svn commit: r230 - trunk/mapbender/http/php/mod_filteredGroup_filteredUser.php
uli at osgeo.org
uli at osgeo.org
Thu May 11 03:18:52 EDT 2006
Author: uli
Date: 2006-05-11 07:18:52+0000
New Revision: 230
Modified:
trunk/mapbender/http/php/mod_filteredGroup_filteredUser.php
Log:
db_prep_query included
verification of user permissions
Modified: trunk/mapbender/http/php/mod_filteredGroup_filteredUser.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_filteredGroup_filteredUser.php?view=diff&rev=230&p1=trunk/mapbender/http/php/mod_filteredGroup_filteredUser.php&p2=trunk/mapbender/http/php/mod_filteredGroup_filteredUser.php&r1=229&r2=230
==============================================================================
--- trunk/mapbender/http/php/mod_filteredGroup_filteredUser.php (original)
+++ trunk/mapbender/http/php/mod_filteredGroup_filteredUser.php 2006-05-11 07:18:52+0000
@@ -17,13 +17,13 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-session_start();
import_request_variables("PG");
-require_once("../php/mb_validateSession.php");
require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
+$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
+require_once("../php/mb_validatePermission.php");
+$self = $PHP_SELF . "?".SID."&guiID=".$_REQUEST["guiID"]."&elementID=".$_REQUEST["elementID"];
+
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
@@ -63,10 +63,6 @@
</head>
<body>
<?php
-require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$con);
-
$fieldHeight = 20;
@@ -82,17 +78,21 @@
-/*handle remove, update and insert**************************************************************************************/
+/*handle remove, update and insert*****************************************************************/
if($insert){
if(count($selected_user)>0){
for($i=0; $i<count($selected_user); $i++){
$exists = false;
- $sql_insert = "SELECT * from mb_user_mb_group where fkey_mb_group_id = '".$selected_group."' and fkey_mb_user_id = '".$selected_user[$i]."'";
- $res_insert = db_query($sql_insert);
+ $sql_insert = "SELECT * from mb_user_mb_group where fkey_mb_group_id = $1 and fkey_mb_user_id = $2 ";
+ $v = array($selected_group,$selected_user[$i]);
+ $t = array('i','i');
+ $res_insert = db_prep_query($sql_insert,$v,$t);
while(db_fetch_row($res_insert)){$exists = true;}
if($exists == false){
- $sql_insert = "INSERT INTO mb_user_mb_group(fkey_mb_group_id, fkey_mb_user_id) VALUES('$selected_group', '".$selected_user[$i]."');";
- $res_insert = db_query($sql_insert);
+ $sql_insert = "INSERT INTO mb_user_mb_group(fkey_mb_group_id, fkey_mb_user_id) VALUES($1, $2)";
+ $v = array($selected_group,$selected_user[$i]);
+ $t = array('i','i');
+ $res_insert = db_prep_query($sql_insert,$v,$t);
}
}
}
@@ -100,24 +100,21 @@
if($remove){
if(count($remove_user)>0){
for($i=0; $i<count($remove_user); $i++){
- $sql_remove = "DELETE FROM mb_user_mb_group WHERE fkey_mb_user_id = '".$remove_user[$i]."' and fkey_mb_group_id = '$selected_group'";
- db_query($sql_remove);
+ $sql_remove = "DELETE FROM mb_user_mb_group WHERE fkey_mb_user_id = $1 and fkey_mb_group_id = $2 ";
+ $v = array($remove_user[$i],$selected_group);
+ $t = array('i','i');
+ db_prep_query($sql_remove,$v,$t);
}
}
}
-/*get owner groups ********************************************************************************************/
-#$sql_group = "SELECT * FROM mb_group ORDER BY mb_group_name";
-$sql_group = "SELECT * FROM mb_group WHERE mb_group_owner='".$logged_user_id."' ORDER BY mb_group_name";
-/*get allocated group *******************************************************************************************
-$sql_group = "SELECT mb_group.mb_group_id, mb_group.mb_group_name, mb_user_mb_group.fkey_mb_user_id ";
-$sql_group .= "FROM mb_group INNER JOIN mb_user_mb_group ON mb_group.mb_group_id = mb_user_mb_group.fkey_mb_group_id ";
-$sql_group .= "WHERE mb_user_mb_group.fkey_mb_user_id='".$logged_user_id."'";
-*/
+/*get owner groups *******************************************************************************/
-
