source-function-F_isAuthorizedEditorForUser

It appears that you are using AdBlocking software. The cost of running this website is covered by advertisements. If you like it please feel free to a small amount of money to secure the future of this website.
Overview

Classes

Interfaces

Exceptions

Functions

  1: <?php
  2: //============================================================+
  3: // File name   : tce_functions_user_select.php
  4: // Begin       : 2001-09-13
  5: // Last Update : 2014-03-04
  6: //
  7: // Description : Functions to display and select registered user.
  8: //
  9: // Author: Nicola Asuni
 10: //
 11: // (c) Copyright:
 12: //               Nicola Asuni
 13: //               Tecnick.com LTD
 14: //               www.tecnick.com
 15: //               info@tecnick.com
 16: //
 17: // License:
 18: //    Copyright (C) 2004-2014  Nicola Asuni - Tecnick.com LTD
 19: //    See LICENSE.TXT file for more information.
 20: //============================================================+
 21: 
 22: /**
 23:  * @file
 24:  * Functions to display and select registered user.
 25:  * @package com.tecnick.tcexam.admin
 26:  * @author Nicola Asuni
 27:  * @since 2001-09-13
 28:  */
 29: 
 30: /**
 31:  * Display user selection for using F_show_select_user function.
 32:  * @author Nicola Asuni
 33:  * @since 2001-09-13
 34:  * @param $order_field (string) order by column name
 35:  * @param $orderdir (string) oreder direction
 36:  * @param $firstrow (string) number of first row to display
 37:  * @param $rowsperpage (string) number of rows per page
 38:  * @param $group_id (int) id of the group (default = 0 = no specific group selected)
 39:  * @param $andwhere (string) additional SQL WHERE query conditions
 40:  * @param $searchterms (string) search terms
 41:  * @return true
 42:  */
 43: function F_select_user($order_field, $orderdir, $firstrow, $rowsperpage, $group_id = 0, $andwhere = '', $searchterms = '')
 44: {
 45:     global $l;
 46:     require_once('../config/tce_config.php');
 47:     F_show_select_user($order_field, $orderdir, $firstrow, $rowsperpage, $group_id, $andwhere, $searchterms);
 48:     return true;
 49: }
 50: 
 51: /**
 52:  * Display user selection XHTML table.
 53:  * @author Nicola Asuni
 54:  * @since 2001-09-13
 55:  * @param $order_field (string) Order by column name.
 56:  * @param $orderdir (int) Order direction.
 57:  * @param $firstrow (int) Number of first row to display.
 58:  * @param $rowsperpage (int) Number of rows per page.
 59:  * @param $group_id (int) ID of the group (default = 0 = no specific group selected).
 60:  * @param $andwhere (string) Additional SQL WHERE query conditions.
 61:  * @param $searchterms (string) Search terms.
 62:  * @return false in case of empty database, true otherwise
 63:  */
 64: function F_show_select_user($order_field, $orderdir, $firstrow, $rowsperpage, $group_id = 0, $andwhere = '', $searchterms = '')
 65: {
 66:     global $l, $db;
 67:     require_once('../config/tce_config.php');
 68:     require_once('../../shared/code/tce_functions_page.php');
 69:     require_once('../../shared/code/tce_functions_form.php');
 70:     $filter = '';
 71:     if ($l['a_meta_dir'] == 'rtl') {
 72:         $txtalign = 'right';
 73:         $numalign = 'left';
 74:     } else {
 75:         $txtalign = 'left';
 76:         $numalign = 'right';
 77:     }
 78:     $order_field = F_escape_sql($db, $order_field);
 79:     $orderdir = intval($orderdir);
 80:     $firstrow = intval($firstrow);
 81:     $rowsperpage = intval($rowsperpage);
 82:     $group_id = intval($group_id);
 83:     if (empty($order_field) or (!in_array($order_field, array('user_id', 'user_name', 'user_password', 'user_email', 'user_regdate', 'user_ip', 'user_firstname', 'user_lastname', 'user_birthdate', 'user_birthplace', 'user_regnumber', 'user_ssn', 'user_level', 'user_verifycode')))) {
 84:         $order_field = 'user_lastname,user_firstname';
 85:     }
 86:     if ($orderdir == 0) {
 87:         $nextorderdir=1;
 88:         $full_order_field = $order_field;
 89:     } else {
 90:         $nextorderdir=0;
 91:         $full_order_field = $order_field.' DESC';
 92:     }
 93:     if (!F_count_rows(K_TABLE_USERS)) { // if the table is void (no items) display message
 94:         F_print_error('MESSAGE', $l['m_databasempty']);
 95:         return false;
 96:     }
 97:     $wherequery = '';
 98:     if ($group_id > 0) {
 99:         $wherequery = ', '.K_TABLE_USERGROUP.' WHERE user_id=usrgrp_user_id AND usrgrp_group_id='.$group_id.'';
