← Back to branch summary

~hexmode/+junk/main

« back to all changes in this revision

Viewing changes to install-files/apps/sqlitemanager1.2.0/include/SQLiteAuth.class.php

  • Committer: Mark A. Hershberger
  • Date: 2008-01-05 19:38:56 UTC
  • Revision ID: hershberger@spawn-xp-20080105193856-6rnzgwa4nehue3qj
initial commit

Show diffs side-by-side

added added

removed removed

Lines of Context:
install-files/apps/sqlitemanager1.2.0/include/SQLiteAuth.class.php
 
1
<?php
 
2
/**
 
3
* Web based SQLite management
 
4
* Class for manage user authentification
 
5
* @package SQLiteManager
 
6
* @author Frédéric HENNINOT
 
7
* @version $Id
 
8
*/
 
9
 
 
10
class SQliteAuth {
 
11
        
 
12
        /**
 
13
        * user identification
 
14
        *
 
15
        * @access private
 
16
        * @var integer
 
17
        */
 
18
        var $user;
 
19
        
 
20
        /**
 
21
        * user information
 
22
        *
 
23
        */
 
24
        var $userInformation;
 
25
        
 
26
        /**
 
27
        * Class constructor
 
28
        *
 
29
        * @access public
 
30
        */
 
31
        function SQLiteAuth(){
 
32
                if($GLOBALS['action'] == 'logout') {
 
33
                        $_SESSION['SQLiteManagerConnected'] = false;
 
34
                        unset($_SESSION['SQLiteManagerUserId']);
 
35
                        $_SESSION['oldUser'] = $_SERVER['PHP_AUTH_USER'];
 
36
                        session_write_close();
 
37
                        echo "<script type=\"text/javascript\">parent.location='index.php';</script>";
 
38
                        exit;
 
39
                }
 
40
                if(!isset($_SESSION['SQLiteManagerConnected']) || !$_SESSION['SQLiteManagerConnected']){
 
41
                        if((isset($_SESSION['oldUser']) && ($_SESSION['oldUser'] == $_SERVER['PHP_AUTH_USER'])) || !isset($_SERVER['PHP_AUTH_USER'])) {
 
42
                                unset($_SESSION['oldUser']);
 
43
                                $this->authenticate();
 
44
                        } else {
 
45
                                $this->checkExistTable();                       
 
46
                                $this->userInformation = $this->getAuthParam();
 
47
                                $this->user = $_SESSION['SQLiteManagerUserId'] = $this->userInformation['user_id'];
 
48
                                $_SESSION['SQLiteManagerConnected'] = true;
 
49
                        }
 
50
                } else {
 
51
                        $this->userInformation = $this->getAuthParam();
 
52
                        $this->user = $_SESSION['SQLiteManagerUserId'] = $this->userInformation['user_id'];
 
53
                }                               
 
54
        }
 
55
        
 
56
        
 
57
        /**
 
58
        * get user connected information
 
59
        *
 
60
        * @access public
 
61
        */
 
62
        function getAuthParam(){
 
63
                if(isset($_SERVER['PHP_AUTH_USER'])) $login = $_SERVER['PHP_AUTH_USER'];
 
64
                else $login = '';
 
65
                if(isset($_SERVER['PHP_AUTH_PW'])) $passwd = $_SERVER['PHP_AUTH_PW'];
 
66
                else $passwd = '';
 
67
                $query = '      SELECT user_id, user_name, user_passwd, del, empty, export, data, execSQL, properties, groupe_name, groupe_id
 
68
                                        FROM users , groupes
 
69
                                        WHERE user_groupe_id = groupe_id
 
70
                                                AND user_login='.quotes($login);
 
71
                $infoUser = $GLOBALS["db"]->array_query($query);
 
72
                if(empty($infoUser)) {
 
73
                        $_SESSION['SQLiteManagerConnected'] = false;
 
74
                        unset($_SESSION['SQLiteManagerUserId']);
 
75
                        $_SESSION['oldUser'] = $_SERVER['PHP_AUTH_USER'];
 
76
                        displayError($GLOBALS['traduct']->get(148));
 
77
                        exit;
 
78
                } else {
 
79
                        $passwdOk = false;
 
80
                        if(count($infoUser)>1) {
 
81
                                foreach($infoUser as $infoNum=>$infoOneUser){
 
82
                                        if($infoOneUser['user_passwd'] == md5($passwd)){
 
83
                                                $numUser = $infoNum;
 
