robin.thoni
/
docker-pdns-server
Watch 1
Star 0
Fork 0
Code Issues 4 Pull Requests 0 Releases 8 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
2 Branches
Tree: a628060c97
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a628060c97'
${ noResults }
docker-pdns-server/poweradmin/poweradmin-2.1.7/inc/users.inc.php

users.inc.php 29KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932 
  1. <?php

  2. 

  3. /*  Poweradmin, a friendly web-based admin tool for PowerDNS.

  4.  *  See <http://www.poweradmin.org> for more details.

  5.  *

  6.  *  Copyright 2007-2009  Rejo Zenger <rejo@zenger.nl>

  7.  *  Copyright 2010-2014  Poweradmin Development Team

  8.  *      <http://www.poweradmin.org/credits.html>

  9.  *

  10.  *  This program is free software: you can redistribute it and/or modify

  11.  *  it under the terms of the GNU General Public License as published by

  12.  *  the Free Software Foundation, either version 3 of the License, or

  13.  *  (at your option) any later version.

  14.  *

  15.  *  This program is distributed in the hope that it will be useful,

  16.  *  but WITHOUT ANY WARRANTY; without even the implied warranty of

  17.  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  18.  *  GNU General Public License for more details.

  19.  *

  20.  *  You should have received a copy of the GNU General Public License

  21.  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.

  22.  */

  23. 

  24. /**

  25.  *  User profile functions

  26.  *

  27.  * @package Poweradmin

  28.  * @copyright   2007-2010 Rejo Zenger <rejo@zenger.nl>

  29.  * @copyright   2010-2014 Poweradmin Development Team

  30.  * @license     http://opensource.org/licenses/GPL-3.0 GPL

  31.  */

  32. require_once("inc/toolkit.inc.php");

  33. 

  34. /** Verify User has Permission Name

  35.  *

  36.  *  Function to see if user has right to do something. It will check if

  37.  *  user has "ueberuser" bit set. If it isn't, it will check if the user has

  38.  *  the specific permission. It returns "false" if the user doesn't have the

  39.  *  right, and "true" if the user has. 

  40.  *

  41.  *  @param string $permission Permission name

  42.  *

  43.  *  @return boolean true if user has permission, false otherwise

  44.  */

  45. function verify_permission($permission) {

  46.     global $db;

  47. 

  48.     if ((!isset($_SESSION['userid'])) || (!is_object($db))) {

  49.         return 0;

  50.     }

  51. 

  52.     // Set current user ID.

  53.     $userid = $_SESSION['userid'];

  54. 

  55.     $query = 'SELECT id FROM perm_items WHERE name=' . $db->quote('user_is_ueberuser', 'text');

  56.     $ueberUserId = $db->queryOne($query);

  57. 

  58.     // Find the template ID that this user has been assigned.

  59.     $query = "SELECT perm_templ

  60. 			FROM users 

  61. 			WHERE id = " . $db->quote($userid, 'integer');

  62.     $templ_id = $db->queryOne($query);

  63. 

  64.     // Does this user have ueberuser rights?

  65.     $query = "SELECT id

  66. 			FROM perm_templ_items 

  67. 			WHERE templ_id = " . $db->quote($templ_id, 'integer') . " 

  68. 			AND perm_id = " . $ueberUserId;

  69. 

  70.     if ($db->queryOne($query)) {

  71.         return true;

  72.     }

  73. 

  74.     // Find the permission ID for the requested permission.

  75.     $query = "SELECT id

  76. 			FROM perm_items 

  77. 			WHERE name = " . $db->quote($permission, 'text');

  78.     $perm_id = $db->queryOne($query);

  79. 

  80.     // Check if the permission ID is assigned to the template ID.

  81.     $query = "SELECT id

  82. 			FROM perm_templ_items 

  83. 			WHERE templ_id = " . $db->quote($templ_id, 'integer') . " 

  84. 			AND perm_id = " . $db->quote($perm_id, 'integer');

  85. 

  86.     return ($db->queryOne($query) ? true : false);

  87. }

  88. 

  89. /** Get a list of all available permission templates

  90.  *

  91.  * @return mixed[] array of templates [id, name, descr]

  92.  */

  93. function list_permission_templates() {

  94.     global $db;

  95.     $query = "SELECT * FROM perm_templ ORDER BY name";

  96.     $response = $db->query($query);

  97.     if (PEAR::isError($response)) {

  98.         error($response->getMessage());

  99.         return false;

  100.     }

  101. 