-$res_group = db_query($sql_group);
+$sql_group = "SELECT * FROM mb_group WHERE mb_group_owner = $1 ORDER BY mb_group_name";
+$v = array($logged_user_id);
+$t = array('i');
+$res_group = db_prep_query($sql_group,$v,$t);
while($row = db_fetch_array($res_group)){
$group_id[$cnt_group] = $row["mb_group_id"];
$group_name[$cnt_group] = $row["mb_group_name"];
@@ -125,27 +122,30 @@
}
/*get owner user **********************************************************************************************/
-$sql_user = "SELECT * FROM mb_user WHERE mb_user_owner=".$logged_user_id." ORDER BY mb_user_name";
-#$sql_user = "SELECT * FROM mb_user ORDER BY mb_user_name";
-$res_user = db_query($sql_user);
+$sql_user = "SELECT * FROM mb_user WHERE mb_user_owner = $1 ORDER BY mb_user_name";
+$v = array($logged_user_id);
+$t = array('i');
+$res_user = db_prep_query($sql_user,$v,$t);
while($row = db_fetch_array($res_user)){
$user_id[$cnt_user] = $row["mb_user_id"];
$user_name[$cnt_user] = $row["mb_user_name"];
$cnt_user++;
}
-/*get only owner user from selected group******************************************************************************/
+/*get only owner user from selected group**********************************************************/
if (count($group_id)>0){
+ $v = array();
+ $t = array();
$sql_mb_user_mb_group = "SELECT mb_user.mb_user_id, mb_user.mb_user_name, mb_user_mb_group.fkey_mb_group_id FROM mb_user_mb_group ";
$sql_mb_user_mb_group .= "INNER JOIN mb_user ON mb_user_mb_group.fkey_mb_user_id = mb_user.mb_user_id ";
- $sql_mb_user_mb_group .= "WHERE mb_user_mb_group.fkey_mb_group_id= '";
-
-
- if(!$selected_group){$sql_mb_user_mb_group .= $group_id[0];}
- if($selected_group){$sql_mb_user_mb_group .= $selected_group;}
- $sql_mb_user_mb_group .= "' AND mb_user.mb_user_owner = '".$logged_user_id."'";
+ $sql_mb_user_mb_group .= "WHERE mb_user_mb_group.fkey_mb_group_id = $1 ";
+ if(!$selected_group){array_push($v,$group_id[0]); array_push($t,'i');}
+ if($selected_group){array_push($v,$selected_group); array_push($t,'i');}
+ $sql_mb_user_mb_group .= " AND mb_user.mb_user_owner = $2 ";
+ array_push($v,$logged_user_id);
+ array_push($t,'i');
$sql_mb_user_mb_group .= " ORDER BY mb_user.mb_user_name";
- $res_mb_user_mb_group = db_query($sql_mb_user_mb_group);
+ $res_mb_user_mb_group = db_prep_query($sql_mb_user_mb_group,$v,$t);
while($row = db_fetch_array($res_mb_user_mb_group)){
$user_id_group[$cnt_group_user] = $row["mb_user_id"];
$user_name_group[$cnt_group_user] = $row["mb_user_name"];
@@ -154,9 +154,9 @@
/*INSERT HTML*/
- echo "<form name='form1' action='" . $PHP_SELF . "?".SID."&e_id_css=".$_REQUEST["e_id_css"]."' method='post'>";
+ echo "<form name='form1' action='" . $self ."' method='post'>";
- /*insert projects in selectbox*************************************************************************************/
+ /*insert projects in selectbox*****************************************************************/
echo "<div class='text1'>GROUP: </div>";
echo "<select style='background:#ffffff' class='select1' name='selected_group' onChange='submit()' size='10'>";
for($i=0; $i<$cnt_group; $i++){
@@ -168,7 +168,7 @@
}
echo "</select>";
- /*insert all profiles in selectbox**************************************************************************/
+ /*insert all profiles in selectbox*************************************************************/
echo "<div class='text2'>USER:</div>";
echo "<select style='background:#ffffff' class='select2' multiple='multiple' name='selected_user[]' size='$fieldHeight' >";
for($i=0; $i<$cnt_user; $i++){
@@ -176,7 +176,7 @@
}
echo "</select>";
- /*Button****************************************************************************************************/
+ /*Button***************************************************************************************/
echo "<div class='button1'><input type='button' value='==>' onClick='validate(\"insert\")'></div>";
echo "<input type='hidden' name='insert'>";
More information about the Mapbender_commits
mailing list