[Phptest-devel] modifying edit

phptest-devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phptest-devel] modifying edit_user.php

From:	Justin R. Wilkins
Subject:	[Phptest-devel] modifying edit_user.php
Date:	Fri, 9 Sep 2005 11:35:57 -0400
Please help

I would like to modify a copy of edit_user.php to allow the currently signed
in user to select what groups they are a member of, and that is all. 

So, it would basically LOOK like the page you see when clicking edit user
from admin...except it would just allow chaging of email adderss and
selection of groups

I made a copy of edit_user.php and named it edit_user2.php. I can pass the
user_id of the currently signed in user...but I still get a permission error
in the script that I don't know how to get around. If I make the user admin,
it works...but then they have access to everything else we don't want. 

Here is what I have so far: 


PHP Code:
<?php 
/***************************************************************************
** 
    $Id: edit_user.php,v 1.13 2002/10/07 14:28:52 djresonance Exp $ 
    Copyright 2002 Brandon Tallent 

    This file is part of phpTest. 

    This program is free software; you can redistribute it and/or 
    modify it under the terms of the GNU General Public License 
    as published by the Free Software Foundation; either version 2 
    of the License, or (at your option) any later version. 

    This program is distributed in the hope that it will be useful, 
    but WITHOUT ANY WARRANTY; without even the implied warranty of 
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
    GNU General Public License for more details. 

    You should have received a copy of the GNU General Public License 
    along with this program; if not, write to the Free Software 
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 
****************************************************************************
*/ 

    require_once('./include/h.inc.php'); 
    pt_register('GET', 'user_id', 'feedback'); 
    pt_register('POST', 'submit', 'user_name', 'password1', 'password2',
'email', 'real_name', 'admin', 
                'subjects', 'user_groups', 'group_permissions', 'user_id'); 

    if (!count($user->group_permissions)) { 
        pt_check_admin(); 
    } 

    $new_user = new cUser; 

    if (isset($submit)) { 

        // error checking 
        if (empty($user_groups)) { 
            $feedback .= $strings['USER_NO_GROUPS']; 
        } 

        if (empty($admin)) { 
            $admin = 0; 
        } 

        if (REQUIRE_VALID_EMAIL) { 

            if (!pt_verify_email($email)) { 
                $feedback .= $strings['USER_INVALID_EMAIL']; 
            } 

        } 

        // make sure that if a partial permission was granted on subjects,
partial group permisson 
        // was also granted, and vice versa 
        if ((!empty($subjects) && empty($group_permissions)) || 
            (!empty($group_permissions) && empty($subjects))) { 
            $feedback .= $strings['USER_NO_SUBJECT_OR_GROUP']; 
        } 

        if (!empty($feedback)) { 
            pt_redirect("edit_user.php?user_id=$user_id&feedback=" .
urlencode($strings['ERROR_FORM_INPUT'] . $feedback)); 
        } 

        if (!$new_user->update($user_id, $user_name, $email, $real_name,
$admin)) { 
            $feedback .= $new_user->error_message; 
        } else { 
            // delete old skill and group permissions 
            $db->query("DELETE FROM group_permissions WHERE user_id =
$user_id"); 
            $db->query("DELETE FROM subject_permissions WHERE user_id =
$user_id"); 
            $db->query("DELETE FROM user_groups WHERE user_id = $user_id"); 

            // insert subjects and group permissions into db 
            if (!empty($subjects)) { 
                foreach($subjects as $subject) { 
                    $subject_id = pt_get_subject_id($subject); 
                    $db->query("INSERT INTO subject_permissions (user_id,
subject_id) VALUES ($user_id, $subject_id)"); 
                    $db->query("UPDATE users SET menu_edit_subject = 1 WHERE
user_id = $user_id"); 
                } 
            } else { 
                // user shouldn't be able to view skill releated menu items 
                $db->query("UPDATE users SET menu_edit_subject = 0 WHERE
user_id = $user_id"); 
            } 

            if (!empty($group_permissions)) { 
                foreach($group_permissions as $group_permission) { 
                    $group_id = pt_get_group_id($group_permission); 
                    $db->query("INSERT INTO group_permissions (user_id,
group_id) VALUES ($user_id, $group_id)"); 
                    $db->query("UPDATE users SET menu_edit_group = 1 WHERE
user_id = $user_id"); 
                } 
            } else { 
                $db->query("UPDATE users SET menu_edit_group = 0 WHERE
user_id = $user_id"); 
            } 

            if (!empty($user_groups)) { 
                foreach($user_groups as $user_group) { 
                    $group_id = pt_get_group_id($user_group); 
                    $db->query("INSERT INTO user_groups (user_id, group_id) 
                                VALUES ($user_id, $group_id)"); 
                } 

            } 

            pt_redirect('view_users.php?feedback=' .
urlencode($strings['USER_UPDATED'])); 
        } 

        // if we get here, the update was not successfull. 
        pt_redirect("edit_user.php?user_id=$user_id&feedback=" .
urlencode($strings['ERROR_FORM_INPUT'] . $feedback)); 
    } else { 
        require_once('./include/header.inc.php'); 
        $result = $db->query("SELECT * FROM users WHERE user_id =
$user_id"); 
        $row = $db->fetch_object($result); 
        $checked = $row->admin ? 'checked' : ''; 
        $form = new cForm; 

        if (isset($feedback)) { 
            $form->add_feedback($feedback, 2); 
        } 

        $form->add_text($strings['USER_DESIRED_USERNAME'], 1); 
        $form->input('user_name', 2, $row->username); 
        $form->add_text($strings['USER_EMAIL'], 1); 
        $form->input('email', 2, $row->email); 
        $form->add_text($strings['USER_REAL_NAME'], 1); 
        $form->input('real_name', 2, $row->real_name); 
        $form->add_text($strings['USER_GROUP'], 1); 
        $form->add_text(pt_group_multiple('user_groups', 1,
pt_get_user_groups($user_id)), 1); 

        // give admins option to grant admin access 
        if ($user->admin) { 
            $form->add_text($strings['USER_ADD_ADMIN'], 0); 
            $form->checkbox('admin', '1', 2, $checked); 
        } 

        $form->add_text($strings['SUBJECT_PERMISSIONS'], 1); 
 
$form->add_text(pt_subject_multiple(pt_get_subject_permissions($user_id)),
2); 
        $form->add_text($strings['GROUP_PERMISSIONS'], 1); 
        $form->add_text(pt_group_multiple('group_permissions', 1,
pt_get_group_permissions($user_id)), 2); 
        $form->hidden('user_id', $user_id); 
        $form->draw(); 
    } 

    require_once('./include/footer.inc.php'); 
?> 





Reason is: 
I want to consider "groups" as "classes" where the user can indiciate which
classes they are signing in for so that they may take a test. For example: 

Volunteer Management 101 - Fall 2005 
Board Development 201 - Fall 2005 

If these are group options, I would like to let the user have an option that
says "join a class" where they can check off which classes they should be a
part of and able to take a test for.
[Prev in Thread]
Current Thread
[Next in Thread]
[Phptest-devel] modifying edit_user.php, Justin R. Wilkins <=
Prev by Date: [Phptest-devel] Adding a Test
Previous by thread: [Phptest-devel] Adding a Test
Index(es):
- Date
- Thread