svn commit: r233 - trunk/mapbender/http/php/mod_filteredGroup_User.php

uli at osgeo.org uli at osgeo.org
Thu May 11 03:50:38 EDT 2006 

Author: uli
Date: 2006-05-11 07:50:37+0000
New Revision: 233

Modified:
   trunk/mapbender/http/php/mod_filteredGroup_User.php   (contents, props changed)

Log:
db_prep_query included
verification of user permissions

Modified: trunk/mapbender/http/php/mod_filteredGroup_User.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_filteredGroup_User.php?view=diff&rev=233&p1=trunk/mapbender/http/php/mod_filteredGroup_User.php&p2=trunk/mapbender/http/php/mod_filteredGroup_User.php&r1=232&r2=233
==============================================================================
--- trunk/mapbender/http/php/mod_filteredGroup_User.php	(original)
+++ trunk/mapbender/http/php/mod_filteredGroup_User.php	2006-05-11 07:50:37+0000
@@ -1,6 +1,7 @@
 <?php
-# $Id: mod_filteredGroup_User.php,v 1.14 2006/03/09 11:20:43 uli_rothstein Exp $
-# $Header: /cvsroot/mapbender/mapbender/http/php/mod_filteredGroup_User.php,v 1.14 2006/03/09 11:20:43 uli_rothstein Exp $
+# $Id$
+# http://www.mapbender.org/index.php/Administration
+#
 # Copyright (C) 2002 CCGIS 
 #
 # This program is free software; you can redistribute it and/or modify
@@ -17,13 +18,12 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
-session_start();
 import_request_variables("PG");
-require_once("../php/mb_validateSession.php");
 require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
+$con = db_connect(DBSERVER,OWNER,PW);
 db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
+require_once("../php/mb_validatePermission.php");
+$self = $PHP_SELF . "?".SID."&guiID=".$_REQUEST["guiID"]."&elementID=".$_REQUEST["elementID"];
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
@@ -37,8 +37,8 @@
 <script language="JavaScript">
 function validate(wert){
 	if(document.forms[0]["selected_group"].selectedIndex == -1){
-			document.getElementsByName("selected_group")[0].style.backgroundColor = '#ff0000';
-			return;
+		document.getElementsByName("selected_group")[0].style.backgroundColor = '#ff0000';
+		return;
 	}else{
 		if(wert == "remove"){
 			if(document.forms[0]["remove_user[]"].selectedIndex == -1){
@@ -63,11 +63,6 @@
 </head>
 <body>
 <?php
-require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$con);
-
-
 $fieldHeight = 20;
 
 $cnt_group = 0;
@@ -80,19 +75,21 @@
 $logged_user_name=$_SESSION["mb_user_name"];
 $logged_user_id=$_SESSION["mb_user_id"];
 
-
-
-/*handle remove, update and insert**************************************************************************************/
+/*handle remove, update and insert*****************************************************************/
 if($insert){
 	if(count($selected_user)>0){
 		for($i=0; $i<count($selected_user); $i++){
 			$exists = false;
-			$sql_insert = "SELECT * from mb_user_mb_group where fkey_mb_group_id = '".$selected_group."' and fkey_mb_user_id = '".$selected_user[$i]."'";
-			$res_insert = db_query($sql_insert);
+			$sql_insert = "SELECT * from mb_user_mb_group where fkey_mb_group_id = $1 and fkey_mb_user_id = $2 ";
+			$v = array($selected_group,$selected_user[$i]);
+			$t = array('i','i');
+			$res_insert = db_prep_query($sql_insert,$v,$t);
 			while(db_fetch_row($res_insert)){$exists = true;}
 			if($exists == false){
-				$sql_insert = "INSERT INTO mb_user_mb_group(fkey_mb_group_id, fkey_mb_user_id) VALUES('$selected_group', '".$selected_user[$i]."');";
-				$res_insert = db_query($sql_insert);
+				$sql_insert = "INSERT INTO mb_user_mb_group(fkey_mb_group_id, fkey_mb_user_id) VALUES($1, $2)";
+				$v = array($selected_group,$selected_user[$i]);
+				$t = array('i','i');
+				$res_insert = db_prep_query($sql_insert,$v,$t);
 			}
 		}
 	}
@@ -100,32 +97,29 @@
 if($remove){
 	if(count($remove_user)>0){
 		for($i=0; $i<count($remove_user); $i++){
-			$sql_remove = "DELETE FROM mb_user_mb_group WHERE fkey_mb_user_id = '".$remove_user[$i]."' and fkey_mb_group_id = '$selected_group'";
-			db_query($sql_remove);
+			$sql_remove = "DELETE FROM mb_user_mb_group WHERE fkey_mb_user_id = $1 and fkey_mb_group_id = $2 ";
+			$v = array($remove_user[$i],$selected_group);
+			$t = array('i','i');
+			db_prep_query($sql_remove,$v,$t);
 		}
 	}
 }
 