  102.     $template_list = array();

  103.     while ($template = $response->fetchRow()) {

  104.         $template_list[] = array(

  105.             "id" => $template['id'],

  106.             "name" => $template['name'],

  107.             "descr" => $template['descr']

  108.         );

  109.     }

  110.     return $template_list;

  111. }

  112. 

  113. /** Retrieve all users

  114.  *

  115.  * Its to show_users therefore the odd name. Has to be changed.

  116.  *

  117.  * @param int $id Exclude User ID

  118.  * @param int $rowstart Startring row number

  119.  * @param int $rowamount Number of rows to return this query

  120.  *

  121.  * @return mixed[] array with all users [id,username,fullname,email,description,active,numdomains]

  122.  */

  123. function show_users($id = '', $rowstart = 0, $rowamount = 9999999) {

  124.     global $db;

  125.     $add = '';

  126.     if (is_numeric($id)) {

  127.         //When a user id is given, it is excluded from the userlist returned.

  128.         $add = " WHERE users.id!=" . $db->quote($id, 'integer');

  129.     }

  130. 

  131.     // Make a huge query.

  132.     $query = "SELECT users.id AS id,

  133. 		users.username AS username,

  134. 		users.fullname AS fullname,

  135. 		users.email AS email,

  136. 		users.description AS description,

  137. 		users.active AS active,

  138. 		users.perm_templ AS perm_templ,

  139. 		count(zones.owner) AS aantal FROM users

  140. 		LEFT JOIN zones ON users.id=zones.owner$add

  141. 		GROUP BY

  142. 			users.id,

  143. 			users.username,

  144. 			users.fullname,

  145. 			users.email,

  146. 			users.description,

  147. 			users.perm_templ,

  148. 			users.active

  149. 		ORDER BY

  150. 			users.fullname";

  151. 

  152.     // Execute the huge query.

  153.     $db->setLimit($rowamount, $rowstart);

  154.     $response = $db->query($query);

  155.     if (PEAR::isError($response)) {

  156.         error($response->getMessage());

  157.         return false;

  158.     }

  159.     $ret = array();

  160.     while ($r = $response->fetchRow()) {

  161.         $ret[] = array(

  162.             "id" => $r["id"],

  163.             "username" => $r["username"],

  164.             "fullname" => $r["fullname"],

  165.             "email" => $r["email"],

  166.             "description" => $r["description"],

  167.             "active" => $r["active"],

  168.             "numdomains" => $r["aantal"]

  169.         );

  170.     }

  171.     return $ret;

  172. }

  173. 

  174. /** Check if Valid User

  175.  *

  176.  * Check if the given $userid is connected to a valid user.

  177.  *

  178.  * @param int $id User ID

  179.  *

  180.  * @return boolean true if user exists, false if users doesnt exist

  181.  */

  182. function is_valid_user($id) {

  183.     global $db;

  184.     if (is_numeric($id)) {

  185.         $response = $db->queryOne("SELECT id FROM users WHERE id=" . $db->quote($id, 'integer'));

  186.         return ($response ? true : false);

  187.     }

  188. }

  189. 

  190. /** Check if Username Exists

  191.  *

  192.  * Checks if a given username exists in the database.

  193.  *

  194.  * @param string $user Username

  195.  *

  196.  * @return boolean true if exists, false if not

  197.  */

  198. function user_exists($user) {

  199.     global $db;

  200.     $response = $db->queryOne("SELECT id FROM users WHERE username=" . $db->quote($user, 'text'));

  201.     return ($response ? true : false);

  202. }

  203. 

  204. /** Delete User ID

  205.  *

  206.  * Delete a user from the system. Will also delete zones owned by user or

  207.  * re-assign those zones to a new specified owner.

  208.  * $zones is an array of zone 'zid's to delete or re-assign depending on

  209.  * 'target' value [delete,new_owner] and 'newowner' value

  210.  *

  211.  * @param int $uid User ID to delete

  212.  * @param mixed[] $zones Array of zones

  213.  *

  214.  * @return boolean true on success, false otherwise

  215.  */

  216. function delete_user($uid, $zones) {

  217.     global $db;

  218. 

  219.     if (($uid != $_SESSION['userid'] && !verify_permission('user_edit_others')) || ($uid == $_SESSION['userid'] && !verify_permission('user_edit_own'))) {

  220.         error(ERR_PERM_DEL_USER);

  221.         return false;

  222.     } else {

  223. 