100:         $filter .= '&amp;group_id='.$group_id.'';
101:     }
102:     if (empty($wherequery)) {
103:         $wherequery = ' WHERE';
104:     } else {
105:         $wherequery .= ' AND';
106:     }
107:     $wherequery .= ' (user_id>1)';
108:     if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
109:         // filter for level
110:         $wherequery .= ' AND ((user_level<'.$_SESSION['session_user_level'].') OR (user_id='.$_SESSION['session_user_id'].'))';
111:         // filter for groups
112:         $wherequery .= ' AND user_id IN (SELECT tb.usrgrp_user_id
113:             FROM '.K_TABLE_USERGROUP.' AS ta, '.K_TABLE_USERGROUP.' AS tb
114:             WHERE ta.usrgrp_group_id=tb.usrgrp_group_id
115:                 AND ta.usrgrp_user_id='.intval($_SESSION['session_user_id']).'
116:                 AND tb.usrgrp_user_id=user_id)';
117:     }
118:     if (!empty($andwhere)) {
119:         $wherequery .= ' AND ('.$andwhere.')';
120:     }
121:     $sql = 'SELECT * FROM '.K_TABLE_USERS.$wherequery.' ORDER BY '.$full_order_field;
122:     if (K_DATABASE_TYPE == 'ORACLE') {
123:         $sql = 'SELECT * FROM ('.$sql.') WHERE rownum BETWEEN '.$firstrow.' AND '.($firstrow + $rowsperpage).'';
124:     } else {
125:         $sql .= ' LIMIT '.$rowsperpage.' OFFSET '.$firstrow.'';
126:     }
127:     if ($r = F_db_query($sql, $db)) {
128:         if ($m = F_db_fetch_array($r)) {
129:             // -- Table structure with links:
130:             echo '<div class="container">';
131:             echo '<table class="userselect">'.K_NEWLINE;
132:             // table header
133:             echo '<tr>'.K_NEWLINE;
134:             echo '<th>&nbsp;</th>'.K_NEWLINE;
135:             if (strlen($searchterms) > 0) {
136:                 $filter .= '&amp;searchterms='.urlencode($searchterms);
137:             }
138:             echo F_select_table_header_element('user_name', $nextorderdir, $l['h_login_name'], $l['w_user'], $order_field, $filter);
139:             echo F_select_table_header_element('user_lastname', $nextorderdir, $l['h_lastname'], $l['w_lastname'], $order_field, $filter);
140:             echo F_select_table_header_element('user_firstname', $nextorderdir, $l['h_firstname'], $l['w_firstname'], $order_field, $filter);
141:             echo F_select_table_header_element('user_regnumber', $nextorderdir, $l['h_regcode'], $l['w_regcode'], $order_field, $filter);
142:             echo F_select_table_header_element('user_level', $nextorderdir, $l['h_level'], $l['w_level'], $order_field, $filter);
143:             echo F_select_table_header_element('user_regdate', $nextorderdir, $l['h_regdate'], $l['w_regdate'], $order_field, $filter);
144:             echo '<th title="'.$l['h_group_name'].'">'.$l['w_groups'].'</th>'.K_NEWLINE;
145:             echo '<th title="'.$l['t_all_results_user'].'">'.$l['w_tests'].'</th>'.K_NEWLINE;
146:             echo '</tr>'.K_NEWLINE;
147:             $itemcount = 0;
148:             do {
149:                 $itemcount++;
150:                 echo '<tr>'.K_NEWLINE;
151:                 echo '<td>';
152:                 echo '<input type="checkbox" name="userid'.$itemcount.'" id="userid'.$itemcount.'" value="'.$m['user_id'].'" title="'.$l['w_select'].'"';
153:                 if (isset($_REQUEST['checkall']) and ($_REQUEST['checkall'] == 1)) {
154:                     echo ' checked="checked"';
155:                 }
156:                 echo ' />';
157:                 echo '</td>'.K_NEWLINE;
158:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;<a href="tce_edit_user.php?user_id='.$m['user_id'].'" title="'.$l['w_edit'].'">'.htmlspecialchars($m['user_name'], ENT_NOQUOTES, $l['a_meta_charset']).'</a></td>'.K_NEWLINE;
159:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;'.htmlspecialchars($m['user_lastname'], ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
160:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;'.htmlspecialchars($m['user_firstname'], ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
161:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;'.htmlspecialchars($m['user_regnumber'], ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
162:                 echo '<td>&nbsp;'.$m['user_level'].'</td>'.K_NEWLINE;
163:                 echo '<td>&nbsp;'.htmlspecialchars($m['user_regdate'], ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
164:                 // comma separated list of user's groups
165:                 $grp = '';
166:                 $sqlg = 'SELECT *
167:                     FROM '.K_TABLE_GROUPS.', '.K_TABLE_USERGROUP.'
