

  735.     }

  736. 

  737.     return true;

  738. }

  739. 

  740. /**

  741.  * Update User Details

  742.  *

  743.  * @param mixed[] $details User details

  744.  *

  745.  * @return boolean true on success, false otherise

  746.  */

  747. function update_user_details_local($details) {

  748.     global $db;

  749. 

  750.     do_hook('verify_permission', 'user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0";

  751.     do_hook('verify_permission', 'user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0";

  752.     do_hook('verify_permission', 'templ_perm_edit') ? $perm_templ_perm_edit = "1" : $perm_templ_perm_edit = "0";

  753.     do_hook('verify_permission', 'user_is_ueberuser') ? $perm_is_godlike = "1" : $perm_is_godlike = "0";

  754. 

  755.     if (($details ['uid'] == $_SESSION ["userid"] && $perm_edit_own == "1") || ($details ['uid'] != $_SESSION ["userid"] && $perm_edit_others == "1")) {

  756. 

  757.         if (!is_valid_email($details ['email'])) {

  758.             error(ERR_INV_EMAIL);

  759.             return false;

  760.         }

  761. 

  762.         if (!isset($details ['active']) || $details ['active'] != "on") {

  763.             $active = 0;

  764.         } else {

  765.             $active = 1;

  766.         }

  767.         if (isset($details ['use_ldap'])) {

  768.             $use_ldap = 1;

  769.         } else {

  770.             $use_ldap = 0;

  771.         }

  772. 

  773.         // Before updating the database we need to check whether the user wants to

  774.         // change the username. If the user wants to change the username, we need

  775.         // to make sure it doesn't already exists.

  776.         //

  777.         // First find the current username of the user ID we want to change. If the

  778.         // current username is not the same as the username that was given by the

  779.         // user, the username should apparantly changed. If so, check if the "new"

  780.         // username already exists.

  781.         $query = "SELECT username FROM users WHERE id = " . $db->quote($details ['uid'], 'integer');

  782.         $response = $db->query($query);

  783.         if (PEAR::isError($response)) {

  784.             error($response->getMessage());

  785.             return false;

  786.         }

  787. 

  788.         $usercheck = array();

  789.         $usercheck = $response->fetchRow();

  790. 

  791.         if ($usercheck ['username'] != $details ['username']) {

  792.             // Username of user ID in the database is different from the name

  793.             // we have been given. User wants a change of username. Now, make

  794.             // sure it doesn't already exist.

  795.             $query = "SELECT id FROM users WHERE username = " . $db->quote($details ['username'], 'text');

  796.             $response = $db->queryOne($query);

  797.             if ($response) {

  798.                 error(ERR_USER_EXIST);

  799.                 return false;

  800.             }

  801.         }

  802. 

  803.         // So, user doesn't want to change username or, if he wants, there is not

  804.         // another user that goes by the wanted username. So, go ahead!

  805. 

  806.         $query = "UPDATE users SET username = " . $db->quote($details ['username'], 'text') . ",

  807.             fullname = " . $db->quote($details ['fullname'], 'text') . ",

  808.             email = " . $db->quote($details ['email'], 'text') . ",

  809.             description = " . $db->quote($details ['descr'], 'text') . ",

  810.         active = " . $db->quote($active, 'integer');

  811. 

  812.         // If the user is alllowed to change the permission template, set it.

  813.         if ($perm_templ_perm_edit == "1") {

  814.             $query .= ", perm_templ = " . $db->quote($details ['templ_id'], 'integer');

  815.         }

  816. 

  817.         // If the user is allowed to change the use_ldap flag, set it.

  818.         if ($perm_is_godlike == "1") {

  819.             $query .= ", use_ldap = " . $db->quote($use_ldap, 'integer');

  820.         }

  821. 

  822.         if (isset($details ['password']) && $details ['password'] != "") {

  823.             $query .= ", password = " . $db->quote(Poweradmin\Password::hash($details['password'], 'text'));

  824.         }

  825. 

  826.         $query .= " WHERE id = " . $db->quote($details ['uid'], 'integer');

  827. 

  828.         $response = $db->query($query);

  829.         if (PEAR::isError($response)) {

  830.             error($response->getMessage());

  831.             return false;

  832.         }

  833.     } else {

  834.         error(ERR_PERM_EDIT_USER);

  835.         return false;

  836.     }

  837.     return true;

  838. }

  839. 

  840. /**

  841.  * Add a new user

  842.  *

  843.  * @param mixed[] $details Array of User details

  844.  *

  845.  * @return boolean true on success, false otherwise

  846.  */

  847. function add_new_user_local($details) {

  848.     global $db;

  849. 

  850.     if (!do_hook('verify_permission', 'user_add_new')) {

  851.         error(ERR_PERM_ADD_USER);

  852.         return false;

  853.     } elseif (user_exists($details ['username'])) {

  854.         error(ERR_USER_EXIST);

  855.         return false;

  856.     } elseif (!is_valid_email($details ['email'])) {

  857.         error(ERR_INV_EMAIL);

  858.         return false;

  859.     } elseif ($details ['active'] == 1) {

  860.         $active = 1;

  861.     } else {

  862.         $active = 0;

  863.     }

  864. 

  865.     $query = "INSERT INTO users (username, password, fullname, email, description,";

  866.     if (do_hook('verify_permission', 'user_edit_templ_perm')) {

  867.         $query .= ' perm_templ,';

  868.     }

  869. 

  870.     $password_hash = Poweradmin\Password::hash($details['password']);

  871. 

  872.     $query .= " active) VALUES (" . $db->quote($details ['username'], 'text') . ", " . $db->quote($password_hash, 'text') . ", " . $db->quote($details ['fullname'], 'text') . ", " . $db->quote($details ['email'], 'text') . ", " . $db->quote($details ['descr'], 'text') . ", ";

  873.     if (do_hook('verify_permission', 'user_edit_templ_perm')) {

  874.         $query .= $db->quote($details ['perm_templ'], 'integer') . ", ";

  875.     }

  876.     $query .= $db->quote($active, 'integer') . ")";

  877.     $response = $db->query($query);

  878.     if (PEAR::isError($response)) {

  879.         error($response->getMessage());

  880.         return false;

  881.     }

  882. 

  883.     return true;

  884. }