84
                                                $passwdOk = true;
 
85
                                        }
 
86
                                }
 
87
                        } elseif($infoUser[0]['user_passwd'] == md5($passwd)) $passwdOk = true;
 
88
                        if(!$passwdOk) {
 
89
                                $_SESSION['oldUser'] = $_SERVER['PHP_AUTH_USER'];
 
90
                                displayError($GLOBALS['traduct']->get(149));
 
91
                                exit;                           
 
92
                        }
 
93
                }
 
94
                if(!isset($numUser)) $numUser = 0;
 
95
                return $infoUser[$numUser];
 
96
        }
 
97
        
 
98
        /**
 
99
        * Send HTTP authentification FORM
 
100
        *
 
101
        * @access public
 
102
        */
 
103
        function authenticate(){
 
104
                header('WWW-Authenticate: Basic realm="SQLiteManager"');
 
105
        header('HTTP/1.0 401 Unauthorized');
 
106
                displayError($GLOBALS['traduct']->get(147));
 
107
                exit;   
 
108
        }
 
109
        
 
110
        /**
 
111
        * upgrade config database if not exist table 'users' and 'groupes'
 
112
        *
 
113
        * @access private
 
114
        */
 
115
        function checkExistTable(){
 
116
                $existTables = $GLOBALS['db']->array_query("SELECT name FROM sqlite_master WHERE type='table' AND (name='users' OR name='groupes');", SQLITE_ASSOC);
 
117
                if(empty($existTables) || (count($existTables)!=2)) {
 
118
                        // create table for attachment management
 
119
                        $query[] = "CREATE TABLE users ( user_id INTEGER PRIMARY KEY, user_groupe_id INTEGER, user_name VARCHAR(50), user_login VARCHAR(50) , user_passwd VARCHAR(32) );";
 
120
                        $query[] = "INSERT INTO users VALUES ('1', '1', 'admin', 'admin', '21232f297a57a5a743894a0e4a801fc3');";
 
121
                        $query[] = "INSERT INTO users VALUES ('2', '2', 'data', 'data', '8d777f385d3dfec8815d20f7496026dc');";
 
122
                        $query[] = "INSERT INTO users VALUES ('3', '3', 'guest', 'guest', '084e0343a0486ff05530df6c705c8bb4');";
 
123
                        $query[] = "CREATE TABLE groupes ( groupe_id INTEGER PRIMARY KEY, groupe_name VARCHAR(50), properties TINYINT , execSQL TINYINT , data TINYINT , export TINYINT , empty TINYINT , del TINYINT );";
 
124
                        $query[] = "INSERT INTO groupes VALUES ('1', 'Admin', '1', '1', '1', '1', '1', '1');";
 
125
                        $query[] = "INSERT INTO groupes VALUES ('2', 'datamanager', '0', '0', '1', '1', '0', '0');";
 
126
                        $query[] = "INSERT INTO groupes VALUES ('3', 'user', '0', '0', '0', '0', '0', '0');";
 
127
                        foreach($query as $req) $GLOBALS["db"]->query($req);
 
128
                }
 
129
                return;
 
130
        }
 
131
        
 
132
        /**
 
133
        * get groupe_id
 
134
        *
 
135
        * @access public
 
136
        */
 
137
        function getGroupeId(){
 
138
                if(is_array($this->userInformation) && !empty($this->userInformation))
 
139
                        return $this->userInformation['groupe_id'];
 
140
        }
 
141
        
 
142
        /**
 
143
        * return true if 'Admin'
 
144
        *
 
145
        * @access public
 
146
        */
 
147
        function isAdmin(){
 
148
                if(is_array($this->userInformation) && !empty($this->userInformation)) {
 
149
                        if($this->userInformation['groupe_id']==1) return true;
 
150
                        else return false;
 
151
                }
 
152
        }
 
153
        
 
154
        /**
 
155
        * Return acces controle for module
 
156
        *
 
157
        * @access public
 
158
        * @param string $module module name
 
159
        */
 
160
        function getAccess($module){
 
161
                if(is_array($this->userInformation) && !empty($this->userInformation))
 
162
                        if(isset($this->userInformation[$module])) return $this->userInformation[$module];
 
163
                        else return false;
 
164
        }
 
165
 
 
166
        /**
 
167
        * Manage Groupe and user
 
168
        *
 
169
        * @access public
 
170
        */
 
171
        function manageAuth(){
 
172
                if(!isset($GLOBALS['auth_action'])) $GLOBALS['auth_action'] = '';
 