168:                     WHERE usrgrp_group_id=group_id
169:                         AND usrgrp_user_id='.$m['user_id'].'
170:                     ORDER BY group_name';
171:                 if ($rg = F_db_query($sqlg, $db)) {
172:                     while ($mg = F_db_fetch_array($rg)) {
173:                         $grp .= $mg['group_name'].', ';
174:                     }
175:                 } else {
176:                     F_display_db_error();
177:                 }
178:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;'.htmlspecialchars(substr($grp, 0, -2), ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
179: 
180:                 echo '<td><a href="tce_show_result_allusers.php?user_id='.$m['user_id'].'" class="xmlbutton" title="'.$l['t_all_results_user'].'">...</a></td>'.K_NEWLINE;
181: 
182:                 echo '</tr>'.K_NEWLINE;
183:             } while ($m = F_db_fetch_array($r));
184: 
185:             echo '</table>'.K_NEWLINE;
186: 
187:             echo '<br />'.K_NEWLINE;
188: 
189:             echo '<input type="hidden" name="order_field" id="order_field" value="'.$order_field.'" />'.K_NEWLINE;
190:             echo '<input type="hidden" name="orderdir" id="orderdir" value="'.$orderdir.'" />'.K_NEWLINE;
191:             echo '<input type="hidden" name="firstrow" id="firstrow" value="'.$firstrow.'" />'.K_NEWLINE;
192:             echo '<input type="hidden" name="rowsperpage" id="rowsperpage" value="'.$rowsperpage.'" />'.K_NEWLINE;
193: 
194:             // check/uncheck all options
195:             echo '<span dir="'.$l['a_meta_dir'].'">';
196:             echo '<input type="radio" name="checkall" id="checkall1" value="1" onclick="document.getElementById(\'form_userselect\').submit()" />';
197:             echo '<label for="checkall1">'.$l['w_check_all'].'</label> ';
198:             echo '<input type="radio" name="checkall" id="checkall0" value="0" onclick="document.getElementById(\'form_userselect\').submit()" />';
199:             echo '<label for="checkall0">'.$l['w_uncheck_all'].'</label>';
200:             echo '</span>'.K_NEWLINE;
201:             echo '<br />'.K_NEWLINE;
202:             echo '<strong style="margin:5px">'.$l['m_with_selected'].'</strong>'.K_NEWLINE;
203:             echo '<ul style="margin:0">';
204:             if ($_SESSION['session_user_level'] >= K_AUTH_DELETE_USERS) {
205:                 // delete user
206:                 echo '<li>';
207:                 F_submit_button('delete', $l['w_delete'], $l['h_delete']);
208:                 echo '</li>'.K_NEWLINE;
209:             }
210:             if ($_SESSION['session_user_level'] >= K_AUTH_ADMIN_GROUPS) {
211:                 echo '<li>';
212:                 // add/delete group
213:                 echo F_user_group_select('new_group_id');
214:                 F_submit_button('addgroup', $l['w_add'], $l['w_add']);
215:                 if ($_SESSION['session_user_level'] >= K_AUTH_DELETE_GROUPS) {
216:                     F_submit_button('delgroup', $l['w_delete'], $l['h_delete']);
217:                 }
218:                 echo '</li>'.K_NEWLINE;
219:                 if ($_SESSION['session_user_level'] >= K_AUTH_MOVE_GROUPS) {
220:                     // move group
