diff --git a/core/users/groupmemberadd.php b/core/users/groupmemberadd.php
index 485fe18de2..df319e96a0 100644
--- a/core/users/groupmemberadd.php
+++ b/core/users/groupmemberadd.php
@@ -41,38 +41,38 @@ else {
}
//get the http values and set them as variables
+ $group_uuid = check_str($_POST["group_uuid"]);
$group_name = check_str($_POST["group_name"]);
$user_uuid = check_str($_POST["user_uuid"]);
-if (strlen($user_uuid) > 0 && strlen($group_name) > 0) {
- $sql_insert = "insert into v_group_users ";
- $sql_insert .= "(";
- $sql_insert .= "group_user_uuid, ";
- $sql_insert .= "domain_uuid, ";
- $sql_insert .= "group_name, ";
- $sql_insert .= "user_uuid ";
- $sql_insert .= ")";
- $sql_insert .= "values ";
- $sql_insert .= "(";
- $sql_insert .= "'".uuid()."', ";
- $sql_insert .= "'$domain_uuid', ";
- $sql_insert .= "'$group_name', ";
- $sql_insert .= "'$user_uuid' ";
- $sql_insert .= ")";
- if (!$db->exec($sql_insert)) {
- //echo $db->errorCode() . "
";
- $info = $db->errorInfo();
- print_r($info);
- // $info[0] == $db->errorCode() unified error code
- // $info[1] is the driver specific error code
- // $info[2] is the driver specific error string
+//add the user to the group
+ if (is_uuid($user_uuid) && is_uuid($group_uuid) && strlen($group_name) > 0) {
+ $sql = "insert into v_group_users ";
+ $sql .= "(";
+ $sql .= "group_user_uuid, ";
+ $sql .= "domain_uuid, ";
+ $sql .= "group_uuid, ";
+ $sql .= "group_name, ";
+ $sql .= "user_uuid ";
+ $sql .= ")";
+ $sql .= "values ";
+ $sql .= "(";
+ $sql .= "'".uuid()."', ";
+ $sql .= "'$domain_uuid', ";
+ $sql .= "'$group_uuid', ";
+ $sql .= "'$group_name', ";
+ $sql .= "'$user_uuid' ";
+ $sql .= ")";
+ if (!$db->exec($sql)) {
+ $info = $db->errorInfo();
+ print_r($info);
+ }
+ else {
+ //log the success
+ //$log_type = 'group'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." added to group: ".$group_name;
+ //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
+ }
}
- else {
- //log the success
- //$log_type = 'group'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." added to group: ".$group_name;
- //log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
- }
-}
//redirect the user
header("Location: groupmembers.php?group_name=$group_name");
diff --git a/core/users/groupmemberdelete.php b/core/users/groupmemberdelete.php
index 425798ecd6..136c5da79b 100644
--- a/core/users/groupmemberdelete.php
+++ b/core/users/groupmemberdelete.php
@@ -43,19 +43,16 @@ else {
//get the http values and set them as variables
$group_name = check_str($_GET["group_name"]);
$user_uuid = check_str($_GET["user_uuid"]);
+ $group_uuid = check_str($_GET["group_uuid"]);
//delete the group membership
$sql_delete = "delete from v_group_users ";
$sql_delete .= "where domain_uuid = '$domain_uuid' ";
$sql_delete .= "and user_uuid = '$user_uuid' ";
- $sql_delete .= "and group_name = '$group_name' ";
+ $sql_delete .= "and group_uuid = '$group_uuid' ";
if (!$db->exec($sql_delete)) {
- //echo $db->errorCode() . "
";
$info = $db->errorInfo();
print_r($info);
- // $info[0] == $db->errorCode() unified error code
- // $info[1] is the driver specific error code
- // $info[2] is the driver specific error string
}
else {
//$log_type = 'group'; $log_status='remove'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." removed from group: ".$group_name;
diff --git a/core/users/groupmembers.php b/core/users/groupmembers.php
index 34cf1500b2..271ab4dd93 100644
--- a/core/users/groupmembers.php
+++ b/core/users/groupmembers.php
@@ -60,6 +60,37 @@ else {
}
//$exampledatareturned = example("apples", 1);
+//get the group from v_groups
+ $sql = "select * from v_groups ";
+ $sql .= "where group_uuid = '".$group_uuid."' ";
+ $sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) ";
+ $prep_statement = $db->prepare(check_sql($sql));
+ $prep_statement->execute();
+ $groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+ foreach ($groups as &$row) {
+ $group_name = $row["group_name"];
+ }
+ unset ($prep_statement);
+
+//get the the users array
+ if (permission_exists('group_member_add')) {
+ $sql = "SELECT * FROM v_users ";
+ $sql .= "where domain_uuid = '$domain_uuid' ";
+ $sql .= "order by username ";
+ $prep_statement = $db->prepare(check_sql($sql));
+ $prep_statement->execute();
+ $users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+ }
+
+//get the groups users
+ $sql = "SELECT u.user_uuid, u.username, g.group_user_uuid, g.group_uuid FROM v_group_users as g, v_users as u ";
+ $sql .= "where g.user_uuid = u.user_uuid ";
+ $sql .= "and g.domain_uuid = '$domain_uuid' ";
+ $sql .= "and g.group_name = '$group_name' ";
+ $prep_statement = $db->prepare(check_sql($sql));
+ $prep_statement->execute();
+ $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+
//include the header
require_once "resources/header.php";
$document['title'] = $text['title-group_members'];
@@ -80,22 +111,17 @@ else {
if (permission_exists('group_member_add')) {
echo " \n";
echo " ";
@@ -105,13 +131,6 @@ else {
echo "\n";
echo "
";
- $sql = "SELECT u.user_uuid, u.username, g.group_user_uuid FROM v_group_users as g, v_users as u ";
- $sql .= "where g.user_uuid = u.user_uuid ";
- $sql .= "and g.domain_uuid = '$domain_uuid' ";
- $sql .= "and g.group_name = '$group_name' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
-
$strlist = "\n";
$strlist .= "\n";
$strlist .= " | ".$text['label-username']." | \n";
@@ -122,17 +141,17 @@ else {
$strlist .= " \n";
$count = 0;
- $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
foreach ($result as &$row) {
$group_user_uuid = $row["group_user_uuid"];
$username = $row["username"];
$user_uuid = $row["user_uuid"];
+ $group_uuid = $row["group_uuid"];
$strlist .= "";
$strlist .= " $username | \n";
$strlist .= " | \n";
$strlist .= "";
if (permission_exists('group_member_delete')) {
- $strlist .= "$v_link_label_delete";
+ $strlist .= "$v_link_label_delete";
}
$strlist .= " | \n";
$strlist .= "\n";
@@ -145,7 +164,6 @@ else {
$strlist .= " \n";
echo $strlist;
-
echo "
";
//include the footer
|