  224.         if (is_array($zones)) {

  225.             foreach ($zones as $zone) {

  226.                 if ($zone['target'] == "delete") {

  227.                     delete_domain($zone['zid']);

  228.                 } elseif ($zone['target'] == "new_owner") {

  229.                     add_owner_to_zone($zone['zid'], $zone['newowner']);

  230.                 }

  231.             }

  232.         }

  233. 

  234.         $query = "DELETE FROM zones WHERE owner = " . $db->quote($uid, 'integer');

  235.         $response = $db->query($query);

  236.         if (PEAR::isError($response)) {

  237.             error($response->getMessage());

  238.             return false;

  239.         }

  240. 

  241.         $query = "DELETE FROM users WHERE id = " . $db->quote($uid, 'integer');

  242.         $response = $db->query($query);

  243.         if (PEAR::isError($response)) {

  244.             error($response->getMessage());

  245.             return false;

  246.         }

  247. 

  248.         delete_zone_templ_userid($uid);

  249.     }

  250.     return true;

  251. }

  252. 

  253. /** Delete Permission Template ID

  254.  *

  255.  * @param int $ptid Permission template ID

  256.  *

  257.  * @return boolean true on success, false otherwise

  258.  */

  259. function delete_perm_templ($ptid) {

  260. 

  261.     global $db;

  262.     if (!(verify_permission('user_edit_templ_perm'))) {

  263.         error(ERR_PERM_DEL_PERM_TEMPL);

  264.     } else {

  265.         $query = "SELECT id FROM users WHERE perm_templ = " . $ptid;

  266.         $response = $db->queryOne($query);

  267.         if (PEAR::isError($response)) {

  268.             error($response->getMessage());

  269.             return false;

  270.         }

  271. 

  272.         if ($response) {

  273.             error(ERR_PERM_TEMPL_ASSIGNED);

  274.             return false;

  275.         } else {

  276.             $query = "DELETE FROM perm_templ_items WHERE templ_id = " . $ptid;

  277.             $response = $db->query($query);

  278.             if (PEAR::isError($response)) {

  279.                 error($response->getMessage());

  280.                 return false;

  281.             }

  282. 

  283.             $query = "DELETE FROM perm_templ WHERE id = " . $ptid;

  284.             $response = $db->query($query);

  285.             if (PEAR::isError($response)) {

  286.                 error($response->getMessage());

  287.                 return false;

  288.             }

  289. 

  290.             return true;

  291.         }

  292.     }

  293. }

  294. 

  295. /** Modify User Details

  296.  *

  297.  * Edit the information of an user.. sloppy implementation with too many queries.. (2) :)

  298.  *

  299.  * @param int $id User ID

  300.  * @param string $user Username

  301.  * @param string $fullname Full Name

  302.  * @param string $email Email address

  303.  * @param string $perm_templ Permission Template Name

  304.  * @param string $description Description

  305.  * @param int $active Active User

  306.  * @param string $password Password

  307.  *

  308.  * @return boolean true if succesful, false otherwise

  309.  */

  310. function edit_user($id, $user, $fullname, $email, $perm_templ, $description, $active, $password) {

  311.     global $db;

  312.     global $password_encryption;

  313. 

  314.     verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0";

  315.     verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0";

  316. 

  317.     if (($id == $_SESSION["userid"] && $perm_edit_own == "1") || ($id != $_SESSION["userid"] && $perm_edit_others == "1" )) {

  318. 

  319.         if (!is_valid_email($email)) {

  320.             error(ERR_INV_EMAIL);

  321.             return false;

  322.         }

  323. 

  324.         if ($active != 1) {

  325.             $active = 0;

  326.         }

  327. 

  328.         // Before updating the database we need to check whether the user wants to 

  329.         // change the username. If the user wants to change the username, we need 

  330.         // to make sure it doesn't already exists. 

  331.         //

  332. 		// First find the current username of the user ID we want to change. If the 

  333.         // current username is not the same as the username that was given by the 

  334.         // user, the username should apparantly changed. If so, check if the "new" 

  335.         // username already exists.

  336. 

  337.         $query = "SELECT username FROM users WHERE id = " . $db->quote($id, 'integer');

  338.         $response = $db->query($query);

  339.         if (PEAR::isError($response)) {

  340.             error($response->getMessage());

  341.             return false;

  342.         }

  343. 

  344.         $usercheck = array();

  345.         $usercheck = $response->fetchRow();

  346. 

  347.         if ($usercheck['username'] != $user) {

  348. 

  349.             // Username of user ID in the database is different from the name

  350.             // we have been given. User wants a change of username. Now, make

  351.             // sure it doesn't already exist.