221:                     echo '<li>';
222:                     if ($l['a_meta_dir'] == 'rtl') {
223:                         $arr = '&larr;';
224:                     } else {
225:                         $arr = '&rarr;';
226:                     }
227:                     echo F_user_group_select('from_group_id');
228:                     echo $arr;
229:                     echo F_user_group_select('to_group_id');
230:                     F_submit_button('move', $l['w_move'], $l['w_move']);
231:                     echo '</li>'.K_NEWLINE;
232:                 }
233:             }
234:             echo '</ul>'.K_NEWLINE;
235:             echo '<div class="row"><hr /></div>'.K_NEWLINE;
236: 
237:             // ---------------------------------------------------------------
238:             // -- page jumper (menu for successive pages)
239:             if ($rowsperpage > 0) {
240:                 $sql = 'SELECT count(*) AS total FROM '.K_TABLE_USERS.''.$wherequery.'';
241:                 if (!empty($order_field)) {
242:                     $param_array = '&amp;order_field='.urlencode($order_field).'';
243:                 }
244:                 if (!empty($orderdir)) {
245:                     $param_array .= '&amp;orderdir='.$orderdir.'';
246:                 }
247:                 if (!empty($group_id)) {
248:                     $param_array .= '&amp;group_id='.$group_id.'';
249:                 }
250:                 if (!empty($searchterms)) {
251:                     $param_array .= '&amp;searchterms='.urlencode($searchterms).'';
252:                 }
253:                 $param_array .= '&amp;submitted=1';
254:                 F_show_page_navigator($_SERVER['SCRIPT_NAME'], $sql, $firstrow, $rowsperpage, $param_array);
255:             }
256: 
257:             echo '<div class="row">'.K_NEWLINE;
258:             echo '<br />';
259:             echo '<a href="tce_xml_users.php" class="xmlbutton" title="'.$l['h_xml_export'].'">XML</a> ';
260:             echo '<a href="tce_xml_users.php?format=JSON" class="xmlbutton" title="JSON">JSON</a> ';
261:             echo '<a href="tce_tsv_users.php" class="xmlbutton" title="'.$l['h_tsv_export'].'">TSV</a>';
262:             echo '</div>'.K_NEWLINE;
263: 
264:             echo '<div class="pagehelp">'.$l['hp_select_users'].'</div>'.K_NEWLINE;
265:             echo '</div>'.K_NEWLINE;
266:         } else {
267:             F_print_error('MESSAGE', $l['m_search_void']);
268:         }
269:     } else {
270:         F_display_db_error();
271:     }
272:     return true;
273: }
274: 
275: /**
276:  * Display user selection XHTML table (popup mode).
277:  * @author Nicola Asuni
278:  * @since 2012-04-14
279:  * @param $order_field (string) Order by column name.
280:  * @param $orderdir (int) Order direction.
281:  * @param $firstrow (int) Number of first row to display.
282:  * @param $rowsperpage (int) Number of rows per page.
283:  * @param $group_id (int) ID of the group (default = 0 = no specific group selected).
284:  * @param $andwhere (string) Additional SQL WHERE query conditions.
285:  * @param $searchterms (string) Search terms.
286:  * @param string $cid ID of the calling form field.
