0byt3m1n1
Path:
/
data
/
applications
/
aps.bak
/
postnuke
/
0.764-3
/
standard
/
htdocs
/
modules
/
Groups
/
[
Home
]
File: pnuserapi.php
<?php // $Id: pnuserapi.php 15324 2005-01-10 15:11:12Z markwest $ // ---------------------------------------------------------------------- // PostNuke Content Management System // Copyright (C) 2002 by the PostNuke Development Team. // http://www.postnuke.com/ // ---------------------------------------------------------------------- // Based on: // PHP-NUKE Web Portal System - http://phpnuke.org/ // Thatware - http://thatware.org/ // ---------------------------------------------------------------------- // LICENSE // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License (GPL) // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // To read the license please visit http://www.gnu.org/copyleft/gpl.html // ---------------------------------------------------------------------- // Original Author of file: Mark West // Purpose of file: Groups user API // ---------------------------------------------------------------------- /** * @package PostNuke_System_Modules * @subpackage Groups * @license http://www.gnu.org/copyleft/gpl.html */ /** * get all group items * @author Mark West * @param int args['startnum'] record number to start get from * @param int args['numitems'] number of items to get * @return mixed array of group items, or false on failure */ function Groups_userapi_getall($args) { // Get arguments from argument array - all arguments to this function // should be obtained from the $args array, getting them from other // places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke extract($args); // Optional arguments. if (!isset($startnum)) { $startnum = 1; } if (!isset($numitems)) { $numitems = -1; } if ((!isset($startnum)) || (!isset($numitems))) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } $items = array(); // Security check - important to do this as early on as possible to // avoid potential security holes or just too much wasted processing if (!pnSecAuthAction(0, 'Groups::', '::', ACCESS_READ)) { return $items; } // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables() // return arrays but we handle them differently. For pnDBGetConn() we // currently just want the first item, which is the official database // handle. For pnDBGetTables() we want to keep the entire tables array // together for easy reference later on $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // It's good practice to name the table and column definitions you are // getting - $table and $column don't cut it in more complex modules $grouptable = $pntable['groups']; $groupcolumn = &$pntable['groups_column']; // Get items - the formatting here is not mandatory, but it does make the // SQL statement relatively easy to read. Also, separating out the sql // statement from the SelectLimit() command allows for simpler debug // operation if it is ever needed $sql = "SELECT $groupcolumn[gid], $groupcolumn[name] FROM $grouptable ORDER BY $groupcolumn[name]"; $result = $dbconn->SelectLimit($sql, $numitems, $startnum-1); // Check for an error with the database code, and if so set an appropriate // error message and return if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _GETFAILED); return false; } // Put items into result array. Note that each item is checked // individually to ensure that the user is allowed access to it before it // is added to the results array for (; !$result->EOF; $result->MoveNext()) { list($gid, $name) = $result->fields; if (pnSecAuthAction(0, 'Groups::', "$name::$gid", ACCESS_READ)) { $items[] = array('gid' => $gid, 'name' => $name); } } // All successful database queries produce a result set, and that result // set should be closed when it has been finished with $result->Close(); // Return the items return $items; } /** * get a specific group item * @author Mark West * @param $args['gid'] id of example item to get * @return mixed item array, or false on failure */ function Groups_userapi_get($args) { // Get arguments from argument array - all arguments to this function // should be obtained from the $args array, getting them from other places // such as the environment is not allowed, as that makes assumptions that // will not hold in future versions of PostNuke extract($args); // Argument check - make sure that all required arguments are present, if // not then set an appropriate error message and return if (!isset($gid)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // Optional arguments. if (!isset($startnum)) { $startnum = 1; } if (!isset($numitems)) { $numitems = -1; } if ((!isset($startnum)) || (!isset($numitems))) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables() // return arrays but we handle them differently. For pnDBGetConn() we // currently just want the first item, which is the official database // handle. For pnDBGetTables() we want to keep the entire tables array // together for easy reference later on $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // It's good practice to name the table and column definitions you are // getting - $table and $column don't cut it in more complex modules $grouptable = $pntable['groups']; $groupcolumn = &$pntable['groups_column']; $groupmembershiptable = $pntable['group_membership']; $groupmembershipcolumn = &$pntable['group_membership_column']; // Get item - the formatting here is not mandatory, but it does make the // SQL statement relatively easy to read. Also, separating out the sql // statement from the Execute() command allows for simpler debug operation // if it is ever needed $sql = "SELECT $groupcolumn[name] FROM $grouptable WHERE $groupcolumn[gid] = '" . (int)pnVarPrepForStore($gid) . "'"; $result =& $dbconn->Execute($sql); // Check for an error with the database code, and if so set an appropriate // error message and return if ($dbconn->ErrorNo() != 0) { return false; } // Check for no rows found, and if so return if ($result->EOF) { return false; } // Obtain the item information from the result set list($name) = $result->fields; // All successful database queries produce a result set, and that result // set should be closed when it has been finished with $result->Close(); // Get group membership - the formatting here is not mandatory, but it does make the // SQL statement relatively easy to read. Also, separating out the sql // statement from the Execute() command allows for simpler debug operation // if it is ever needed $sql = "SELECT $groupmembershipcolumn[uid] FROM $groupmembershiptable WHERE $groupmembershipcolumn[gid]= '" . (int)pnVarPrepForStore($gid) . "'"; $result = $dbconn->SelectLimit($sql, $numitems, $startnum-1); // Check for an error with the database code, and if so set an appropriate // error message and return if ($dbconn->ErrorNo() != 0) { return false; } $uids = array(); for(;list($uid) = $result->fields;$result->MoveNext()) { $uids[] = $uid; } // All successful database queries produce a result set, and that result // set should be closed when