diff --git a/account/groups.php b/account/groups.php
index b3eac12a3..3032aed41 100644
--- a/account/groups.php
+++ b/account/groups.php
@@ -111,7 +111,7 @@
// Bind permission delete and add buttons
$('.addPermission').on('click', function(){
if ($('#permission-groups').has("input").length == 0) {
- $("")
+ $("")
.appendTo('#permission-groups');
}
$('#permission-groups input').focus();
diff --git a/api/load_user_permissions.php b/api/create_group.php
similarity index 67%
rename from api/load_user_permissions.php
rename to api/create_group.php
index 1ea4941e2..ca6c52b95 100644
--- a/api/load_user_permissions.php
+++ b/api/create_group.php
@@ -1,65 +1,70 @@
- 1, "successes" => 0));
- exit();
-}
-
-// GET Parameters: [user_id]
-$validator = new Validator();
-$user_id = $validator->optionalGetVar('user_id');
-
-// If no user_id is specified, use the id of the currently logged in user.
-if (!$user_id){
- $user_id = $loggedInUser->user_id;
-}
-
-// Attempt to load information for the specified user.
-if (!($results = loadUserGroups($user_id))){
- echo json_encode(array("errors" => 1, "successes" => 0));
- exit();
-}
-
-restore_error_handler();
-
-echo json_encode($results);
-
-?>
\ No newline at end of file
+ 1, "successes" => 0));
+ exit();
+}
+
+// TODO: accept home page ids, is_default, and can_delete
+
+$validator = new Validator();
+$group_name = $validator->requiredPostVar('group_name');
+
+//Forms posted
+if($group_name) {
+ if (!createGroup($group_name)){
+ echo json_encode(array("errors" => 1, "successes" => 0));
+ exit();
+ }
+} else {
+ addAlert("danger", lang("PERMISSION_CHAR_LIMIT", array(1, 50)));
+ echo json_encode(array("errors" => 1, "successes" => 0));
+ exit();
+}
+
+restore_error_handler();
+
+if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
+ echo json_encode(array(
+ "errors" => 0,
+ "successes" => 1));
+} else {
+ header('Location: ' . getReferralPage());
+ exit();
+}
+?>
diff --git a/api/load_form_user.php b/api/load_form_user.php
index 967f78049..511e4c1fb 100644
--- a/api/load_form_user.php
+++ b/api/load_form_user.php
@@ -1,7 +1,7 @@
requiredGetVar('box_id');
+$render_mode = $validator->requiredGetVar('render_mode');
+$show_dates = $validator->optionalBooleanGetVar('show_dates', false);
+$show_passwords = $validator->optionalBooleanGetVar('show_passwords', true);
+
// Buttons (optional)
// button_submit: If set to true, display the submission button for this form.
// button_edit: If set to true, display the edit button for panel mode.
@@ -59,16 +64,12 @@
// button_activate: If set to true, display the activate button for inactive users.
// button_delete: If set to true, display the deletion button for deletable users.
-$box_id = requiredGetVar('box_id');
-$render_mode = requiredGetVar('render_mode');
-$show_dates = optionalBooleanGetVar('show_dates', false);
-$show_passwords = optionalBooleanGetVar('show_passwords', true);
-$button_submit = optionalBooleanGetVar('button_submit', true);
-$button_edit = optionalBooleanGetVar('button_edit', false);
-$button_disable = optionalBooleanGetVar('button_disable', false);
-$button_activate = optionalBooleanGetVar('button_activate', false);
-$button_delete = optionalBooleanGetVar('button_delete', false);
-$disabled = optionalBooleanGetVar('disabled', false);
+$button_submit = $validator->optionalBooleanGetVar('button_submit', true);
+$button_edit = $validator->optionalBooleanGetVar('button_edit', false);
+$button_disable = $validator->optionalBooleanGetVar('button_disable', false);
+$button_activate = $validator->optionalBooleanGetVar('button_activate', false);
+$button_delete = $validator->optionalBooleanGetVar('button_delete', false);
+$disabled = $validator->optionalBooleanGetVar('disabled', false);
$disable_str = "";
if ($disabled) {
@@ -76,22 +77,9 @@
$username_disable_str = "disabled";
}
-function optionalBooleanGetVar($var_name, $default_value){
- if (isset($_GET[$var_name])){
- $bool_val = false;
- if (strtolower($_GET[$var_name]) == "true")
- $bool_val = true;
- if ($bool_val == $default_value)
- return $default_value;
- else
- return !$default_value;
- } else
- return $default_value;
-}
-
-$userid = $validator->requiredGetVar('user_id');
+$userid = $validator->optionalNumericGetVar('user_id');
// Create appropriate labels
-if (isset($userid) and is_numeric($userid)){
+if ($userid){
$populate_fields = true;
$button_submit_text = "Update user";
$user_id = htmlentities($userid);
diff --git a/api/load_permissions.php b/api/load_groups.php
similarity index 57%
rename from api/load_permissions.php
rename to api/load_groups.php
index 64f6f9692..843689a6d 100644
--- a/api/load_permissions.php
+++ b/api/load_groups.php
@@ -1,7 +1,7 @@
1, "successes" => 0));
- exit();
+// GET Parameters: [user_id, group_id]
+// If a user_id is specified, attempt to load group information for all groups associated with the specified user.