  352. 

  353.             $query = "SELECT id FROM users WHERE username = " . $db->quote($user, 'text');

  354.             $response = $db->queryOne($query);

  355.             if ($response) {

  356.                 error(ERR_USER_EXIST);

  357.                 return false;

  358.             }

  359.         }

  360. 

  361.         // So, user doesn't want to change username or, if he wants, there is not

  362.         // another user that goes by the wanted username. So, go ahead!

  363. 

  364.         $query = "UPDATE users SET

  365. 				username = " . $db->quote($user, 'text') . ",

  366. 				fullname = " . $db->quote($fullname, 'text') . ",

  367. 				email = " . $db->quote($email, 'text') . ",";

  368.         if (verify_permission('user_edit_templ_perm')) {

  369.             $query .= "perm_templ = " . $db->quote($perm_templ, 'integer') . ",";

  370.         }

  371.         $query .= "description = " . $db->quote($description, 'text') . ", 

  372. 				active = " . $db->quote($active, 'integer');

  373. 

  374.         if ($password != "") {

  375.             if ($password_encryption == 'md5salt') {

  376.                 $query .= ", password = " . $db->quote(gen_mix_salt($password), 'text');

  377.             } else {

  378.                 $query .= ", password = " . $db->quote(md5($password), 'text');

  379.             }

  380.         }

  381. 

  382.         $query .= " WHERE id = " . $db->quote($id, 'integer');

  383. 

  384.         $response = $db->query($query);

  385.         if (PEAR::isError($response)) {

  386.             error($response->getMessage());

  387.             return false;

  388.         }

  389.     } else {

  390.         error(ERR_PERM_EDIT_USER);

  391.         return false;

  392.     }

  393.     return true;

  394. }

  395. 

  396. /** Change User Password

  397.  *

  398.  * Change the pass of the user.

  399.  * The user is automatically logged out after the pass change.

  400.  *

  401.  * @param mixed[] $details User Details

  402.  *

  403.  * @return null

  404.  */

  405. function change_user_pass($details) {

  406.     global $db;

  407.     global $password_encryption;

  408. 

  409.     if ($details['newpass'] != $details['newpass2']) {

  410.         error(ERR_USER_MATCH_NEW_PASS);

  411.         return false;

  412.     }

  413. 

  414.     $query = "SELECT id, password FROM users WHERE username = " . $db->quote($_SESSION["userlogin"], 'text');

  415.     $response = $db->query($query);

  416.     if (PEAR::isError($response)) {

  417.         error($response->getMessage());

  418.         return false;

  419.     }

  420. 

  421.     $rinfo = $response->fetchRow();

  422. 

  423.     if ($password_encryption == 'md5salt') {

  424.         $extracted_salt = extract_salt($rinfo['password']);

  425.         $current_password = mix_salt($extracted_salt, $details['currentpass']);

  426.     } else {

  427.         $current_password = md5($details['currentpass']);

  428.     }

  429. 

  430.     if ($current_password == $rinfo['password']) {

  431.         if ($password_encryption == 'md5salt') {

  432.             $query = "UPDATE users SET password = " . $db->quote(gen_mix_salt($details['newpass']), 'text') . " WHERE id = " . $db->quote($rinfo['id'], 'integer');

  433.         } else {

  434.             $query = "UPDATE users SET password = " . $db->quote(md5($details['newpass']), 'text') . " WHERE id = " . $db->quote($rinfo['id'], 'integer');

  435.         }

  436.         $response = $db->query($query);

  437.         if (PEAR::isError($response)) {

  438.             error($response->getMessage());

  439.             return false;

  440.         }

  441. 

  442.         logout(_('Password has been changed, please login.'), 'success');

  443.     } else {

  444.         error(ERR_USER_WRONG_CURRENT_PASS);

  445.         return false;

  446.     }

  447. }

  448. 

  449. /** Get User FullName from User ID

  450.  *

  451.  * Get a fullname when you have a userid.

  452.  * @param int $id User ID

  453.  * 

  454.  * @return string Full Name

  455.  */

  456. function get_fullname_from_userid($id) {

  457.     global $db;

  458.     if (is_numeric($id)) {

  459.         $response = $db->query("SELECT fullname FROM users WHERE id=" . $db->quote($id, 'integer'));

  460.         if (PEAR::isError($response)) {

  461.             error($response->getMessage());

  462.             return false;

  463.         }

  464.         $r = $response->fetchRow();

  465.         return $r["fullname"];

  466.     } else {

  467.         error(ERR_INV_ARG);

  468.         return false;

  469.     }

  470. }

  471. 