173
                echo '<h2>'.$GLOBALS['traduct']->get(190).'</h2>';
 
174
                switch($GLOBALS['auth_action']){
 
175
                        case '':
 
176
                        default:
 
177
                        case 'passwdUser':
 
178
                                $this->viewPrivileges();
 
179
                                break;
 
180
                        case 'modifyUser':
 
181
                        case 'addUser':
 
182
                                $this->viewPrivileges(true);
 
183
                                break;
 
184
                        case 'deleteUser':
 
185
                                if($_REQUEST['user']!=1) $GLOBALS['db']->query('DELETE FROM users WHERE user_id='.$_REQUEST['user']);
 
186
                                $this->viewPrivileges();
 
187
                                break;
 
188
                        case 'savePasswd':
 
189
                                break;
 
190
                        case 'modifyGroupe':
 
191
                        case 'addGroupe':
 
192
                                $this->viewPrivileges(false, true);
 
193
                                break;
 
194
                        case 'deleteGroupe':
 
195
                                if($_REQUEST['groupe']!=1) $GLOBALS['db']->query('DELETE FROM groupes WHERE groupe_id='.$_REQUEST['groupe']);
 
196
                                $this->viewPrivileges();
 
197
                                break;
 
198
                        case 'saveUser';
 
199
                                if(!empty($_POST['name']) && !empty($_POST['login']) && !empty($_POST['groupe_id'])){
 
200
                                        if(isset($_REQUEST['user']) && !empty($_REQUEST['user'])){
 
201
                                                $query = 'UPDATE users SET user_groupe_id='.$_POST['groupe_id'].', user_name='.quotes($_POST['name']).', user_login='.quotes($_POST['login']).' WHERE user_id='.$_POST['user'];
 
202
                                        } else {
 
203
                                                $query = 'INSERT INTO users (user_name, user_login, user_groupe_id, user_passwd) VALUES ('.quotes($_POST['name']).', '.quotes($_POST['login']).', '.$_POST["groupe_id"].', '.quotes(md5('')).');';
 
204
                                        }
 
205
                                        if(!empty($query)) $GLOBALS['db']->query($query);
 
206
                                }
 
207
                                $this->viewPrivileges();
 
208
                                break;
 
209
                        case 'saveGroupe':
 
210
                                if(!empty($_POST['groupe_name'])){
 
211
                                        if(isset($_REQUEST['groupe']) && !empty($_REQUEST['groupe'])){
 
212
                                                $query = '      UPDATE groupes ' .
 
213
                                                                '       SET     groupe_name='.quotes($_POST['groupe_name']).',' .
 
214
                                                                '                       properties='.$_POST['properties'].', ' .
 
215
                                                                '                       execSQL='.$_POST['execSQL'].', ' .
 
216
                                                                '                       data='.$_POST['data'].', ' .
 
217
                                                                '                       export='.$_POST['export'].', ' .
 
218
                                                                '                       empty='.$_POST['empty'].', ' .
 
219
                                                                '                       del='.$_POST['del'].
 
220
                                                                '       WHERE groupe_id='.$_REQUEST['groupe'];
 
221
                                        } else {
 
222
                                                $query = 'INSERT INTO groupes (groupe_name, properties, execSQL, data, export, empty, del) '.
 
223
                     'VALUES ('.quotes($_POST['groupe_name']).', '.quotes($_POST['properties']).', '.quotes($_POST['execSQL']).', '.quotes($_POST['data']).', '.quotes($_POST['export']).', '.quotes($_POST['empty']).', '.quotes($_POST['del']).')';
 
224
                                        }
 
225
                                        if(!empty($query)) {
 
226
                                                $GLOBALS['db']->query($query);
 
227
                                        }
 
228
                                }       
 
229
                                $this->viewPrivileges();
 
230
                                break;
 
231
                }
 
232
        }
 
233
        
 
234
        /**
 
235
        * View all privileges information
 
236
        *
 
237
        * @access public
 
238
        */
 
239
        function viewPrivileges($withFormUser=false, $withFormGroupe=false){
 
240
                $query = '      SELECT user_id, user_name AS '.quotes($GLOBALS['traduct']->get(163)).',
 
241
                                                user_login AS '.quotes($GLOBALS['traduct']->get(164)).',
 
242
                                                groupe_name AS '.quotes($GLOBALS['traduct']->get(165)).'
 