+// If a group_id is specified, attempt to load information for the specified group.
+// Otherwise, attempt to load all groups.
+$validator = new Validator();
+$user_id = $validator->optionalGetVar('user_id');
+$group_id = $validator->optionalGetVar('group_id');
+
+if ($user_id){
+ // Special case to load groups for the logged in user
+ if (strtolower($user_id) == "self"){
+ $user_id = $loggedInUser->user_id;
+ }
+
+ // Attempt to load group information for the specified user.
+ if (!($results = loadUserGroups($user_id))){
+ echo json_encode(array("errors" => 1, "successes" => 0));
+ exit();
+ }
+} else if ($group_id){
+ // Attempt to load information for the specified group.
+ if (!($results = loadGroup($group_id))){
+ echo json_encode(array("errors" => 1, "successes" => 0));
+ exit();
+ }
+} else {
+ // Attempt to load information for all groups
+ if (!($results = loadGroups())){
+ echo json_encode(array("errors" => 1, "successes" => 0));
+ exit();
+ }
}
restore_error_handler();
diff --git a/api/create_permission.php b/api/update_group.php
old mode 100644
new mode 100755
similarity index 53%
rename from api/create_permission.php
rename to api/update_group.php
index 036d087f7..cc56f82dd
--- a/api/create_permission.php
+++ b/api/update_group.php
@@ -1,7 +1,7 @@
1, "successes" => 0));
- } else {
- header("Location: " . getReferralPage());
- }
+// User must be logged in
+if (!isUserLoggedIn()){
+ addAlert("danger", "You must be logged in to access this resource.");
+ echo json_encode(array("errors" => 1, "successes" => 0));
exit();
}
+// TODO: accept home page ids, is_default, and can_delete
+
+$validator = new Validator();
+$group_id = $validator->requiredPostVar('group_id');
+$name = $validator->requiredPostVar('name');
+
//Forms posted
-if(!empty($_POST))
-{
- //Create new permission level
- if(!empty($_POST['new_permission'])) {
- $permission = trim($_POST['new_permission']);
-
- //Validate request
- if (groupNameExists($permission)){
- $errors[] = lang("PERMISSION_NAME_IN_USE", array($permission));
+if($group_id && $name){
+ if (!updateGroup($group_id, $name)){
+ echo json_encode(array("errors" => 1, "successes" => 0));
+ exit();
+ }
+} else {
+ echo json_encode(array("errors" => 1, "successes" => 0));
+ exit();
+}
+ /*
+ //Remove access for users
+ if(!empty($_POST['removePermission'])){
+ $remove = $_POST['removePermission'];
+ if ($deletion_count = removeUsersFromGroup($permissionId, $remove)) {
+ $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));
}
- elseif (minMaxRange(1, 50, $permission)){
- $errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50));
+ else {
+ $errors[] = lang("SQL_ERROR");
}
- else{
- if (createGroup($permission)) {
- $successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission));
+ }
+
+ //Add access for users
+ if(!empty($_POST['addPermission'])){
+ $add = $_POST['addPermission'];
+ if ($addition_count = addUsersToGroup($permissionId, $add)) {
+ $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));
}
- else {
- $errors[] = lang("SQL_ERROR");
- }
+ else {
+ $errors[] = lang("SQL_ERROR");
}
- } else {
- $errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50));
}
-} else {
- $errors[] = lang("NO_DATA");
-}
+*/
restore_error_handler();
-foreach ($errors as $error){
- addAlert("danger", $error);
-}
-foreach ($successes as $success){
- addAlert("success", $success);
-}
-
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
echo json_encode(array(
- "errors" => count($errors),
- "successes" => count($successes)));
+ "errors" => 0,
+ "successes" => 1));
} else {
header('Location: ' . getReferralPage());
exit();
}
+
?>
diff --git a/api/update_permission.php b/api/update_permission.php
deleted file mode 100755
index adb8c4a84..000000000