  472. /** Get User FullName from User ID

  473.  * fixme: Duplicate function

  474.  *

  475.  * Get a fullname when you have a userid.

  476.  * @param int $id User ID

  477.  * 

  478.  * @return string Full Name

  479.  */

  480. function get_owner_from_id($id) {

  481.     global $db;

  482.     if (is_numeric($id)) {

  483.         $response = $db->queryRow("SELECT fullname FROM users WHERE id=" . $db->quote($id, 'integer'));

  484. 

  485.         if ($response) {

  486.             return $response["fullname"];

  487.         } else {

  488.             error(ERR_USER_NOT_EXIST);

  489.         }

  490.     }

  491.     error(ERR_INV_ARG);

  492. }

  493. 

  494. /** Get Full Names of owners for a Domain ID

  495.  *

  496.  * @todo also fetch the subowners

  497.  *

  498.  * @param int $id Domain ID

  499.  *

  500.  * @return string[] array of owners for domain

  501.  */

  502. function get_fullnames_owners_from_domainid($id) {

  503. 

  504.     global $db;

  505.     if (is_numeric($id)) {

  506.         $response = $db->query("SELECT users.id, users.fullname FROM users, zones WHERE zones.domain_id=" . $db->quote($id, 'integer') . " AND zones.owner=users.id ORDER by fullname");

  507.         if ($response) {

  508.             $names = array();

  509.             while ($r = $response->fetchRow()) {

  510.                 $names[] = $r['fullname'];

  511.             }

  512.             return implode(', ', $names);

  513.         }

  514.         return "";

  515.     }

  516.     error(ERR_INV_ARG);

  517. }

  518. 

  519. /** Verify User is Zone ID owner

  520.  *

  521.  * @param int $zoneid Zone ID

  522.  *

  523.  * @return int 1 if owner, 0 if not owner

  524.  */

  525. function verify_user_is_owner_zoneid($zoneid) {

  526.     global $db;

  527. 

  528.     $userid = $_SESSION["userid"];

  529.     if (is_numeric($zoneid)) {

  530.         $response = $db->queryOne("SELECT zones.id FROM zones 

  531. 				WHERE zones.owner = " . $db->quote($userid, 'integer') . "

  532. 				AND zones.domain_id = " . $db->quote($zoneid, 'integer'));

  533.         return ($response ? "1" : "0");

  534.     }

  535.     error(ERR_INV_ARG);

  536. }

  537. 

  538. /** Get User Details

  539.  *

  540.  * Gets an array of all users and their details

  541.  *

  542.  * @param int $specific User ID (optional)

  543.  *

  544.  * @return mixed[] array of user details

  545.  */

  546. function get_user_detail_list($specific) {

  547.     global $db;

  548.     global $ldap_use;

  549. 

  550.     $userid = $_SESSION['userid'];

  551. 

  552.     // fixme: does this actually verify the permission?

  553.     if (v_num($specific)) {

  554.         $sql_add = "AND users.id = " . $db->quote($specific, 'integer');

  555.     } else {

  556.         if (verify_permission('user_view_others')) {

  557.             $sql_add = "";

  558.         } else {

  559.             $sql_add = "AND users.id = " . $db->quote($userid, 'integer');

  560.         }

  561.     }

  562. 

  563.     $query = "SELECT users.id AS uid, 

  564. 			username, 

  565. 			fullname, 

  566. 			email, 

  567. 			description AS descr,

  568. 			active,";

  569.     if ($ldap_use) {

  570.         $query .= "use_ldap,";

  571.     }

  572. 

  573.     $query .= "perm_templ.id AS tpl_id,

  574. 			perm_templ.name AS tpl_name,

  575. 			perm_templ.descr AS tpl_descr

  576. 			FROM users, perm_templ 

  577. 			WHERE users.perm_templ = perm_templ.id "

  578.             . $sql_add . "

  579. 			ORDER BY username";

  580. 

  581.     $response = $db->query($query);

  582.     if (PEAR::isError($response)) {

  583.         error($response->getMessage());

  584.         return false;

  585.     }

  586. 