287:  * @return false in case of empty database, true otherwise
288:  */
289: function F_show_select_user_popup($order_field, $orderdir, $firstrow, $rowsperpage, $group_id = 0, $andwhere = '', $searchterms = '', $cid = 0)
290: {
291:     global $l, $db;
292:     require_once('../config/tce_config.php');
293:     require_once('../../shared/code/tce_functions_page.php');
294:     require_once('../../shared/code/tce_functions_form.php');
295:     $filter = 'cid='.$cid;
296:     if ($l['a_meta_dir'] == 'rtl') {
297:         $txtalign = 'right';
298:         $numalign = 'left';
299:     } else {
300:         $txtalign = 'left';
301:         $numalign = 'right';
302:     }
303:     $order_field = F_escape_sql($db, $order_field);
304:     $orderdir = intval($orderdir);
305:     $firstrow = intval($firstrow);
306:     $rowsperpage = intval($rowsperpage);
307:     $group_id = intval($group_id);
308:     if (empty($order_field) or (!in_array($order_field, array('user_id', 'user_name', 'user_password', 'user_email', 'user_regdate', 'user_ip', 'user_firstname', 'user_lastname', 'user_birthdate', 'user_birthplace', 'user_regnumber', 'user_ssn', 'user_level', 'user_verifycode')))) {
309:         $order_field = 'user_lastname,user_firstname';
310:     }
311:     if ($orderdir == 0) {
312:         $nextorderdir=1;
313:         $full_order_field = $order_field;
314:     } else {
315:         $nextorderdir=0;
316:         $full_order_field = $order_field.' DESC';
317:     }
318:     if (!F_count_rows(K_TABLE_USERS)) { // if the table is void (no items) display message
319:         F_print_error('MESSAGE', $l['m_databasempty']);
320:         return false;
321:     }
322:     $wherequery = '';
323:     if ($group_id > 0) {
324:         $wherequery = ', '.K_TABLE_USERGROUP.' WHERE user_id=usrgrp_user_id AND usrgrp_group_id='.$group_id.'';
325:         $filter .= '&amp;group_id='.$group_id.'';
326:     }
327:     if (empty($wherequery)) {
328:         $wherequery = ' WHERE';
329:     } else {
330:         $wherequery .= ' AND';
331:     }
332:     $wherequery .= ' (user_id>1)';
333:     if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
334:         // filter for level
335:         $wherequery .= ' AND ((user_level<'.$_SESSION['session_user_level'].') OR (user_id='.$_SESSION['session_user_id'].'))';
336:         // filter for groups
337:         $wherequery .= ' AND user_id IN (SELECT tb.usrgrp_user_id
338:             FROM '.K_TABLE_USERGROUP.' AS ta, '.K_TABLE_USERGROUP.' AS tb
339:             WHERE ta.usrgrp_group_id=tb.usrgrp_group_id
340:                 AND ta.usrgrp_user_id='.intval($_SESSION['session_user_id']).'
341:                 AND tb.usrgrp_user_id=user_id)';
342:     }
343:     if (!empty($andwhere)) {
344:         $wherequery .= ' AND ('.$andwhere.')';
345:     }
346:     $sql = 'SELECT * FROM '.K_TABLE_USERS.$wherequery.' ORDER BY '.$full_order_field;
347:     if (K_DATABASE_TYPE == 'ORACLE') {
348:         $sql = 'SELECT * FROM ('.$sql.') WHERE rownum BETWEEN '.$firstrow.' AND '.($firstrow + $rowsperpage).'';
349:     } else {
350:         $sql .= ' LIMIT '.$rowsperpage.' OFFSET '.$firstrow.'';
351:     }
352:     if ($r = F_db_query($sql, $db)) {
353:         if ($m = F_db_fetch_array($r)) {
354:             // -- Table structure with links:
355:             echo '<div class="container">';
356:             echo '<table class="userselect" style="font-size:80%;">'.K_NEWLINE;
357:             // table header
358:             echo '<tr>'.K_NEWLINE;
359:             if (strlen($searchterms) > 0) {
360:                 $filter .= '&amp;searchterms='.urlencode($searchterms);
361:             }
362:             echo F_select_table_header_element('user_name', $nextorderdir, $l['h_login_name'], $l['w_user'], $order_field, $filter);
363:             echo F_select_table_header_element('user_lastname', $nextorderdir, $l['h_lastname'], $l['w_lastname'], $order_field, $filter);
364:             echo F_select_table_header_element('user_firstname', $nextorderdir, $l['h_firstname'], $l['w_firstname'], $order_field, $filter);
365:             echo F_select_table_header_element('user_email', $nextorderdir, $l['h_email'], $l['w_email'], $order_field, $filter);
366:             echo F_select_table_header_element('user_regnumber', $nextorderdir, $l['h_regcode'], $l['w_regcode'], $order_field, $filter);