it has been finished with $result->Close(); // Security check - important to do this as early on as possible to avoid // potential security holes or just too much wasted processing. Although // this one is a bit late in the function it is as early as we can do it as // this is the first time we have the relevant information if (!pnSecAuthAction(0, 'Groups::', "$name::$gid", ACCESS_READ)) { return false; } // Create the item array $item = array('gid' => $gid, 'name' => $name, 'members' => $uids); // Return the item array return $item; } /** * utility function to count the number of items held by this module * @author Mark West * @return int number of items held by this module */ function Groups_userapi_countitems() { // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables() // return arrays but we handle them differently. For pnDBGetConn() we // currently just want the first item, which is the official database // handle. For pnDBGetTables() we want to keep the entire tables array // together for easy reference later on $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // It's good practice to name the table and column definitions you are // getting - $table and $column don't cut it in more complex modules $grouptable = $pntable['groups']; $groupcolumn = &$pntable['groups_column']; // Get item - the formatting here is not mandatory, but it does make the // SQL statement relatively easy to read. Also, separating out the sql // statement from the Execute() command allows for simpler debug operation // if it is ever needed $sql = "SELECT COUNT(1) FROM $grouptable"; $result =& $dbconn->Execute($sql); // Check for an error with the database code, and if so set an appropriate // error message and return if ($dbconn->ErrorNo() != 0) { return false; } // Obtain the number of items list($numitems) = $result->fields; // All successful database queries produce a result set, and that result // set should be closed when it has been finished with $result->Close(); // Return the number of items return $numitems; } /** * utility function to count the number of items held by this module * @author Mark West * @return int number of items held by this module */ function Groups_userapi_countgroupmembers($args) { // Get arguments from argument array - all arguments to this function // should be obtained from the $args array, getting them from other places // such as the environment is not allowed, as that makes assumptions that // will not hold in future versions of PostNuke extract($args); // Argument check - make sure that all required arguments are present, if // not then set an appropriate error message and return if (!isset($gid)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables() // return arrays but we handle them differently. For pnDBGetConn() we // currently just want the first item, which is the official database // handle. For pnDBGetTables() we want to keep the entire tables array // together for easy reference later on $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // It's good practice to name the table and column definitions you are // getting - $table and $column don't cut it in more complex modules $groupmembershiptable = $pntable['group_membership']; $groupmembershipcolumn = &$pntable['group_membership_column']; // Get item - the formatting here is not mandatory, but it does make the // SQL statement relatively easy to read. Also, separating out the sql // statement from the Execute() command allows for simpler debug operation // if it is ever needed $sql = "SELECT COUNT(1) FROM $groupmembershiptable WHERE $groupmembershipcolumn[gid] = '" . (int)pnVarPrepForStore($gid) ."'"; $result =& $dbconn->Execute($sql); // Check for an error with the database code, and if so set an appropriate // error message and return if ($dbconn->ErrorNo() != 0) { return false; } // Obtain the number of items list($numitems) = $result->fields; // All successful database queries produce a result set, and that result // set should be closed when it has been finished with $result->Close(); // Return the number of items return $numitems; } /** * get all of a users group memberships * @author Mark West * @since v1.8 * @param int args['uid'] user id * @return mixed array of group items, or false on failure */ function Groups_userapi_getusergroups($args) { // Get arguments from argument array - all arguments to this function // should be obtained from the $args array, getting them from other // places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke extract($args); // Optional arguments. if (!isset($uid)) { $uid = pnUserGetVar('uid'); } if (!isset($uid)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } $items = array(); // Security check - important to do this as early on as possible to // avoid potential security holes or just too much wasted processing if (!pnSecAuthAction(0, 'Groups::', '::', ACCESS_READ)) { return $items; } // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables() // return arrays but we handle them differently. For pnDBGetConn() we // currently just want the first item, which is the official database // handle. For pnDBGetTables() we want to keep the entire tables array // together for easy reference later on $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // It's good practice to name the table and column definitions you are // getting - $table and $column don't cut it in more complex modules $groupmembershiptable = $pntable['group_membership']; $groupmembershipcolumn = &$pntable['group_membership_column']; // Get item - the formatting here is not mandatory, but it does make the // SQL statement relatively easy to read. Also, separating out the sql // statement from the Execute() command allows for simpler debug operation // if it is ever needed $sql = "SELECT $groupmembershipcolumn[gid] FROM $groupmembershiptable WHERE $groupmembershipcolumn[uid] = '" . (int)pnVarPrepForStore($uid) ."'"; $result =& $dbconn->Execute($sql); // Check for an error with the database code, and if so set an appropriate // error message and return if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _GETFAILED); return false; } // Put items into result array. Note that each item is checked // individually to ensure that the user is allowed access to it before it // is added to the results array for (; !$result->EOF; $result->MoveNext()) { list($gid) = $result->fields; // We now need the group name so we can perform the necessary security check $group = pnModAPIFunc('Groups', 'user', 'get', array('gid' => $gid)); if (pnSecAuthAction(0, 'Groups::', "$group[name]::$gid", ACCESS_READ)) { $items[] = array('gid' => $gid, // since the calling function may well require the group name // and we've needed to get this for the security check then // we'll pass this back to the user as well. 'name' => $group['name']); } } // All successful database queries produce a result set, and that result // set should be closed when it has been finished with $result->Close(); // Return the items return $items; } ?>