  587.     while ($user = $response->fetchRow()) {

  588.         $userlist[] = array(

  589.             "uid" => $user['uid'],

  590.             "username" => $user['username'],

  591.             "fullname" => $user['fullname'],

  592.             "email" => $user['email'],

  593.             "descr" => $user['descr'],

  594.             "active" => $user['active'],

  595.             "use_ldap" => $user['use_ldap'],

  596.             "tpl_id" => $user['tpl_id'],

  597.             "tpl_name" => $user['tpl_name'],

  598.             "tpl_descr" => $user['tpl_descr']

  599.         );

  600.     }

  601.     return $userlist;

  602. }

  603. 

  604. /** Get List of Permissions

  605.  *

  606.  * Get a list of permissions that are available. If first argument is "0", it

  607.  * should return all available permissions. If the first argument is > "0", it

  608.  * should return the permissions assigned to that particular template only. If

  609.  * second argument is true, only the permission names are returned.

  610.  *

  611.  * @param int $templ_id Template ID (optional) [default=0]

  612.  * @param boolean $return_name_only Return name only or all details (optional) [default=false]

  613.  *

  614.  * @return mixed[] array of permissions [id,name,descr] or permission names [name]

  615.  */

  616. function get_permissions_by_template_id($templ_id = 0, $return_name_only = false) {

  617.     global $db;

  618. 

  619.     $limit = '';

  620.     if ($templ_id > 0) {

  621.         $limit = ", perm_templ_items 

  622. 			WHERE perm_templ_items.templ_id = " . $db->quote($templ_id, 'integer') . "

  623. 			AND perm_templ_items.perm_id = perm_items.id";

  624.     }

  625. 

  626.     $query = "SELECT perm_items.id AS id, 

  627. 			perm_items.name AS name, 

  628. 			perm_items.descr AS descr

  629. 			FROM perm_items"

  630.             . $limit . "

  631. 			ORDER BY name";

  632.     $response = $db->query($query);

  633.     if (PEAR::isError($response)) {

  634.         error($response->getMessage());

  635.         return false;

  636.     }

  637. 

  638.     $permission_list = array();

  639.     while ($permission = $response->fetchRow()) {

  640.         if ($return_name_only == false) {

  641.             $permission_list[] = array(

  642.                 "id" => $permission['id'],

  643.                 "name" => $permission['name'],

  644.                 "descr" => $permission['descr']

  645.             );

  646.         } else {

  647.             $permission_list[] = $permission['name'];

  648.         }

  649.     }

  650.     return $permission_list;

  651. }

  652. 

  653. /** Get name and description of template from Template ID

  654.  *

  655.  * @param int $templ_id Template ID

  656.  *

  657.  * @return mixed[] Template details

  658.  */

  659. function get_permission_template_details($templ_id) {

  660.     global $db;

  661. 

  662.     $query = "SELECT *

  663. 			FROM perm_templ

  664. 			WHERE perm_templ.id = " . $db->quote($templ_id, 'integer');

  665. 

  666.     $response = $db->query($query);

  667.     if (PEAR::isError($response)) {

  668.         error($response->getMessage());

  669.         return false;

  670.     }

  671. 

  672.     $details = $response->fetchRow();

  673.     return $details;

  674. }

  675. 

  676. /** Add a Permission Template

  677.  *

  678.  * @param mixed[] $details Permission template details [templ_name,templ_descr,perm_id]

  679.  *

  680.  * @return boolean true on success, false otherwise

  681.  */

  682. function add_perm_templ($details) {

  683.     global $db;

  684.     global $db_layer;

  685.     global $db_type;

  686. 

  687.     // Fix permission template name and description first. 

  688. 

  689.     $query = "INSERT INTO perm_templ (name, descr)

  690. 			VALUES ("

  691.             . $db->quote($details['templ_name'], 'text') . ", "

  692.             . $db->quote($details['templ_descr'], 'text') . ")";

  693. 

  694.     $response = $db->query($query);

  695.     if (PEAR::isError($response)) {

  696.         error($response->getMessage());

  697.         return false;

  698.     }

  699. 

  700.     if ($db_layer == 'MDB2' && ($db_type == 'mysql' || $db_type == 'pgsql')) {

  701.         $perm_templ_id = $db->lastInsertId('perm_templ', 'id');

  702.     } else if ($db_layer == 'PDO' && $db_type == 'pgsql') {

  703.         $perm_templ_id = $db->lastInsertId('perm_templ_id_seq');

  704.     } else {

  705.         $perm_templ_id = $db->lastInsertId();

  706.     }

  707. 