--- a/api/update_permission.php
+++ /dev/null
@@ -1,152 +0,0 @@
- 1, "successes" => 0));
- } else {
- header("Location: " . getReferralPage());
- }
- exit();
-}
-
-$permissionId = $_GET['id'];
-
-//Check if selected permission level exists
-if(!groupIdExists($permissionId)){
- addAlert("danger", "I'm sorry, the permission id you specified is invalid!");
- if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
- echo json_encode(array("errors" => 1, "successes" => 0));
- } else {
- header("Location: " . getReferralPage());
- }
- exit();
-}
-
-$permissionDetails = fetchGroupDetails($permissionId); //Fetch information specific to permission level
-
-//Forms posted
-if(!empty($_POST)){
- //Update permission level name
- if($permissionDetails['name'] != $_POST['name']) {
- $permission = trim($_POST['name']);
-
- //Validate new name
- if (groupNameExists($permission)){
- $errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission));
- }
- elseif (minMaxRange(1, 50, $permission)){
- $errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50));
- }
- else {
- if (updateGroup($permissionId, $permission)){
- $successes[] = lang("PERMISSION_NAME_UPDATE", array($permission));
- }
- else {
- $errors[] = lang("SQL_ERROR");
- }
- }
- }
-
- //Remove access for users
- if(!empty($_POST['removePermission'])){
- $remove = $_POST['removePermission'];
- if ($deletion_count = removeUsersFromGroup($permissionId, $remove)) {
- $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));
- }
- else {
- $errors[] = lang("SQL_ERROR");
- }
- }
-
- //Add access for users
- if(!empty($_POST['addPermission'])){
- $add = $_POST['addPermission'];
- if ($addition_count = addUsersToGroup($permissionId, $add)) {
- $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));
- }
- else {
- $errors[] = lang("SQL_ERROR");
- }
- }
-
- //Remove access to pages
- if(!empty($_POST['removePage'])){
- $remove = $_POST['removePage'];
- if ($deletion_count = removePage($remove, $permissionId)) {
- $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));
- }
- else {
- $errors[] = lang("SQL_ERROR");
- }
- }
-
- //Add access to pages
- if(!empty($_POST['addPage'])){
- $add = $_POST['addPage'];
- if ($addition_count = addPage($add, $permissionId)) {
- $successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));
- }
- else {
- $errors[] = lang("SQL_ERROR");
- }
- }
- $permissionDetails = fetchGroupDetails($permissionId);
-}
-
-restore_error_handler();
-
-foreach ($errors as $error){
- addAlert("danger", $error);
-}
-foreach ($successes as $success){
- addAlert("success", $success);
-}
-
-if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
- echo json_encode(array(
- "errors" => count($errors),
- "successes" => count($successes)));
-} else {
- header('Location: ' . getReferralPage());
- exit();
-}
-
-?>
diff --git a/js/userfrosting.js b/js/userfrosting.js
index 504e34196..e392acb3b 100644
--- a/js/userfrosting.js
+++ b/js/userfrosting.js
@@ -324,7 +324,7 @@ function loadCurrentUser() {
}
function loadPermissions(div_id) {
- var url = APIPATH + "load_permissions.php";
+ var url = APIPATH + "load_groups.php";
$.getJSON( url, {})
.done(function( data ) {
if (Object.keys(data).length > 0) { // Don't bother unless there are some records found
@@ -343,13 +343,13 @@ function loadPermissions(div_id) {
});
}
-function addNewPermission(permission_name) {
- var url = APIPATH + 'create_permission.php';
+function addNewPermission(group_name) {
+ var url = APIPATH + 'create_group.php';
$.ajax({
type: "POST",
url: url,
data: {
- new_permission: permission_name,
+ group_name: group_name,
ajaxMode: "true"
}
}).done( function(result) {
@@ -385,18 +385,19 @@ function deletePermission(id) {
// Load permissions for the logged in user
