diff --git a/app/xml_edit/fileread.php b/app/xml_edit/fileread.php index 46e74805a4..906c3bc35f 100644 --- a/app/xml_edit/fileread.php +++ b/app/xml_edit/fileread.php @@ -36,7 +36,6 @@ else { $filename = check_str($_POST["file"]); $filename = str_replace ("\\", "/", $filename); - $handle = fopen($filename, "r"); if ($handle) { while (!feof($handle)) { diff --git a/core/default_settings/app_config.php b/core/default_settings/app_config.php index dc3e5a76fd..23b0e8967d 100644 --- a/core/default_settings/app_config.php +++ b/core/default_settings/app_config.php @@ -1,7 +1,7 @@ \n"; //prepare to page the results - $sql = ""; - $sql .= " select count(*) as num_rows from v_default_settings "; + $sql = "select count(*) as num_rows from v_default_settings "; if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } $prep_statement = $db->prepare($sql); if ($prep_statement) { @@ -83,16 +82,15 @@ require_once "includes/paging.php"; list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page); $offset = $rows_per_page * $page; - //get the domain list - $sql = ""; - $sql .= " select * from v_default_settings "; + //get the list + $sql = "select * from v_default_settings "; if (strlen($order_by) == 0) { $sql .= "order by default_setting_category, default_setting_subcategory asc "; } else { $sql .= "order by $order_by $order "; } - $sql .= " limit $rows_per_page offset $offset "; + $sql .= "limit $rows_per_page offset $offset "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); @@ -120,7 +118,12 @@ require_once "includes/paging.php"; echo th_order_by('default_setting_enabled', 'Enabled', $order_by, $order); echo th_order_by('default_setting_description', 'Description', $order_by, $order); echo "\n"; - echo " $v_link_label_add\n"; + if (permission_exists('default_setting_add')) { + echo " $v_link_label_add\n"; + } + else { + echo "  \n"; + } echo "\n"; echo "\n"; } @@ -133,8 +136,7 @@ require_once "includes/paging.php"; $subcategory = $row['default_setting_subcategory']; $name = $row['default_setting_name']; if ($category == "domain" && $subcategory == "menu" && $name == "uuid" ) { - $sql = ""; - $sql .= "select * from v_menus "; + $sql = "select * from v_menus "; $sql .= "where menu_uuid = '".$row['default_setting_value']."' "; $sub_prep_statement = $db->prepare(check_sql($sql)); $sub_prep_statement->execute(); @@ -150,8 +152,12 @@ require_once "includes/paging.php"; echo " ".$row['default_setting_enabled']." \n"; echo " ".$row['default_setting_description']." \n"; echo " \n"; - echo " $v_link_label_edit\n"; - echo " $v_link_label_delete\n"; + if (permission_exists('default_setting_edit')) { + echo " $v_link_label_edit\n"; + } + if (permission_exists('default_setting_delete')) { + echo " $v_link_label_delete\n"; + } echo " \n"; echo "\n"; $previous_category = $row['default_setting_category']; @@ -167,7 +173,12 @@ require_once "includes/paging.php"; echo "  \n"; echo " $paging_controls\n"; echo " \n"; - echo " $v_link_label_add\n"; + if (permission_exists('default_setting_add')) { + echo " $v_link_label_add\n"; + } + else { + echo "  \n"; + } echo " \n"; echo " \n"; echo " \n"; diff --git a/core/default_settings/default_settings_delete.php b/core/default_settings/default_settings_delete.php index 3fc3a2f08b..e8ef0e5ca5 100644 --- a/core/default_settings/default_settings_delete.php +++ b/core/default_settings/default_settings_delete.php @@ -26,7 +26,7 @@ require_once "root.php"; require_once "includes/require.php"; require_once "includes/checkauth.php"; -if (if_group("admin") || if_group("superadmin")) { +if (permission_exists('default_setting_delete')) { //access granted } else { @@ -39,6 +39,7 @@ if (count($_GET)>0) { } if (strlen($id)>0) { + //delete default_setting $sql = "delete from v_default_settings "; $sql .= "where default_setting_uuid = '$id' "; $prep_statement = $db->prepare(check_sql($sql)); @@ -46,12 +47,13 @@ if (strlen($id)>0) { unset($sql); } -require_once "includes/header.php"; -echo "\n"; -echo "
