From d32bf15e15c0c655ddc8b679d24525a068fad634 Mon Sep 17 00:00:00 2001
From: kkalev <kkalev>
Date: Mon, 25 Oct 2004 13:55:04 +0000
Subject: [PATCH] * Add lib/sql/group_change.php3 to add and delete a user from
 groups * Add a new directive sql_show_all_groups. If set to true then in user
 edit page we show all available   groups with the ones the user is a member
 of highlighted. The administrator can then directly   change user group
 membership by changing membership in this group list.

---
 Changelog                 |  4 ++++
 conf/admin.conf           |  5 +++++
 htdocs/user_edit.php3     | 37 +++++++++++++++++++++++++-----------
 lib/sql/defaults.php3     |  8 ++++++--
 lib/sql/group_change.php3 | 40 +++++++++++++++++++++++++++++++++++++++
 lib/sql/group_info.php3   |  3 ++-
 6 files changed, 83 insertions(+), 14 deletions(-)
 create mode 100644 lib/sql/group_change.php3

diff --git a/Changelog b/Changelog
index 92b7903..d7d6840 100644
--- a/Changelog
+++ b/Changelog
@@ -28,6 +28,10 @@ Ver 1.75:
 * Fix bug #136, bugs found by Pawel Foremski
 * Small type in login_time_create, close bug #141
 * In config.php3 remove whitespaces from $login. Don't remove '-'
+* Add lib/sql/group_change.php3 to add and delete a user from groups
+* Add a new directive sql_show_all_groups. If set to true then in user edit page we show all available
+  groups with the ones the user is a member of highlighted. The administrator can then directly
+  change user group membership by changing membership in this group list.
 Ver 1.72:
 * Move the xlat function to a separate file in lib/xlat.php3
 * Add a lib/sql/nas_list.php3 to also get the nas list from sql (naslist.conf still works)
diff --git a/conf/admin.conf b/conf/admin.conf
index 2bd5b5d..241a364 100644
--- a/conf/admin.conf
+++ b/conf/admin.conf
@@ -241,6 +241,11 @@ sql_usergroup_table: usergroup
 sql_total_accounting_table: totacct
 sql_nas_table: nas
 #
+# If set to true then we show all the available groups with the groups
+# that the user is a member of highlighted in the user edit page.
+# Otherwise we only show the groups he is a member of.
+sql_show_all_groups: true
+#
 # This variable is used by the scripts in the bin folder
 # It should contain the path to the sql binary used to run
 # sql commands (mysql and psql are only supported for now)
diff --git a/htdocs/user_edit.php3 b/htdocs/user_edit.php3
index 053ba4d..edd044b 100644
--- a/htdocs/user_edit.php3
+++ b/htdocs/user_edit.php3
@@ -1,14 +1,19 @@
 <?php
 require('../conf/config.php3');
-if ($edit_group == 1){
-	header("Location: group_admin.php3?login=$group_to_edit");
-	exit;
-}
 require('../lib/attrshow.php3');
 require('../lib/defaults.php3');
+$extra_text = '';
 if ($user_type != 'group'){
 	if (is_file("../lib/$config[general_lib_type]/user_info.php3"))
 		include("../lib/$config[general_lib_type]/user_info.php3");
+	if ($config[general_lib_type] == 'sql' && $config[sql_show_all_groups] == 'true'){
+		$extra_text = "<br><font size=-2><i>(The groups that the user is a member of are highlated)</i></font>";
+		$saved_login = $login;
+		$login = '';
+		if (is_file("../lib/sql/group_info.php3"))
+			include("../lib/sql/group_info.php3");
+		$login = $saved_login;
+	}
 }
 else{
 	if (is_file("../lib/$config[general_lib_type]/group_info.php3"))
@@ -82,6 +87,10 @@ if ($change == 1){
 			include("../lib/$config[general_lib_type]/change_passwd.php3");
 		if (is_file("../lib/$config[general_lib_type]/user_info.php3"))
 			include("../lib/$config[general_lib_type]/user_info.php3");
+		if ($group_change && $config[general_lib_type] == 'sql' && $config[sql_show_all_groups] == 'true'){
+			include("../lib/sql/group_change.php3");
+			include("../lib/defaults.php3");
+		}
 	}
 	else{
 		if (is_file("../lib/$config[general_lib_type]/group_info.php3"))
@@ -100,6 +109,7 @@ else if ($badusers == 1){
       <input type=hidden name=change value="0">