function userLoadPermissions() {
- var url = APIPATH + 'load_user_permissions.php';
+ var url = APIPATH + 'load_groups.php';
var result = $.ajax({
type: "GET",
url: url,
- async: false
+ async: false,
+ data: {user_id: 'self'}
}).responseText;
var resultJSON = processJSONResult(result);
return resultJSON;
}
function loadAllPermissions() {
- var url = APIPATH + 'load_permissions.php';
+ var url = APIPATH + 'load_groups.php';
var result = $.ajax({
type: "GET",
url: url,
diff --git a/models/class_validator.php b/models/class_validator.php
index 21f9d38c4..bb04301dc 100644
--- a/models/class_validator.php
+++ b/models/class_validator.php
@@ -1,5 +1,35 @@
errors[] = "Error: data must be submitted via GET.";
+ return null;
+ }
+
if (isset($_GET[$varname]))
return htmlentities($_GET[$varname]);
else {
@@ -17,6 +53,12 @@ public function requiredGetVar($varname){
}
public function requiredPostVar($varname){
+ // Confirm that data has been submitted via POST
+ if (!($_SERVER['REQUEST_METHOD'] == 'POST')) {
+ $this->errors[] = "Error: data must be submitted via POST.";
+ return null;
+ }
+
if (isset($_POST[$varname]))
return htmlentities($_POST[$varname]);
else {
@@ -26,13 +68,37 @@ public function requiredPostVar($varname){
}
public function optionalGetVar($varname){
+ // Confirm that data has been submitted via GET
+ if (!($_SERVER['REQUEST_METHOD'] == 'GET')) {
+ $this->errors[] = "Error: data must be submitted via GET.";
+ return null;
+ }
+
if (isset($_GET[$varname]))
return htmlentities($_GET[$varname]);
else
return null;
}
+ public function optionalNumericGetVar($varname){
+ // Confirm that data has been submitted via GET
+ if (!($_SERVER['REQUEST_METHOD'] == 'GET')) {
+ $this->errors[] = "Error: data must be submitted via GET.";
+ return null;
+ }
+
+ if (isset($_GET[$varname]) && is_numeric($_GET[$varname]))
+ return htmlentities($_GET[$varname]);
+ else
+ return null;
+ }
+
public function optionalPostVar($varname){
+ // Confirm that data has been submitted via POST
+ if (!($_SERVER['REQUEST_METHOD'] == 'POST')) {
+ $this->errors[] = "Error: data must be submitted via POST.";
+ return null;
+ }
if (isset($_POST[$varname]))
return htmlentities($_POST[$varname]);
else
@@ -40,6 +106,11 @@ public function optionalPostVar($varname){
}
public function optionalPostArray($varname){
+ // Confirm that data has been submitted via POST
+ if (!($_SERVER['REQUEST_METHOD'] == 'POST')) {
+ $this->errors[] = "Error: data must be submitted via POST.";
+ return null;
+ }
if (isset($_POST[$varname])) {
$arr = array();
foreach ($_POST[$varname] as $val){
@@ -50,7 +121,26 @@ public function optionalPostArray($varname){
return array();
}
}
+
+ // Optional boolean variable ("true" or "false" as string)
+ function optionalBooleanGetVar($var_name, $default_value = "false"){
+ // Confirm that data has been submitted via GET
+ if (!($_SERVER['REQUEST_METHOD'] == 'GET')) {
+ $this->errors[] = "Error: data must be submitted via GET.";
+ return null;
+ }
+ if (isset($_GET[$var_name])){
+ $bool_val = false;
+ if (strtolower($_GET[$var_name]) == "true")
+ $bool_val = true;
+ if ($bool_val == $default_value)
+ return $default_value;
+ else
+ return !$default_value;
+ } else
+ return $default_value;
+ }
}
?>
\ No newline at end of file
diff --git a/models/config.php b/models/config.php
index e372a1b8e..5ad42bb6b 100755
--- a/models/config.php
+++ b/models/config.php
@@ -39,6 +39,7 @@ function logAllErrors($errno, $errstr, $errfile, $errline, array $errcontext) {
}
require_once("db-settings.php"); //Require DB connection
+require_once("funcs.php");
require_once("db_functions.php");
//Retrieve basic configuration settings
@@ -82,7 +83,6 @@ function logAllErrors($errno, $errstr, $errfile, $errline, array $errcontext) {