\n"; -echo "Delete Complete\n"; -echo "
\n"; -require_once "includes/footer.php"; -return; +//redirect the user + require_once "includes/header.php"; + echo "\n"; + echo "
\n"; + echo "Delete Complete\n"; + echo "
\n"; + require_once "includes/footer.php"; + return; ?> \ No newline at end of file diff --git a/core/default_settings/default_settings_edit.php b/core/default_settings/default_settings_edit.php index 22e68c0868..42d33acfd5 100644 --- a/core/default_settings/default_settings_edit.php +++ b/core/default_settings/default_settings_edit.php @@ -26,7 +26,7 @@ require_once "root.php"; require_once "includes/require.php"; require_once "includes/checkauth.php"; -if (if_group("admin") || if_group("superadmin")) { +if (permission_exists('default_setting_add') || permission_exists('default_setting_edit')) { //access granted } else { @@ -82,7 +82,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { //add or update the database if ($_POST["persistformvar"] != "true") { - if ($action == "add") { + if ($action == "add" && permission_exists('default_setting_add')) { $sql = "insert into v_default_settings "; $sql .= "("; $sql .= "default_setting_uuid, "; @@ -115,7 +115,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { return; } //if ($action == "add") - if ($action == "update") { + if ($action == "update" && permission_exists('default_setting_edit')) { $sql = "update v_default_settings set "; $sql .= "default_setting_category = '$default_setting_category', "; $sql .= "default_setting_subcategory = '$default_setting_subcategory', "; @@ -140,7 +140,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { //pre-populate the form if (count($_GET)>0 && $_POST["persistformvar"] != "true") { - $default_setting_uuid = $_GET["id"]; + $default_setting_uuid = check_str($_GET["id"]); $sql = "select * from v_default_settings "; $sql .= "where default_setting_uuid = '$default_setting_uuid' "; $prep_statement = $db->prepare(check_sql($sql)); @@ -166,7 +166,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo "\n"; echo "\n"; echo " \n"; echo "\n"; } @@ -149,8 +153,12 @@ require_once "includes/paging.php"; echo " \n"; echo " \n"; echo " \n"; echo "\n"; $previous_category = $row['domain_setting_category']; @@ -166,7 +174,12 @@ require_once "includes/paging.php"; echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
\n"; - echo "
"; + echo "
"; echo "
\n"; echo "
\n"; diff --git a/core/domains/app_config.php b/core/domains/app_config.php index addaeb44c2..096ba95ec0 100644 --- a/core/domains/app_config.php +++ b/core/domains/app_config.php @@ -31,7 +31,11 @@ $apps[$x]['permissions'][$y]['name'] = 'domain_delete'; $apps[$x]['permissions'][$y]['groups'][] = 'superadmin'; $y++; - $apps[$x]['permissions'][$y]['name'] = 'domain_view'; + $apps[$x]['permissions'][$y]['name'] = 'domain_select'; + $apps[$x]['permissions'][$y]['groups'][] = 'superadmin'; + $y++; + + $apps[$x]['permissions'][$y]['name'] = 'domain_setting_view'; $apps[$x]['permissions'][$y]['groups'][] = 'superadmin'; $y++; $apps[$x]['permissions'][$y]['name'] = 'domain_setting_add'; diff --git a/core/domains/domain_settings.php b/core/domains/domain_settings.php index 4249062dd6..89de4cbc10 100644 --- a/core/domains/domain_settings.php +++ b/core/domains/domain_settings.php @@ -26,7 +26,7 @@ require_once "root.php"; require_once "includes/require.php"; require_once "includes/checkauth.php"; -if (if_group("admin") || if_group("superadmin")) { +if (permission_exists('domain_setting_view')) { //access granted } else { @@ -49,20 +49,20 @@ require_once "includes/paging.php"; //echo "\n"; //echo " \n"; - //echo " \n"; + //echo " \n"; //echo " \n"; //echo " \n"; //echo " \n"; - //echo " \n"; //echo " \n"; //echo "
Domain SettingsDomain Settings 
\n"; + //echo " \n"; //echo " Settings used for each domain.