       <input type=hidden name=add value="0">
       <input type=hidden name=badusers value="0">
+      <input type=hidden name=group_change value="0">
 	<table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top>
 <?php
 if ($user_type == 'group')
@@ -241,20 +251,25 @@ EOM;
 if (isset($member_groups)){
 	echo <<<EOM
 <tr>
-<input type=hidden name=edit_group value=0>
 <td align=right colspan=$colspan bgcolor="#d0ddb0">
-Member of
+Member of $extra_text
 </td>
 <td>
-<select name="group_to_edit">
+<select size=2 name="edited_groups[]" multiple OnChange="this.form.group_change.value=1">
 EOM;
-	foreach ($member_groups as $group){
-		echo "<option value=\"$group\">$group\n";
+	if ($config[sql_show_all_groups] == 'true'){
+		foreach ($existing_groups as $group => $count){
+			if ($member_groups[$group] == $group)
+				echo "<option selected value=\"$group\">$group\n";
+			else
+				echo "<option value=\"$group\">$group\n";
+		}
+	}else{
+		foreach ($member_groups as $group)
+			echo "<option value=\"$group\">$group\n";
 	}
 	echo <<<EOM
 </select>
-&nbsp;&nbsp;&nbsp;
-<input type=submit class=button value="Edit Group" OnClick="this.form.edit_group.value=1">
 </td>
 </tr>
 EOM;
diff --git a/lib/sql/defaults.php3 b/lib/sql/defaults.php3
index f201ebe..5aa331b 100644
--- a/lib/sql/defaults.php3
+++ b/lib/sql/defaults.php3
@@ -27,8 +27,12 @@ if ($login != ''){
 			$res = @da_sql_query($link,$config,
 			"SELECT groupname FROM $config[sql_usergroup_table] WHERE username = '$login';");
 			if ($res){
-				while(($row = @da_sql_fetch_array($res,$config)))
-					$member_groups[] = $row[groupname];
+				while(($row = @da_sql_fetch_array($res,$config))){
+					$group = $row[groupname];
+					$member_groups[$group] = $group;
+				}
+				if (isset($member_groups))
+					ksort($member_groups);
 			}
 			if (isset($member_groups)){
 				$in = '(';
diff --git a/lib/sql/group_change.php3 b/lib/sql/group_change.php3
new file mode 100644
index 0000000..eed00e7
--- /dev/null
+++ b/lib/sql/group_change.php3
@@ -0,0 +1,40 @@
+<?php
+if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php3"))
+	include_once("../lib/sql/drivers/$config[sql_type]/functions.php3");
+else{
+	echo "<b>Could not include SQL library</b><br>\n";
+	exit();
+}
+$link = @da_sql_pconnect($config);
+if ($link){
+	if (isset($member_groups) && isset($edited_groups)){
+		$del_groups = array_diff($member_groups,$edited_groups);
+		if (isset($del_groups)){
+			foreach ($del_groups as $del){
+				$del = da_sql_escape_string($del);
+				$res = @da_sql_query($link,$config,
+			"DELETE FROM $config[sql_usergroup_table] WHERE username = '$login' AND groupname = '$del';");
+				if (!$res)
+					echo "<b>Could not delete user $login from group $del: " . da_sql_error($link,$config) . "</b><br>\n";
+				else
+					echo "<b>User $login deleted from group $del</b><br>\n";
+			}
+		}
+		$new_groups = array_diff($edited_groups,$member_groups);
+		if (isset($new_groups)){
+			foreach($new_groups as $new){
+				$new = da_sql_escape_string($new);
+				$res = @da_sql_query($link,$config,
+				"INSERT INTO $config[sql_usergroup_table] (groupname,username)
+				VALUES ('$new','$login');");
+				if (!$res)
+					echo "<b>Error while adding user $login to group $login: " . da_sql_error($link,$config) . "</b><br>\n";
+				else
+					echo "<b>User $login added to group $new</b><br>\n";
+			}
+		}
+	}
+}
+else
+	echo "<b>Could not connect to SQL database</b><br>\n";
+?>
diff --git a/lib/sql/group_info.php3 b/lib/sql/group_info.php3
index 0ad59b3..5791b07 100644
--- a/lib/sql/group_info.php3
+++ b/lib/sql/group_info.php3
@@ -29,7 +29,8 @@ if ($link){
 				$name = $row[groupname];
 				$existing_groups["$name"] = $row[counter];
 			}
-			ksort($existing_groups);
+			if (isset($existing_groups))
+				ksort($existing_groups);
 		}
 		else
 			echo "<b>Database query failed: " . da_sql_error($link,$config) . "</b><br>\n";
-- 
2.39.5