243
                                        FROM users, groupes WHERE user_groupe_id=groupe_id;';
 
244
                include_once INCLUDE_LIB.'SQLiteToGrid.class.php';
 
245
                $tabUser =& new SQLiteToGrid($GLOBALS['db'], $query, 'PrivUser', true, 10, '95%');
 
246
                $tabUser->enableSortStyle(false);
 
247
                $tabUser->hideColumn(0);
 
248
                $tabUser->setGetVars('?action=auth');
 
249
                if($tabUser->getNbRecord()<=10) $tabUser->disableNavBarre();
 
250
                $tabUser->addCalcColumn($GLOBALS['traduct']->get(33), ' <a href="?action=auth&amp;auth_action=modifyUser&amp;user=#%0%#" class="Browse">'.displayPics('edit.png', $GLOBALS['traduct']->get(14)).'</a>&nbsp;
 
251
                                                                                        <a href="?action=auth&amp;auth_action=deleteUser&amp;user=#%0%#" class="Browse">'.displayPics('edittrash.png', $GLOBALS['traduct']->get(15)).'</a>&nbsp;
 
252
                                                                                        <a href="?action=auth&amp;auth_action=passwdUser&amp;user=#%0%#" class="Browse">'.displayPics('encrypted.png', $GLOBALS['traduct']->get(157)).'</a>&nbsp;', 'center', 999);
 
253
                $tabUser->addCaption('bottom', '<a href="?action=auth&amp;auth_action=addUser" class="Browse">'.$GLOBALS['traduct']->get(159).'</a>');
 
254
                $tabUser->disableOnClick();
 
255
                $tabUser->build();
 
256
                
 
257
                // ------------------------------------------------------------------------             
 
258
                $query = 'SELECT groupe_id, groupe_name AS '.quotes($GLOBALS['traduct']->get(163)).', 
 
259
                                                CASE properties WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(61)).',
 
260
                                                CASE execSQL WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(166)).',
 
261
                                                CASE data WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(167)).',
 
262
                                                CASE export WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(168)).',
 
263
                                                CASE empty WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(169)).',
 
264
                                                CASE del WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(170)).'
 
265
                                        FROM groupes;';
 
266
                include_once INCLUDE_LIB.'SQLiteToGrid.class.php';                                              
 
267
                $tabGroupe =& new SQLiteToGrid($GLOBALS['db'], $query, 'PrivGroupe', true, 10, '95%');
 
268
                $tabGroupe->enableSortStyle(false);
 
269
                $tabGroupe->hideColumn(0);
 
270
                $tabGroupe->setGetVars('?action=auth');
 
271
                if($tabGroupe->getNbRecord()<=10) $tabGroupe->disableNavBarre();
 
272
                $tabGroupe->addCalcColumn($GLOBALS['traduct']->get(33), '       <a href="?action=auth&amp;auth_action=modifyGroupe&amp;groupe=#%0%#" class="Browse">'.displayPics('edit.png', $GLOBALS['traduct']->get(14)).'</a>&nbsp;
 
273
                                                                                        <a href="?action=auth&amp;auth_action=deleteGroupe&amp;groupe=#%0%#" class="Browse">'.displayPics('edittrash.png', $GLOBALS['traduct']->get(15)).'</a>&nbsp;', 'center', 999);
 
274
                $tabGroupe->addCaption('bottom', '<a href="?action=auth&amp;auth_action=addGroupe" class="Browse">'.$GLOBALS['traduct']->get(160).'</a>');
 
275
                $tabGroupe->disableOnClick();
 
276
                $tabGroupe->build();
 
277
                
 
278
                echo '<table align="center" class="Browse"><tr><td align="center" valign="top">';
 
279
                echo '<div class="Rights"><div style="text-align: center;">'.$GLOBALS['traduct']->get(161).'</div>';
 
280
                $tabUser->show();
 
281
                if($withFormUser) {
 
282
                        echo '<hr style="border: 1px dashed black; width: 90%;">';
 
283
                        $this->formUser();
 
284
                }
 
285
                if(isset($_REQUEST['auth_action']) && ($_REQUEST['auth_action'] == 'passwdUser')) {
 
286
                        echo '<hr style="border: 1px dashed black; width: 90%;">';
 
287
                        $this->changePasswd();
 
288
                }
 
289
                echo '</div></td>';
 
290
                echo '<td align="center" valign="top">';
 
291
                echo '<div class="Rights"><div align="center">'.$GLOBALS['traduct']->get(162).'</div>';
 