//Pages to require
require_once($language);
-require_once("funcs.php");
require_once("class_validator.php");
require_once("authorization.php");
require_once("secure_functions.php");
@@ -92,7 +92,7 @@ function logAllErrors($errno, $errstr, $errfile, $errline, array $errcontext) {
//ChromePhp debugger for chrome console
// http://craig.is/writing/chrome-logger
-require_once("chrome.php");
+//require_once("chrome.php");
session_start();
diff --git a/models/db-settings.php b/models/db-settings.php
index e91748d4b..5863ef15d 100755
--- a/models/db-settings.php
+++ b/models/db-settings.php
@@ -1,7 +1,7 @@
prepare($query);
+
+ $sqlVars = array(
+ ':name' => $name,
+ ':is_default' => $is_default,
+ ':can_delete' => $can_delete
+ );
+
+ $stmt->execute($sqlVars);
+
+ if ($stmt->rowCount() > 0)
+ return true;
+ else {
+ addAlert("danger", "Failed adding new user group.");
+ return false;
+ }
+
+ } catch (PDOException $e) {
+ addAlert("danger", "Oops, looks like our database encountered an error.");
+ error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
+ return false;
+ } catch (ErrorException $e) {
+ addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
+ return false;
+ }
+}
+
+// Update the specified group with a new name, is_default, and can_delete parameters
+function dbUpdateGroup($group_id, $name, $is_default, $can_delete){
+ try {
+
+ $db = pdoConnect();
+
+ global $db_table_prefix;
+
+ $stmt = $db->prepare("UPDATE ".$db_table_prefix."groups
+ SET name = :name, is_default = :is_default, can_delete = :can_delete
+ WHERE
+ id = :group_id
+ LIMIT 1");
+
+ $sqlVars = array(":group_id" => $group_id, ":name" => $name, "is_default" => $is_default, "can_delete" => $can_delete);
+
+ $stmt->execute($sqlVars);
+
+ if ($stmt->rowCount() > 0)
+ return true;
+ else {
+ addAlert("danger", "Invalid group id specified.");
+ return false;
+ }
+
+ } catch (PDOException $e) {
+ addAlert("danger", "Oops, looks like our database encountered an error.");
+ error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
+ return false;
+ } catch (ErrorException $e) {
+ addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
+ return false;
+ }
+}
+
//Functions that interact mainly with .user_group_matches table
//------------------------------------------------------------------------------
@@ -1232,7 +1307,9 @@ function addUserToGroups($group_ids, $user_id) {
:user_id
)";
- $stmt->prepare($query);
+ $stmt = $db->prepare($query);
+
+ $i = 0;
if (is_array($group_ids)){
foreach($group_ids as $id){
@@ -1258,7 +1335,7 @@ function addUserToGroups($group_ids, $user_id) {
}
//Unmatch group(s) from a user
-function removeUserFromGroups($group_ids, $user) {
+function removeUserFromGroups($group_ids, $user_id) {
try {
global $db_table_prefix;
@@ -1270,7 +1347,9 @@ function removeUserFromGroups($group_ids, $user) {
WHERE group_id = :group_id
AND user_id = :user_id";
- $stmt->prepare($query);
+ $stmt = $db->prepare($query);
+
+ $i = 0;
if (is_array($group_ids)){
foreach($group_ids as $id){
@@ -1889,7 +1968,7 @@ function addPage($page_ids, $group_id) {
:page_id
)";
- $stmt->prepare($query);
+ $stmt = $db->prepare($query);
if (is_array($page_ids)){
foreach($page_ids as $id){
@@ -1926,7 +2005,7 @@ function removePage($page_ids, $group_id) {
WHERE page_id = :page_id
AND group_id = :group_id";
- $stmt->prepare($query);
+ $stmt = $db->prepare($query);
if (is_array($page_ids)){
foreach($page_ids as $id){
diff --git a/models/funcs.php b/models/funcs.php
index ca405042b..206c3716b 100644
--- a/models/funcs.php
+++ b/models/funcs.php
@@ -236,43 +236,6 @@ function setReferralPage($page){
$_SESSION['referral_page'] = $page;
}
-function requiredPostVar($varname){
- // Confirm that data has been submitted via POST
