svn commit: r242 - trunk/mapbender/http/php/mod_filteredUser_Gui.php
uli at osgeo.org
uli at osgeo.org
Thu May 11 08:32:31 EDT 2006
Author: uli
Date: 2006-05-11 12:32:30+0000
New Revision: 242
Modified:
trunk/mapbender/http/php/mod_filteredUser_Gui.php
Log:
db_prep_query included
verification of user permissions
Modified: trunk/mapbender/http/php/mod_filteredUser_Gui.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_filteredUser_Gui.php?view=diff&rev=242&p1=trunk/mapbender/http/php/mod_filteredUser_Gui.php&p2=trunk/mapbender/http/php/mod_filteredUser_Gui.php&r1=241&r2=242
==============================================================================
--- trunk/mapbender/http/php/mod_filteredUser_Gui.php (original)
+++ trunk/mapbender/http/php/mod_filteredUser_Gui.php 2006-05-11 12:32:30+0000
@@ -18,13 +18,11 @@
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
import_request_variables("PG");
-session_start();
-
-require_once("../php/mb_validateSession.php");
require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
+$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
+require_once("../php/mb_validatePermission.php");
+$self = $PHP_SELF . "?".SID."&guiID=".$_REQUEST["guiID"]."&elementID=".$_REQUEST["elementID"];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
@@ -38,8 +36,8 @@
<script language="JavaScript">
function validate(wert){
if(document.forms[0]["selected_user"].selectedIndex == -1){
- document.getElementsByName("selected_user")[0].style.backgroundColor = '#ff0000';
- return;
+ document.getElementsByName("selected_user")[0].style.backgroundColor = '#ff0000';
+ return;
}else{
if(wert == "remove"){
if(document.forms[0]["remove_gui[]"].selectedIndex == -1){
@@ -64,9 +62,6 @@
</head>
<body>
<?php
-require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
-db_select_db(DB,$con);
require_once("../php/mb_getGUIs.php");
@@ -86,17 +81,21 @@
$logged_user_id=$_SESSION["mb_user_id"];
-/*handle remove, update and insert**************************************************************************************/
+/*handle remove, update and insert*****************************************************************/
if($insert){
if(count($selected_gui)>0){
for($i=0; $i<count($selected_gui); $i++){
$exists = false;
- $sql_insert = "SELECT * from gui_mb_user where fkey_mb_user_id = '".$selected_user."' and fkey_gui_id = '".$selected_gui[$i]."'";
- $res_insert = db_query($sql_insert);
+ $sql_insert = "SELECT * from gui_mb_user where fkey_mb_user_id = $1 and fkey_gui_id = $2";
+ $v = array($selected_user,$selected_gui[$i]);
+ $t = array('i','s');
+ $res_insert = db_prep_query($sql_insert,$v,$t);
while(db_fetch_row($res_insert)){$exists = true;}
if($exists == false){
- $sql_insert = "INSERT INTO gui_mb_user(fkey_mb_user_id, fkey_gui_id) VALUES('$selected_user', '".$selected_gui[$i]."');";
- $res_insert = db_query($sql_insert);
+ $sql_insert = "INSERT INTO gui_mb_user(fkey_mb_user_id, fkey_gui_id) VALUES($1, $2);";
+ $v = array($selected_user,$selected_gui[$i]);
+ $t = array('i','s');
+ $res_insert = db_prep_query($sql_insert,$v,$t);
}
}
}
@@ -104,28 +103,27 @@
if($remove){
if(count($remove_gui)>0){
for($i=0; $i<count($remove_gui); $i++){
- $sql_remove = "DELETE FROM gui_mb_user WHERE fkey_gui_id = '".$remove_gui[$i]."' and fkey_mb_user_id = '$selected_user'";
- db_query($sql_remove);
+ $sql_remove = "DELETE FROM gui_mb_user WHERE fkey_gui_id = $1 and fkey_mb_user_id = $2";
+ $v = array($remove_gui[$i],$selected_user);
+ $t = array('s','i');
+ db_prep_query($sql_remove,$v,$t);
}
}
}
+/*get owner user **********************************************************************************/
-
-/*get owner user **********************************************************************************************/
-#$sql_user = "SELECT * FROM mb_user ORDER BY mb_user_name";
-$sql_user = "SELECT * FROM mb_user WHERE mb_user_owner=".$logged_user_id." ORDER BY mb_user_name";
-
-$res_user = db_query($sql_user);