\n"; //echo "
\n"; //prepare to page the results - $sql = " select count(*) as num_rows from v_domain_settings "; - $sql .= " where domain_uuid = '$domain_uuid' "; - $sql .= " and domain_uuid = '$domain_uuid' "; + $sql = "select count(*) as num_rows from v_domain_settings "; + $sql .= "where domain_uuid = '$domain_uuid' "; + $sql .= "and domain_uuid = '$domain_uuid' "; if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } $prep_statement = $db->prepare($sql); if ($prep_statement) { @@ -84,13 +84,11 @@ require_once "includes/paging.php"; list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page); $offset = $rows_per_page * $page; - //get the domain list - $sql = ""; - $sql .= " select * from v_domain_settings "; - $sql .= " where domain_uuid = '$domain_uuid' "; - $sql .= " and domain_uuid = '$domain_uuid' "; + //get the list + $sql = "select * from v_domain_settings "; + $sql .= "where domain_uuid = '$domain_uuid' "; if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; } - $sql .= " limit $rows_per_page offset $offset "; + $sql .= "limit $rows_per_page offset $offset "; $prep_statement = $db->prepare(check_sql($sql)); $prep_statement->execute(); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); @@ -119,7 +117,13 @@ require_once "includes/paging.php"; echo th_order_by('domain_setting_enabled', 'Enabled', $order_by, $order); echo th_order_by('domain_setting_description', 'Description', $order_by, $order); echo "
\n"; - echo " $v_link_label_add\n"; + if (permission_exists('domain_setting_add')) { + echo " $v_link_label_add\n"; + } + else { + echo "  \n"; + } + echo "
".$row['domain_setting_enabled']." ".$row['domain_setting_description']." \n"; + if (permission_exists('domain_setting_edit')) { echo " $v_link_label_edit\n"; + } + if (permission_exists('domain_setting_delete')) { echo " $v_link_label_delete\n"; + } echo "
 $paging_controls\n"; - echo " $v_link_label_add\n"; + if (permission_exists('domain_setting_add')) { + echo " $v_link_label_add\n"; + } + else { + echo "  \n"; + } echo "
\n"; diff --git a/core/domains/domain_settings_delete.php b/core/domains/domain_settings_delete.php index eeee263f8d..82a3d81ac7 100644 --- a/core/domains/domain_settings_delete.php +++ b/core/domains/domain_settings_delete.php @@ -26,7 +26,7 @@ require_once "root.php"; require_once "includes/require.php"; require_once "includes/checkauth.php"; -if (if_group("admin") || if_group("superadmin")) { +if (permission_exists('domain_setting_delete')) { //access granted } else { @@ -40,21 +40,22 @@ if (count($_GET)>0) { } if (strlen($id)>0) { - $sql = ""; - $sql .= "delete from v_domain_settings "; - $sql .= "where domain_uuid = '$domain_uuid' "; - $sql .= "and domain_setting_uuid = '$id' "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - unset($sql); + //delete domain_setting + $sql = "delete from v_domain_settings "; + $sql .= "where domain_uuid = '$domain_uuid' "; + $sql .= "and domain_setting_uuid = '$id' "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + unset($sql); } -require_once "includes/header.php"; -echo "\n"; -echo "
\n"; -echo "Delete Complete\n"; -echo "
\n"; -require_once "includes/footer.php"; -return; +//redirect the user + require_once "includes/header.php"; + echo "\n"; + echo "
\n"; + echo "Delete Complete\n"; + echo "
\n"; + require_once "includes/footer.php"; + return; ?> \ No newline at end of file diff --git a/core/domains/domain_settings_edit.php b/core/domains/domain_settings_edit.php index 8606e3e591..c21bdad129 100644 --- a/core/domains/domain_settings_edit.php +++ b/core/domains/domain_settings_edit.php @@ -26,7 +26,7 @@ require_once "root.php"; require_once "includes/require.php"; require_once "includes/checkauth.php"; -if (if_group("admin") || if_group("superadmin")) { +if (permission_exists('domain_setting_add') || permission_exists('domain_setting_edit')) { //access granted } else { @@ -87,7 +87,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { //add or update the database if ($_POST["persistformvar"] != "true") { - if ($action == "add") { + if ($action == "add" && permission_exists('domain_setting_add')) { $sql = "insert into v_domain_settings "; $sql .= "("; $sql .= "domain_uuid, "; @@ -122,7 +122,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { return; } //if ($action == "add") - if ($action == "update") { + if ($action == "update" && permission_exists('domain_setting_edit')) { $sql = "update v_domain_settings set "; $sql .= "domain_setting_category = '$domain_setting_category', "; $sql .