367:             echo F_select_table_header_element('user_level', $nextorderdir, $l['h_level'], $l['w_level'], $order_field, $filter);
368:             echo F_select_table_header_element('user_regdate', $nextorderdir, $l['h_regdate'], $l['w_regdate'], $order_field, $filter);
369:             //echo '<th title="'.$l['h_group_name'].'">'.$l['w_groups'].'</th>'.K_NEWLINE;
370:             echo '</tr>'.K_NEWLINE;
371:             $itemcount = 0;
372:             do {
373:                 $itemcount++;
374:                 // on click the user ID will be returned on the calling form field
375:                 $jsaction = 'javascript:window.opener.document.getElementById(\''.$cid.'\').value='.$m['user_id'].';';
376:                 $jsaction .= 'window.opener.document.getElementById(\''.$cid.'\').onchange();';
377:                 $jsaction .= 'window.close();';
378:                 echo '<tr>'.K_NEWLINE;
379:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;<a href="#" onclick="'.$jsaction.'" title="['.$l['w_select'].']">'.htmlspecialchars($m['user_name'], ENT_NOQUOTES, $l['a_meta_charset']).'</a></td>'.K_NEWLINE;
380:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;'.htmlspecialchars($m['user_lastname'], ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
381:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;'.htmlspecialchars($m['user_firstname'], ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
382:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;'.htmlspecialchars($m['user_email'], ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
383:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;'.htmlspecialchars($m['user_regnumber'], ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
384:                 echo '<td>&nbsp;'.$m['user_level'].'</td>'.K_NEWLINE;
385:                 echo '<td>&nbsp;'.htmlspecialchars($m['user_regdate'], ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
386:                 /*
387:                 // comma separated list of user's groups
388:                 $grp = '';
389:                 $sqlg = 'SELECT *
390:                     FROM '.K_TABLE_GROUPS.', '.K_TABLE_USERGROUP.'
391:                     WHERE usrgrp_group_id=group_id
392:                         AND usrgrp_user_id='.$m['user_id'].'
393:                     ORDER BY group_name';
394:                 if ($rg = F_db_query($sqlg, $db)) {
395:                     while ($mg = F_db_fetch_array($rg)) {
396:                         $grp .= $mg['group_name'].', ';
397:                     }
398:                 } else {
399:                     F_display_db_error();
400:                 }
401:                 echo '<td style="text-align:'.$txtalign.';">&nbsp;'.htmlspecialchars(substr($grp,0,-2), ENT_NOQUOTES, $l['a_meta_charset']).'</td>'.K_NEWLINE;
402:                 */
403: 
404:                 echo '</tr>'.K_NEWLINE;
405:             } while ($m = F_db_fetch_array($r));
406: 
407:             echo '</table>'.K_NEWLINE;
408:             echo '<input type="hidden" name="order_field" id="order_field" value="'.$order_field.'" />'.K_NEWLINE;
409:             echo '<input type="hidden" name="orderdir" id="orderdir" value="'.$orderdir.'" />'.K_NEWLINE;
410:             echo '<input type="hidden" name="firstrow" id="firstrow" value="'.$firstrow.'" />'.K_NEWLINE;
411:             echo '<input type="hidden" name="rowsperpage" id="rowsperpage" value="'.$rowsperpage.'" />'.K_NEWLINE;
412: 
413:             echo '<div class="row"><hr /></div>'.K_NEWLINE;
414: 
415:             // ---------------------------------------------------------------
416:             // -- page jumper (menu for successive pages)
417:             if ($rowsperpage > 0) {
418:                 $sql = 'SELECT count(*) AS total FROM '.K_TABLE_USERS.''.$wherequery.'';
419:                 if (!empty($order_field)) {
420:                     $param_array = '&amp;order_field='.urlencode($order_field).'';
421:                 }
422:                 if (!empty($orderdir)) {
423:                     $param_array .= '&amp;orderdir='.$orderdir.'';
424:                 }
425:                 if (!empty($group_id)) {
426:                     $param_array .= '&amp;group_id='.$group_id.'';
427:                 }
428:                 if (!empty($searchterms)) {