+$sql_user = "SELECT * FROM mb_user WHERE mb_user_owner = $1 ORDER BY mb_user_name";
+$v = array($logged_user_id);
+$t = array('i');
+$res_user = db_prep_query($sql_user,$v,$t);
while($row = db_fetch_array($res_user)){
$user_id[$cnt_user] = $row["mb_user_id"];
$user_name[$cnt_user] = $row["mb_user_name"];
$cnt_user++;
}
-
-
-/*get all gui ********************************************************************************************/
+/*get all gui ************************************************************************************/
$sql_gui = "SELECT * FROM gui ORDER BY gui_name";
$res_gui = db_query($sql_gui);
while($row = db_fetch_array($res_gui)){
@@ -134,20 +132,19 @@
$cnt_gui++;
}
-
-
-
-/*get all gui from selected_user******************************************************************************/
+/*get all gui from selected_user*******************************************************************/
$arrayGuis=mb_getGUIs($logged_user_id);
$sql_user_mb_gui = "SELECT gui.gui_id, gui.gui_name, gui_mb_user.fkey_mb_user_id FROM gui_mb_user ";
$sql_user_mb_gui .= "INNER JOIN gui ON gui_mb_user.fkey_gui_id = gui.gui_id ";
-$sql_user_mb_gui .= "WHERE gui_mb_user.fkey_mb_user_id=";
-if(!$selected_user){$sql_user_mb_gui .= $user_id[0];}
-if($selected_user){$sql_user_mb_gui .= $selected_user;}
+$sql_user_mb_gui .= "WHERE gui_mb_user.fkey_mb_user_id = $1 ";
$sql_user_mb_gui .= " ORDER BY gui.gui_name";
-$res_user_mb_gui = db_query($sql_user_mb_gui);
+if(!$selected_user){$v = array($user_id[0]);}
+if($selected_user){$v = array($selected_user);}
+$t = array('i');
+
+$res_user_mb_gui = db_prep_query($sql_user_mb_gui,$v,$t);
while($row = db_fetch_array($res_user_mb_gui)){
$gui_id_user[$cnt_gui_user] = $row["gui_id"];
$gui_name_user[$cnt_gui_user] = $row["gui_name"];
@@ -158,11 +155,9 @@
/*INSERT HTML*/
-echo "<form name='form1' action='" . $PHP_SELF . "?".SID."&e_id_css=".$_REQUEST["e_id_css"]."' method='post'>";
-#echo "<table bgcolor='lightgrey' border='1' frame='box'>";
-
+echo "<form name='form1' action='" . $self ."' method='post'>";
-/*insert all user in selectbox*************************************************************************************/
+/*insert all user in selectbox*********************************************************************/
echo "<div class='text1'>USER: </div>";
echo "<select style='background:#ffffff' class='select1' name='selected_user' onChange='submit()' size='10'>";
for($i=0; $i<$cnt_user; $i++){
@@ -173,20 +168,20 @@
echo ">" . $user_name[$i] . "</option>";
}
echo "</select>";
-/*insert allocated gui in selectbox**************************************************************************/
+/*insert allocated gui in selectbox****************************************************************/
echo "<div class='text2'>GUI: </div>";
echo "<select style='background:#ffffff' class='select2' multiple='multiple' name='selected_gui[]' size='$fieldHeight' >";
for($i=0; $i<$cnt_gui; $i++){
echo "<option value='" . $gui_id_array[$i] . "'>" . $gui_name[$i] . "</option>";
}
echo "</select>";
-/*Button****************************************************************************************************/
+/*Button*******************************************************************************************/
echo "<div class='button1' ><input type='button' value='==>' onClick='validate(\"insert\")'></div>";
echo "<input type='hidden' name='insert'>";
echo "<div class='button2'><input type='button' value='<==' onClick='validate(\"remove\")'></div>";
echo "<input type='hidden' name='remove'>";
-/*insert user_gui_dependence in selectbox**************************************************/
+/*insert user_gui_dependence in selectbox**********************************************************/
echo "<div class='text3'>SELECTED GUI:</div>";
echo "<select style='background:#ffffff' class='select3' multiple='multiple' name='remove_gui[]' size='$fieldHeight' >";
for($i=0; $i<$cnt_gui_user; $i++){
More information about the Mapbender_commits
mailing list