  708.     if (isset($details['perm_id'])) {

  709.         foreach ($details['perm_id'] AS $perm_id) {

  710.             $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($perm_templ_id, 'integer') . "," . $db->quote($perm_id, 'integer') . ")";

  711.             $response = $db->query($query);

  712.             if (PEAR::isError($response)) {

  713.                 error($response->getMessage());

  714.                 return false;

  715.             }

  716.         }

  717.     }

  718. 

  719.     return true;

  720. }

  721. 

  722. /** Update permission template details

  723.  *

  724.  * @param mixed[] $details Permission Template Details

  725.  *

  726.  * @return boolean true on success, false otherwise

  727.  */

  728. function update_perm_templ_details($details) {

  729.     global $db;

  730. 

  731.     // Fix permission template name and description first. 

  732. 

  733.     $query = "UPDATE perm_templ 

  734. 			SET name = " . $db->quote($details['templ_name'], 'text') . ",

  735. 			descr = " . $db->quote($details['templ_descr'], 'text') . "

  736. 			WHERE id = " . $db->quote($details['templ_id'], 'integer');

  737.     $response = $db->query($query);

  738.     if (PEAR::isError($response)) {

  739.         error($response->getMessage());

  740.         return false;

  741.     }

  742. 

  743.     // Now, update list of permissions assigned to this template. We could do 

  744.     // this The Correct Way [tm] by comparing the list of permissions that are

  745.     // currently assigned with a list of permissions that should be assigned and

  746.     // apply the difference between these two lists to the database. That sounds 

  747.     // like too much work. Just delete all the permissions currently assigned to 

  748.     // the template, than assign all the permessions the template should have.

  749. 

  750.     $query = "DELETE FROM perm_templ_items WHERE templ_id = " . $details['templ_id'];

  751.     $response = $db->query($query);

  752.     if (PEAR::isError($response)) {

  753.         error($response->getMessage());

  754.         return false;

  755.     }

  756. 

  757.     if (isset($details['perm_id'])) {

  758.         foreach ($details['perm_id'] AS $perm_id) {

  759.             $query = "INSERT INTO perm_templ_items (templ_id, perm_id) VALUES (" . $db->quote($details['templ_id'], 'integer') . "," . $db->quote($perm_id, 'integer') . ")";

  760.             $response = $db->query($query);

  761.             if (PEAR::isError($response)) {

  762.                 error($response->getMessage());

  763.                 return false;

  764.             }

  765.         }

  766.     }

  767. 

  768.     return true;

  769. }

  770. 

  771. /** Update User Details

  772.  *

  773.  * @param mixed[] $details User details

  774.  *

  775.  * @return boolean true on success, false otherise

  776.  */

  777. function update_user_details($details) {

  778. 

  779.     global $db;

  780.     global $password_encryption;

  781. 

  782.     verify_permission('user_edit_own') ? $perm_edit_own = "1" : $perm_edit_own = "0";

  783.     verify_permission('user_edit_others') ? $perm_edit_others = "1" : $perm_edit_others = "0";

  784.     verify_permission('templ_perm_edit') ? $perm_templ_perm_edit = "1" : $perm_templ_perm_edit = "0";

  785.     verify_permission('user_is_ueberuser') ? $perm_is_godlike = "1" : $perm_is_godlike = "0";

  786. 

  787.     if (($details['uid'] == $_SESSION["userid"] && $perm_edit_own == "1") ||

  788.             ($details['uid'] != $_SESSION["userid"] && $perm_edit_others == "1" )) {

  789. 

  790.         if (!is_valid_email($details['email'])) {

  791.             error(ERR_INV_EMAIL);

  792.             return false;

  793.         }

  794. 

  795.         if (!isset($details['active']) || $details['active'] != "on") {

  796.             $active = 0;

  797.         } else {

  798.             $active = 1;

  799.         }

  800.         if (isset($details['use_ldap'])) {

  801.             $use_ldap = 1;

  802.         } else {

  803.             $use_ldap = 0;

  804.         }

  805. 

  806.         // Before updating the database we need to check whether the user wants to 

  807.         // change the username. If the user wants to change the username, we need 

  808.         // to make sure it doesn't already exists. 

  809.         //

  810. 		// First find the current username of the user ID we want to change. If the 

  811.         // current username is not the same as the username that was given by the 

  812.         // user, the username should apparantly changed. If so, check if the "new" 

  813.         // username already exists.

  814.         $query = "SELECT username FROM users WHERE id = " . $db->quote($details['uid'], 'integer');

  815.         $response = $db->query($query);

  816.         if (PEAR::isError($response)) {

  817.             error($response->getMessage());

  818.             return false;

  819.         }

  820. 