429:                     $param_array .= '&amp;searchterms='.urlencode($searchterms).'';
430:                 }
431:                 $param_array .= '&amp;submitted=1';
432:                 F_show_page_navigator($_SERVER['SCRIPT_NAME'], $sql, $firstrow, $rowsperpage, $param_array);
433:             }
434: 
435:             //echo '<div class="pagehelp">'.$l['hp_select_users'].'</div>'.K_NEWLINE;
436:             echo '</div>'.K_NEWLINE;
437:         } else {
438:             F_print_error('MESSAGE', $l['m_search_void']);
439:         }
440:     } else {
441:         F_display_db_error();
442:     }
443:     return true;
444: }
445: 
446: /**
447:  * Return true if the selected test is active for the selected group
448:  * @param $test_id (int) test ID
449:  * @param $group_id (int) group ID
450:  * @return boolean true/false
451:  * @since 11.1.003 (2010-10-05)
452:  */
453: function F_isTestOnGroup($test_id, $group_id)
454: {
455:     global $l, $db;
456:     require_once('../config/tce_config.php');
457:     $sql = 'SELECT tstgrp_test_id FROM '.K_TABLE_TEST_GROUPS.' WHERE tstgrp_test_id='.intval($test_id).' AND tstgrp_group_id='.intval($group_id).' LIMIT 1';
458:     if ($r = F_db_query($sql, $db)) {
459:         if ($m = F_db_fetch_array($r)) {
460:             return true;
461:         }
462:     }
463:     return false;
464: }
465: 
466: /**
467:  * Return true if the selected user belongs to the selected group
468:  * @param $user_id (int) user ID
469:  * @param $group_id (int) group ID
470:  * @return boolean true/false
471:  * @since 11.1.003 (2010-10-05)
472:  */
473: function F_isUserOnGroup($user_id, $group_id)
474: {
475:     global $l, $db;
476:     require_once('../config/tce_config.php');
477:     $sql = 'SELECT usrgrp_user_id FROM '.K_TABLE_USERGROUP.' WHERE usrgrp_user_id='.intval($user_id).' AND usrgrp_group_id='.intval($group_id).' LIMIT 1';
478:     if ($r = F_db_query($sql, $db)) {
479:         if ($m = F_db_fetch_array($r)) {
480:             return true;
481:         }
482:     }
483:     return false;
484: }
485: 
486: /**
487:  * Return true if the current user is an administrator or belongs to the group, false otherwise
488:  * @param $group_id (int) group ID
489:  * @return boolean true/false
490:  * @since 11.1.003 (2010-10-05)
491:  */
492: function F_isAuthorizedEditorForGroup($group_id)
493: {
494:     global $l, $db;
495:     require_once('../config/tce_config.php');
496:     if (($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) or empty($group_id)) {
497:         // user is an administrator (belongs to all groups) or empty group
498:         return true;
499:     }
500:     return F_isUserOnGroup($_SESSION['session_user_id'], $group_id);
501: }
502: 
503: /**
504:  * Return true if the current user is authorized to edit the specified user
505:  * @param $user_id (int) user ID
506:  * @return boolean true/false
507:  * @since 11.1.003 (2010-10-05)
508:  */
509: function F_isAuthorizedEditorForUser($user_id)
510: {
511:     global $l, $db;
512:     require_once('../config/tce_config.php');
513:     if (($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) or empty($user_id)) {
514:         // user is an administrator or empty user
515:         return true;
516:     } else {
517:         // non-administrator can access only to users with lower level
518:         $sql = 'SELECT user_id,user_level FROM '.K_TABLE_USERS.' WHERE user_id='.intval($user_id).' LIMIT 1';
519:         if ($r = F_db_query($sql, $db)) {
520:             if ($m = F_db_fetch_array($r)) {
521:                 if (intval($_SESSION['session_user_id']) == $m['user_id']) {
522:                     // user can edit his/her own profile
523:                     return true;
524:                 }
525:                 if (intval($_SESSION['session_user_level']) > $m['user_level']) {
526:                     // non-administrator access only to users on the same group
527:                     $sqlg = 'SELECT tb.usrgrp_user_id
528:                         FROM '.K_TABLE_USERGROUP.' AS ta, '.K_TABLE_USERGROUP.' AS tb
529:                         WHERE ta.usrgrp_group_id=tb.usrgrp_group_id
530:                             AND ta.usrgrp_user_id='.intval($_SESSION['session_user_id']).'
531:                             AND tb.usrgrp_user_id='.intval($user_id).'