- if (!($_SERVER['REQUEST_METHOD'] == 'POST')) {
- addAlert("danger", "Error: data must be submitted via POST.");
- echo json_encode(array("errors" => "1", "successes" => "0"));
- exit();
- }
-
- if (isset($_POST[$varname]))
- return htmlentities($_POST[$varname]);
- else {
- if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
- addAlert("danger", "$varname must be specified!");
- echo json_encode(array("errors" => "1", "successes" => "0"));
- } else {
- echo "$varname must be specified!";
- }
- exit();
- }
-}
-
-function requiredGetVar($varname){
- // Confirm that data has been submitted via GET
- if (!($_SERVER['REQUEST_METHOD'] == 'GET')) {
- addAlert("danger", "Error: data must be submitted via GET.");
- exit();
- }
-
- if (isset($_GET[$varname]))
- return htmlentities($_GET[$varname]);
- else {
- addAlert("danger", "$varname must be specified!");
- echo json_encode(array("errors" => "1", "successes" => "0"));
- exit();
- }
-}
-
// Add a session alert to the queue
function addAlert($type, $message){
if (!isset($_SESSION["userAlerts"])){
diff --git a/models/secure_functions.php b/models/secure_functions.php
index 69d05ed34..64108f864 100644
--- a/models/secure_functions.php
+++ b/models/secure_functions.php
@@ -1,4 +1,33 @@
prepare($query);
- $stmt->execute($sqlVars);
-
- if ($stmt->rowCount() > 0)
+ //Validate request
+ if (groupNameExists($name)){
+ addAlert("danger", lang("PERMISSION_NAME_IN_USE", array($name)));
+ return false;
+ }
+ elseif (minMaxRange(1, 50, $name)){
+ addAlert("danger", lang("PERMISSION_CHAR_LIMIT", array(1, 50)));
+ return false;
+ }
+ else {
+ if (dbCreateGroup($name, 0, 1)) {
+ addAlert("success", lang("PERMISSION_CREATION_SUCCESSFUL", array($name)));
return true;
- else {
- addAlert("danger", "Failed adding new user group.");
+ } else {
return false;
}
-
- } catch (PDOException $e) {
- addAlert("danger", "Oops, looks like our database encountered an error.");
- error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
- return false;
}
}
@@ -275,35 +304,35 @@ function updateGroup($group_id, $name, $is_default = 0, $can_delete = 1) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
-
- try {
- $db = pdoConnect();
-
- global $db_table_prefix;
+ //Check if selected group exists
+ if(!groupIdExists($group_id)){
+ addAlert("danger", "I'm sorry, the group id you specified is invalid!");
+ return false;
+ }
- $stmt = $db->prepare("UPDATE ".$db_table_prefix."groups
- SET name = :name, is_default = :is_default, can_delete = :can_delete
- WHERE
- id = :group_id
- LIMIT 1");
-
- $sqlVars = array(":group_id" => $group_id, ":name" => $name, "is_default" => $is_default, "can_delete" => $can_delete);
-
- $stmt->execute($sqlVars);
-
- if ($stmt->rowCount() > 0)
- return true;
- else {
- addAlert("danger", "Invalid group id specified.");
- return false;
- }
+ $groupDetails = fetchGroupDetails($group_id); //Fetch information specific to group
+
+ //Update group name, if different from previous and not already taken
+ $name = trim($name);
+ if(strtolower($name) != strtolower($groupDetails['name'])){
+ if (groupNameExists($name)) {
+ addAlert("danger", lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($name)));
+ return false;
+ }
+ elseif (minMaxRange(1, 50, $name)){
+ addAlert("danger", lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50)));
+ return false;
+ }
+ }
- } catch (PDOException $e) {
- addAlert("danger", "Oops, looks like our database encountered an error.");
- error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
- return false;
+ if (dbUpdateGroup($group_id, $name, $is_default, $can_delete)){
+ addAlert("success", lang("PERMISSION_NAME_UPDATE", array($name)));
+ return true;
}
+ else {
+ return false;
+ }
}
//Delete a user group