= "domain_setting_subcategory = '$domain_setting_subcategory', "; @@ -148,7 +148,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { //pre-populate the form if (count($_GET)>0 && $_POST["persistformvar"] != "true") { - $domain_setting_uuid = $_GET["id"]; + $domain_setting_uuid = check_str($_GET["id"]); $sql = "select * from v_domain_settings "; $sql .= "where domain_uuid = '$domain_uuid' "; $sql .= "and domain_setting_uuid = '$domain_setting_uuid' "; @@ -175,7 +175,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) { echo "\n"; echo "\n"; echo " \n"; echo "\n"; @@ -161,8 +168,12 @@ else { echo " \n"; echo " \n"; echo " \n"; echo "\n"; if ($c==0) { $c=1; } else { $c=0; } @@ -170,7 +181,6 @@ else { unset($sql, $result, $row_count); } //end if results - echo "\n"; echo "
\n"; - echo "
"; + echo "
"; echo "\n"; echo "
\n"; diff --git a/core/domains/domains.php b/core/domains/domains.php index 73dfc52573..036c4d2854 100644 --- a/core/domains/domains.php +++ b/core/domains/domains.php @@ -26,7 +26,7 @@ require_once "root.php"; require_once "includes/require.php"; require_once "includes/checkauth.php"; -if (if_group("admin") || if_group("superadmin")) { +if (permission_exists('domain_view')) { //access granted } else { @@ -34,46 +34,48 @@ else { exit; } -//change the tenant - if (strlen($_GET["domain_uuid"]) > 0 && $_GET["domain_change"] == "true") { - //get the domain_uuid - $sql = "select * from v_domains "; - $sql .= "order by domain_name asc "; - $prep_statement = $db->prepare($sql); - $prep_statement->execute(); - $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach($result as $row) { - if (count($result) == 0) { - $_SESSION["domain_uuid"] = $row["domain_uuid"]; - $_SESSION["domain_name"] = $row['domain_name']; - } - else { - if ($row['domain_name'] == $domain_array[0] || $row['domain_name'] == 'www.'.$domain_array[0]) { +//change the domain + if (strlen(check_str($_GET["domain_uuid"])) > 0 && check_str($_GET["domain_change"]) == "true") { + if (permission_exists('domain_select')) { + //get the domain_uuid + $sql = "select * from v_domains "; + $sql .= "order by domain_name asc "; + $prep_statement = $db->prepare($sql); + $prep_statement->execute(); + $result = $prep_statement->fetchAll(PDO::FETCH_NAMED); + foreach($result as $row) { + if (count($result) == 0) { $_SESSION["domain_uuid"] = $row["domain_uuid"]; $_SESSION["domain_name"] = $row['domain_name']; } - $_SESSION['domains'][$row['domain_uuid']]['domain_uuid'] = $row['domain_uuid']; - $_SESSION['domains'][$row['domain_uuid']]['domain_name'] = $row['domain_name']; + else { + if ($row['domain_name'] == $domain_array[0] || $row['domain_name'] == 'www.'.$domain_array[0]) { + $_SESSION["domain_uuid"] = $row["domain_uuid"]; + $_SESSION["domain_name"] = $row['domain_name']; + } + $_SESSION['domains'][$row['domain_uuid']]['domain_uuid'] = $row['domain_uuid']; + $_SESSION['domains'][$row['domain_uuid']]['domain_name'] = $row['domain_name']; + } } - } - unset($result, $prep_statement); + unset($result, $prep_statement); - //update the domain session variables - $domain_uuid = check_str($_GET["domain_uuid"]); - $_SESSION['domain_uuid'] = $domain_uuid; - $_SESSION["domain_name"] = $_SESSION['domains'][$domain_uuid]['domain_name']; - $_SESSION['domain']['template']['name'] = $_SESSION['domains'][$domain_uuid]['template_name']; - //clear the menu session so that it is regenerated for the selected domain - $_SESSION["menu"] = ''; - //clear the extension array so that it is regenerated for the selected domain - unset($_SESSION['extension_array']); - //set the context - if (count($_SESSION["domains"]) > 1) { - $_SESSION["context"] = $_SESSION["domain_name"]; - } - else { - $_SESSION["context"] = 'default'; - } + //update the domain session variables + $domain_uuid = check_str($_GET["domain_uuid"]); + $_SESSION['domain_uuid'] = $domain_uuid; + $_SESSION["domain_name"] = $_SESSION['domains'][$domain_uuid]['domain_name']; + $_SESSION['domain']['template']['name'] = $_SESSION['domains'][$domain_uuid]['template_name']; + //clear the menu session so that it is regenerated for the selected domain + $_SESSION["menu"] = ''; + //clear the extension array so that it is regenerated for the selected domain + unset($_SESSION['extension_array']); + //set the context + if (count($_SESSION["domains"]) > 1) { + $_SESSION["context"] = $_SESSION["domain_name"]; + } + else { + $_SESSION["context"] = 'default'; + } + } } //includes @@ -151,7 +153,12 @@ else { echo th_order_by('domain_name', 'Domain', $order_by, $order); echo th_order_by('domain_description', 'Description', $order_by, $order); echo "