532:                         LIMIT 1';
533:                     if ($rg = F_db_query($sqlg, $db)) {
534:                         if ($mg = F_db_fetch_array($rg)) {
535:                             return true;
536:                         }
537:                     }
538:                 }
539:             }
540:         }
541:     }
542:     return false;
543: }
544: 
545: /**
546:  * Return the SQL selection query for user groups
547:  * @param $where (string) filters to add on WHERE clause
548:  * @return sql selection string
549:  * @since 11.1.003 (2010-10-05)
550:  */
551: function F_user_group_select_sql($where = '')
552: {
553:     global $l, $db;
554:     require_once('../config/tce_config.php');
555:     if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
556:         // administrator access to all groups
557:         $sql = 'SELECT * FROM '.K_TABLE_GROUPS.'';
558:         if ($where !== '') {
559:             $sql .= ' WHERE '.$where;
560:         }
561:     } else {
562:         // non-administrator can access only to his/her groups
563:         $sql = 'SELECT group_id,group_name FROM '.K_TABLE_GROUPS.', '.K_TABLE_USERGROUP.'';
564:         $sql .= ' WHERE group_id=usrgrp_group_id AND usrgrp_user_id='.$_SESSION['session_user_id'].'';
565:         if ($where !== '') {
566:             $sql .= ' AND '.$where;
567:         }
568:     }
569:     $sql .= ' ORDER BY group_name';
570:     return $sql;
571: }
572: 
573: /**
574:  * Display select box for user groups
575:  * @param $name (string) name of the select field
576:  * @return table header element string
577:  */
578: function F_user_group_select($name = 'group_id')
579: {
580:     global $l, $db;
581:     require_once('../config/tce_config.php');
582:     $str = '';
583:     $str .= '<select name="'.$name.'" id="'.$name.'" size="0" title="'.$l['w_group'].'">'.K_NEWLINE;
584:     $sql = F_user_group_select_sql();
585:     if ($r = F_db_query($sql, $db)) {
586:         $str .= '<option value="0" style="color:gray" selected="selected">'.$l['w_group'].'</option>'.K_NEWLINE;
587:         while ($m = F_db_fetch_array($r)) {
588:             $str .= '<option value="'.$m['group_id'].'">';
589:             $str .= ' '.htmlspecialchars($m['group_name'], ENT_NOQUOTES, $l['a_meta_charset']).'&nbsp;</option>'.K_NEWLINE;
590:         }
591:     } else {
592:         $str .= '</select>'.K_NEWLINE;
593:         F_display_db_error();
594:     }
595:     $str .= '</select>'.K_NEWLINE;
596:     return $str;
597: }
598: 
599: /**
600:  * Returns an array containing groups IDs to which the specified user belongs
601:  * @param $user_id (int) user ID
602:  * @return array containing user's groups IDs
603:  */
604: function F_get_user_groups($user_id)
605: {
606:     global $l, $db;
607:     require_once('../config/tce_config.php');
608:     $user_id = intval($user_id);
609:     $groups = array();
610:     $sql = 'SELECT usrgrp_group_id
611:         FROM '.K_TABLE_USERGROUP.'
612:         WHERE usrgrp_user_id='.$user_id.'';
613:     if ($r = F_db_query($sql, $db)) {
614:         while ($m = F_db_fetch_array($r)) {
615:             $groups[] = $m['usrgrp_group_id'];
616:         }
617:     } else {
618:         F_display_db_error();
619:     }
620:     return $groups;
621: }
622: 
623: /**
624:  * Return the user ID from registration number.
625:  * @param $regnumber (int) user registration number.
626:  * @return (int) User ID or 0 in case of error.
627:  * @since 11.3.005 (2012-07-31)
628:  */
629: function F_getUIDfromRegnum($regnum)
630: {
631:     global $l, $db;
632:     require_once('../config/tce_config.php');
633:     $sql = 'SELECT user_id FROM '.K_TABLE_USERS.' WHERE user_regnumber=\''.F_escape_sql($db, $regnum).'\' LIMIT 1';
634:     if ($r = F_db_query($sql, $db)) {
635:         if ($m = F_db_fetch_array($r)) {
636:             return $m['user_id'];
637:         }
638:     }
639:     return 0;
640: }
641: 
642: //============================================================+
643: // END OF FILE
644: //============================================================+
645: 
 

© 2004-2018 – Nicola Asuni - Tecnick.com - All rights reserved.
about - disclaimer - privacy