Improve code for access controls.

2025-12-30 00:53:50 +00:00 · 2016-06-21 18:00:38 -06:00
parent 774dfd1053
commit f4765e954b
3 changed files with 89 additions and 77 deletions
--- a/app/access_controls/access_control_delete.php
+++ b/app/access_controls/access_control_delete.php
@@ -1,14 +1,18 @@
 <?php
-require_once "root.php";
-require_once "resources/require.php";
-require_once "resources/check_auth.php";
-if (permission_exists('access_control_delete')) {
-	//access granted
-}
-else {
-	echo "access denied";
-	exit;
-}
+
+//includes
+	require_once "root.php";
+	require_once "resources/require.php";
+
+//check permissions
+	require_once "resources/check_auth.php";
+	if (permission_exists('access_control_delete')) {
+		//access granted
+	}
+	else {
+		echo "access denied";
+		exit;
+	}

 //add multi-lingual support
 	$language = new text;
--- a/app/access_controls/access_control_edit.php
+++ b/app/access_controls/access_control_edit.php
@@ -1,14 +1,18 @@
 <?php
-require_once "root.php";
-require_once "resources/require.php";
-require_once "resources/check_auth.php";
-if (permission_exists('access_control_add') || permission_exists('access_control_edit')) {
-	//access granted
-}
-else {
-	echo "access denied";
-	exit;
-}
+
+//includes
+	require_once "root.php";
+	require_once "resources/require.php";
+
+//check permissions
+	require_once "resources/check_auth.php";
+	if (permission_exists('access_control_add') || permission_exists('access_control_edit')) {
+		//access granted
+	}
+	else {
+		echo "access denied";
+		exit;
+	}

 //add multi-lingual support
 	$language = new text;
@@ -75,8 +79,8 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 				unset($sql);

 				remove_config_from_cache('configuration:acl.conf');
-				$_SESSION['message'] = $text['message-add'];
-				header('Location: access_controls.php');
+				$_SESSION["message"] = $text['message-add'];
+				header("Location: access_controls.php");
 				return;

 			} //if ($action == "add")
@@ -91,8 +95,8 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 				unset($sql);

 				remove_config_from_cache('configuration:acl.conf');
-				$_SESSION['message'] = $text['message-update'];
-				header('Location: access_controls.php');
+				$_SESSION["message"] = $text['message-update'];
+				header("Location: access_controls.php");
 				return;

 			} //if ($action == "update")
@@ -120,8 +124,8 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	require_once "resources/header.php";

 //show the content
-	echo "<form method='post' name='frm' action=''>\n";
-	echo "<table width='100%'  border='0' cellpadding='6' cellspacing='0'>\n";
+	echo "<form name='frm' id='frm' method='post' action=''>\n";
+	echo "<table width='100%'  border='0' cellpadding='0' cellspacing='0'>\n";
 	echo "<tr>\n";
 	echo "<td align='left' width='30%' nowrap='nowrap' valign='top'><b>".$text['title-access_control']."</b><br><br></td>\n";
 	echo "<td width='70%' align='right' valign='top'>\n";
@@ -186,7 +190,7 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 	echo "	</tr>";
 	echo "</table>";
 	echo "</form>";
-	echo "<br><br>";
+	echo "<br /><br />";

 	if ($action == "update") {
 		require "access_control_nodes.php";
--- a/app/access_controls/access_controls.php
+++ b/app/access_controls/access_controls.php
@@ -1,14 +1,18 @@
 <?php
-require_once "root.php";
-require_once "resources/require.php";
-require_once "resources/check_auth.php";
-if (permission_exists('access_control_view')) {
-	//access granted
-}
-else {
-	echo "access denied";
-	exit;
-}
+
+//includes
+	require_once "root.php";
+	require_once "resources/require.php";
+
+//check permissions
+	require_once "resources/check_auth.php";
+	if (permission_exists('access_control_view')) {
+		//access granted
+	}
+	else {
+		echo "access denied";
+		exit;
+	}

 //add multi-lingual support
 	$language = new text;
@@ -22,6 +26,43 @@ else {
 	require_once "resources/header.php";
 	require_once "resources/paging.php";

+//prepare to page the results
+	$sql = "select count(*) as num_rows from v_access_controls ";
+	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
+	$prep_statement = $db->prepare($sql);
+	if ($prep_statement) {
+		$prep_statement->execute();
+		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
+		if ($row['num_rows'] > 0) {
+				$num_rows = $row['num_rows'];
+		}
+		else {
+				$num_rows = '0';
+		}
+	}
+
+//prepare to page the results
+	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
+	$param = "";
+	$page = $_GET['page'];
+	if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; }
+	list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page);
+	$offset = $rows_per_page * $page;
+
+//get the list
+	$sql = "select * from v_access_controls ";
+	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
+	$sql .= "limit $rows_per_page offset $offset ";
+	$prep_statement = $db->prepare(check_sql($sql));
+	$prep_statement->execute();
+	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	unset ($prep_statement, $sql);
+
+//alternate the row style
+	$c = 0;
+	$row_style["0"] = "row_style0";
+	$row_style["1"] = "row_style1";
+
 //show the content
 	echo "<table width='100%' border='0'>\n";
 	echo "	<tr>\n";
@@ -35,43 +76,6 @@ else {
 	echo "	</tr>\n";
 	echo "</table>\n";

-	//prepare to page the results
-		$sql = "select count(*) as num_rows from v_access_controls ";
-		if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
-		$prep_statement = $db->prepare($sql);
-		if ($prep_statement) {
-		$prep_statement->execute();
-			$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-			if ($row['num_rows'] > 0) {
-				$num_rows = $row['num_rows'];
-			}
-			else {
-				$num_rows = '0';
-			}
-		}
-
-	//prepare to page the results
-		$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
-		$param = "";
-		$page = $_GET['page'];
-		if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; }
-		list($paging_controls, $rows_per_page, $var3) = paging($num_rows, $param, $rows_per_page);
-		$offset = $rows_per_page * $page;
-
-	//get the list
-		$sql = "select * from v_access_controls ";
-		if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
-		$sql .= "limit $rows_per_page offset $offset ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		$result_count = count($result);
-		unset ($prep_statement, $sql);
-
-	$c = 0;
-	$row_style["0"] = "row_style0";
-	$row_style["1"] = "row_style1";
-
 	echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 	echo "<tr>\n";
 	echo th_order_by('access_control_name', $text['label-access_control_name'], $order_by, $order);
@@ -87,7 +91,7 @@ else {
 	echo "</td>\n";
 	echo "<tr>\n";

-	if ($result_count > 0) {
+	if (is_array($result)) {
 		foreach($result as $row) {
 			if (permission_exists('access_control_edit')) {
 				$tr_link = "href='access_control_edit.php?id=".$row['access_control_uuid']."'";
@@ -125,8 +129,7 @@ else {
 	}
 	echo "		</td>\n";
 	echo "	</tr>\n";
- 	echo "</table>\n";
-
+ 	echo "	</table>\n";
 	echo "</td>\n";
 	echo "</tr>\n";
 	echo "</table>";
@@ -134,4 +137,5 @@ else {

 //include the footer
 	require_once "resources/footer.php";
+
 ?>