\n"; - echo " $v_link_label_add\n"; + if (permission_exists('domain_add')) { + echo " $v_link_label_add\n"; + } + else { + echo "  \n"; + } echo "
".$row['domain_name']." ".$row['domain_description']." \n"; - echo " $v_link_label_edit\n"; - echo " $v_link_label_delete\n"; + if (permission_exists('domain_edit')) { + echo " $v_link_label_edit\n"; + } + if (permission_exists('domain_delete')) { + echo " $v_link_label_delete\n"; + } echo "
\n"; echo " \n"; @@ -178,7 +188,12 @@ else { echo " \n"; echo " \n"; echo " \n"; echo " \n"; echo "
 $paging_controls\n"; - echo " $v_link_label_add\n"; + if (permission_exists('domain_add')) { + echo " $v_link_label_add\n"; + } + else { + echo "  \n"; + } echo "
\n"; diff --git a/core/domains/domains_delete.php b/core/domains/domains_delete.php index 16cecb8a35..a09e498776 100644 --- a/core/domains/domains_delete.php +++ b/core/domains/domains_delete.php @@ -26,7 +26,7 @@ require_once "root.php"; require_once "includes/require.php"; require_once "includes/checkauth.php"; -if (if_group("admin") || if_group("superadmin")) { +if (permission_exists('domain_delete')) { //access granted } else { diff --git a/core/domains/domains_edit.php b/core/domains/domains_edit.php index c878f0e398..6dded99416 100644 --- a/core/domains/domains_edit.php +++ b/core/domains/domains_edit.php @@ -26,7 +26,7 @@ require_once "root.php"; require_once "includes/require.php"; require_once "includes/checkauth.php"; -if (if_group("admin") || if_group("superadmin")) { +if (permission_exists('domain_add') || permission_exists('domain_edit')) { //access granted } else { @@ -74,7 +74,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { //add or update the database if ($_POST["persistformvar"] != "true") { - if ($action == "add") { + if ($action == "add" && permission_exists('domain_add')) { $sql = "select count(*) as num_rows from v_domains "; $sql .= "where domain_name = '$domain_name' "; $prep_statement = $db->prepare($sql); @@ -100,7 +100,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { } } - if ($action == "update") { + if ($action == "update" && permission_exists('domain_edit')) { $sql = "update v_domains set "; $sql .= "domain_name = '$domain_name', "; $sql .= "domain_description = '$domain_description' "; @@ -158,7 +158,7 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { echo "\n"; echo "\n"; echo "
\n"; - echo "
"; + echo "
"; echo "\n"; echo "
\n"; diff --git a/themes/accessible/template.php b/themes/accessible/template.php index 2ce8e2bf36..c07abeb96f 100644 --- a/themes/accessible/template.php +++ b/themes/accessible/template.php @@ -421,7 +421,7 @@ function confirmdelete(url) {
1) { + if (permission_exists("domain_select") && count($_SESSION['domains']) > 1) { //$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" "; //$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" "; //$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" "; diff --git a/themes/classic/template.php b/themes/classic/template.php index 02f7cd235c..1013e696d0 100644 --- a/themes/classic/template.php +++ b/themes/classic/template.php @@ -518,7 +518,7 @@ function confirmdelete(url) { 1) { + if (permission_exists("domain_select") && count($_SESSION['domains']) > 1) { //$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" "; //$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" "; //$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" "; diff --git a/themes/default/template.php b/themes/default/template.php index 44b9965696..1dffa13d15 100644 --- a/themes/default/template.php +++ b/themes/default/template.php @@ -654,7 +654,7 @@ function confirmdelete(url) { 1) { + if (permission_exists("domain_select") && count($_SESSION['domains']) > 1) { //$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" "; //$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" "; //$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" "; diff --git a/themes/enhanced/template.php b/themes/enhanced/template.php index 7c4e8fc10d..c9b9f44af9 100644 --- a/themes/enhanced/template.php +++ b/themes/enhanced/template.php @@ -655,7 +655,7 @@ function confirmdelete(url) { 1) { + if (permission_exists("domain_select") && count($_SESSION['domains']) > 1) { //$tmp_style = "style=\"opacity:0.7;filter:alpha(opacity=70)\" "; //$tmp_style .= "onmouseover=\"this.style.opacity=1;this.filters.alpha.opacity=90\" "; //$tmp_style .= "onmouseout=\"this.style.opacity=0.7;this.filters.alpha.opacity=70\" ";