  821.         $usercheck = array();

  822.         $usercheck = $response->fetchRow();

  823. 

  824.         if ($usercheck['username'] != $details['username']) {

  825.             // Username of user ID in the database is different from the name

  826.             // we have been given. User wants a change of username. Now, make

  827.             // sure it doesn't already exist.

  828.             $query = "SELECT id FROM users WHERE username = " . $db->quote($details['username'], 'text');

  829.             $response = $db->queryOne($query);

  830.             if ($response) {

  831.                 error(ERR_USER_EXIST);

  832.                 return false;

  833.             }

  834.         }

  835. 

  836.         // So, user doesn't want to change username or, if he wants, there is not

  837.         // another user that goes by the wanted username. So, go ahead!

  838. 

  839.         $query = "UPDATE users SET

  840. 				username = " . $db->quote($details['username'], 'text') . ",

  841. 				fullname = " . $db->quote($details['fullname'], 'text') . ",

  842. 				email = " . $db->quote($details['email'], 'text') . ",

  843. 				description = " . $db->quote($details['descr'], 'text') . ", 

  844. 				active = " . $db->quote($active, 'integer');

  845. 

  846.         // If the user is alllowed to change the permission template, set it.

  847.         if ($perm_templ_perm_edit == "1") {

  848.             $query .= ", perm_templ = " . $db->quote($details['templ_id'], 'integer');

  849.         }

  850. 

  851.         // If the user is allowed to change the use_ldap flag, set it.

  852.         if ($perm_is_godlike == "1") {

  853.             $query .= ", use_ldap = " . $db->quote($use_ldap, 'integer');

  854.         }

  855. 

  856.         if (isset($details['password']) && $details['password'] != "") {

  857.             if ($password_encryption == 'md5salt') {

  858.                 $query .= ", password = " . $db->quote(gen_mix_salt($details['password']), 'text');

  859.             } else {

  860.                 $query .= ", password = " . $db->quote(md5($details['password']), 'text');

  861.             }

  862.         }

  863. 

  864.         $query .= " WHERE id = " . $db->quote($details['uid'], 'integer');

  865. 

  866.         $response = $db->query($query);

  867.         if (PEAR::isError($response)) {

  868.             error($response->getMessage());

  869.             return false;

  870.         }

  871.     } else {

  872.         error(ERR_PERM_EDIT_USER);

  873.         return false;

  874.     }

  875.     return true;

  876. }

  877. 

  878. /** Add a new user

  879.  *

  880.  * @param mixed[] $details Array of User details

  881.  *

  882.  * @return boolean true on success, false otherwise

  883.  */

  884. function add_new_user($details) {

  885.     global $db;

  886.     global $password_encryption;

  887. 

  888.     if (!verify_permission('user_add_new')) {

  889.         error(ERR_PERM_ADD_USER);

  890.         return false;

  891.     } elseif (user_exists($details['username'])) {

  892.         error(ERR_USER_EXIST);

  893.         return false;

  894.     } elseif (!is_valid_email($details['email'])) {

  895.         error(ERR_INV_EMAIL);

  896.         return false;

  897.     } elseif ($details['active'] == 1) {

  898.         $active = 1;

  899.     } else {

  900.         $active = 0;

  901.     }

  902. 

  903.     $query = "INSERT INTO users (username, password, fullname, email, description,";

  904.     if (verify_permission('user_edit_templ_perm')) {

  905.         $query .= ' perm_templ,';

  906.     }

  907. 

  908.     if ($password_encryption == 'md5salt') {

  909.         $password_hash = gen_mix_salt($details['password']);

  910.     } else {

  911.         $password_hash = md5($details['password']);

  912.     }

  913. 

  914.     $query .= " active) VALUES ("

  915.             . $db->quote($details['username'], 'text') . ", "

  916.             . $db->quote($password_hash, 'text') . ", "

  917.             . $db->quote($details['fullname'], 'text') . ", "

  918.             . $db->quote($details['email'], 'text') . ", "

  919.             . $db->quote($details['descr'], 'text') . ", ";

  920.     if (verify_permission('user_edit_templ_perm')) {

  921.         $query .= $db->quote($details['perm_templ'], 'integer') . ", ";

  922.     }

  923.     $query .= $db->quote($active, 'integer')

  924.             . ")";

  925.     $response = $db->query($query);

  926.     if (PEAR::isError($response)) {

  927.         error($response->getMessage());

  928.         return false;

  929.     }

  930. 

  931.     return true;

  932. }