 
-/*get owner groups  ********************************************************************************************/
-#$sql_group = "SELECT * FROM mb_group ORDER BY mb_group_name";
-$sql_group = "SELECT * FROM mb_group WHERE mb_group_owner='".$logged_user_id."' ORDER BY mb_group_name";
-/*get allocated group  *******************************************************************************************
-$sql_group = "SELECT mb_group.mb_group_id, mb_group.mb_group_name, mb_user_mb_group.fkey_mb_user_id ";
-$sql_group .= "FROM mb_group INNER JOIN mb_user_mb_group ON mb_group.mb_group_id = mb_user_mb_group.fkey_mb_group_id ";
-$sql_group .= "WHERE mb_user_mb_group.fkey_mb_user_id='".$logged_user_id."'";
-*/
+/*get owner groups  *******************************************************************************/
 
+$sql_group = "SELECT * FROM mb_group WHERE mb_group_owner = $1 ORDER BY mb_group_name";
+$v = array($logged_user_id);
+$t = array('i');
 
-$res_group = db_query($sql_group);
+$res_group = db_prep_query($sql_group,$v,$t);
 while($row = db_fetch_array($res_group)){
 	$group_id[$cnt_group] = $row["mb_group_id"];
 	$group_name[$cnt_group] = $row["mb_group_name"];
 	$cnt_group++;
 }
 
-/*get all user **********************************************************************************************/
-#$sql_user = "SELECT * FROM mb_user WHERE mb_user_owner=".$logged_user_id." ORDER BY mb_user_name";
+/*get all user ************************************************************************************/
 $sql_user = "SELECT * FROM mb_user ORDER BY mb_user_name";
 $res_user = db_query($sql_user);
 while($row = db_fetch_array($res_user)){
@@ -134,18 +128,18 @@
 	$cnt_user++;
 }
 
-/*get only owner user from selected group******************************************************************************/
+/*get only owner user from selected group**********************************************************/
 if(count($group_id)>0){
 	$sql_mb_user_mb_group = "SELECT mb_user.mb_user_id, mb_user.mb_user_name, mb_user_mb_group.fkey_mb_group_id FROM mb_user_mb_group ";
 	$sql_mb_user_mb_group .= "INNER JOIN mb_user ON mb_user_mb_group.fkey_mb_user_id = mb_user.mb_user_id ";
-	$sql_mb_user_mb_group .= "WHERE mb_user_mb_group.fkey_mb_group_id= '";
+	$sql_mb_user_mb_group .= "WHERE mb_user_mb_group.fkey_mb_group_id = $1 ";
+	$sql_mb_user_mb_group .= " ORDER BY mb_user.mb_user_name";
 	
+	if(!$selected_group){$v = array($group_id[0]);}
+	if($selected_group){$v = array($selected_group);}
+	$t = array('i');
 	
-	if(!$selected_group){$sql_mb_user_mb_group .= $group_id[0];}
-	if($selected_group){$sql_mb_user_mb_group .= $selected_group;}
-	#$sql_mb_user_mb_group .= "' AND  mb_user.mb_user_owner = '".$logged_user_id."'";
-	$sql_mb_user_mb_group .= "' ORDER BY mb_user.mb_user_name";
-	$res_mb_user_mb_group = db_query($sql_mb_user_mb_group);
+	$res_mb_user_mb_group = db_prep_query($sql_mb_user_mb_group,$v,$t);
 	while($row = db_fetch_array($res_mb_user_mb_group)){
 		$user_id_group[$cnt_group_user] = $row["mb_user_id"];
 		$user_name_group[$cnt_group_user] =  $row["mb_user_name"];
@@ -154,9 +148,9 @@
 
 
 /*INSERT HTML*/
-echo "<form name='form1' action='" . $PHP_SELF . "?".SID."&e_id_css=".$_REQUEST["e_id_css"]."' method='post'>";
+echo "<form name='form1' action='" . $self ."' method='post'>";
 
-/*insert projects in selectbox*************************************************************************************/
+/*insert projects in selectbox*********************************************************************/
 echo "<div class='text1'>GROUP: </div>";
 echo "<select style='background:#ffffff' class='select1' name='selected_group' onChange='submit()' size='10'>";
 for($i=0; $i<$cnt_group; $i++){
@@ -168,7 +162,7 @@
 }
 echo "</select>";
 
-/*insert all profiles in selectbox**************************************************************************/
+/*insert all profiles in selectbox*****************************************************************/
 echo "<div class='text2'>USER:</div>";
 echo "<select style='background:#ffffff' class='select2' multiple='multiple' name='selected_user[]' size='$fieldHeight' >";
 for($i=0; $i<$cnt_user; $i++){
@@ -176,7 +170,7 @@
 }
 echo "</select>";
 
-/*Button****************************************************************************************************/
+/*Button*******************************************************************************************/
 
 echo "<div class='button1'><input type='button'  value='==>' onClick='validate(\"insert\")'></div>";
 echo "<input type='hidden' name='insert'>";
@@ -184,7 +178,7 @@
 echo "<div class='button2'><input type='button' value='<==' onClick='validate(\"remove\")'></div>";
 echo "<input type='hidden' name='remove'>";
 
-/*insert container_profile_dependence and container_group_dependence in selectbox**************************************************/
+/*insert container_profile_dependence and container_group_dependence in selectbox******************/
 echo "<div class='text3'>SELECTED USER:</div>";
 echo "<select style='background:#ffffff' class='select3' multiple='multiple' name='remove_user[]' size='$fieldHeight' >";
 for($i=0; $i<$cnt_group_user; $i++){

More information about the Mapbender_commits mailing list