292
                $tabGroupe->show();
 
293
                if($withFormGroupe){
 
294
                        echo '<hr style="border: 1px dashed black; width: 90%;">';
 
295
                        $this->formGroupe();
 
296
                }
 
297
                echo '</div></td></tr></table>';
 
298
                
 
299
        }
 
300
        
 
301
        /**
 
302
        * Get user's information
 
303
        *
 
304
        * @access public
 
305
        * @param int $user user ID
 
306
        * @return array
 
307
        */
 
308
        function getUserInfo($user){
 
309
                if(isset($_POST) && isset($_POST["user"])){
 
310
                        $out[0]["user_name"]            = $_POST["user_name"];
 
311
                        $out[0]["user_login"]           = $_POST["user_login"];
 
312
                        $out[0]["user_groupe_id"]       = $_POST["user_groupe_id"];
 
313
                        return $out;
 
314
                } else {
 
315
                        $query = "SELECT user_name, user_login, user_groupe_id FROM users WHERE user_id=".$user;
 
316
                        $out = $GLOBALS["db"]->array_query($query);
 
317
                        return $out[0]; 
 
318
                }
 
319
        }
 
320
        
 
321
        /**
 
322
        * Get groupe's information
 
323
        *
 
324
        * @access public
 
325
        * @param int $group groupe_id
 
326
        * @return array
 
327
        */
 
328
        function getGroupeInfo($group){
 
329
                $query = "SELECT * FROM groupes WHERE groupe_id=".$group;
 
330
                $out = $GLOBALS["db"]->array_query($query);
 
331
                return $out[0];
 
332
        }
 
333
        
 
334
        /**
 
335
        * Display user form
 
336
        *
 
337
        * @access private
 
338
        */
 
339
        function formUser(){
 
340
                if(isset($_REQUEST["user"])) $dataUser = $this->getUserInfo($_REQUEST["user"]);
 
341
                $groupeList = $GLOBALS["db"]->array_query("SELECT groupe_id, groupe_name FROM groupes");
 
342
                foreach($groupeList as $groupe) $dataGroupe[$groupe["groupe_id"]] = $groupe["groupe_name"];
 
343
                echo "<form name='user' method='POST' action='main.php' target='main'>
 
344
                                <table style='font-size: 10px'>
 
345
                                        <tr><td>".$GLOBALS["traduct"]->get(163)."</td><td><input type='text' class='text' name='name' value='".((!empty($dataUser))? $dataUser["user_name"] : "" )."'></td></tr>
 
346
                                        <tr><td>".$GLOBALS["traduct"]->get(164)."</td><td><input type='text' class='text' name='login' value='".((!empty($dataUser))? $dataUser["user_login"] : "" )."'></td></tr>
 
347
                                        <tr><td>".$GLOBALS["traduct"]->get(165)."</td><td>".createSelect($dataGroupe, "groupe_id", ((!empty($dataUser))? $dataUser["user_groupe_id"] : "" ))."</td></tr>
 
348
                                        <tr><td colspan=2 align='center'><input class='button' type='submit' value='".$GLOBALS["traduct"]->get(51)."'></td>
 
349
                                        </table>
 
350
                                <input type='hidden' name='action' value='".$GLOBALS["action"]."'>
 
351
                                <input type='hidden' name='user' value='".((isset($GLOBALS["user"]))? $GLOBALS["user"] : "" )."'>
 
352
                                <input type='hidden' name='auth_action' value='saveUser'>
 
353
                                </form>";
 
354
                
 
355
        }
 
356
        
 
357
        /**
 
358
        * Display Groupe formGroupe
 
359
        *
 
360
        * @access public
 
361
        */
 
362
        function formGroupe(){
 
363
                if(isset($_REQUEST["groupe"])) $dataGroupe = $this->getGroupeInfo($_REQUEST["groupe"]);
 
364
                else $dataGroupe = array();
 
365
                if(isset($dataGroupe["groupe_name"])) $groupeName = $dataGroupe["groupe_name"];
 
366
                else $groupeName = "";
 
367
                if(!isset($dataGroupe["properties"])){
 
368
                        $dataGroupe["properties"] = $dataGroupe["execSQL"] = $dataGroupe["data"] = $dataGroupe["export"] = $dataGroupe["empty"] = $dataGroupe["del"] = 0;
 
369
                }
 
370
                echo "<form name='groupe' method='POST' action='main.php' target='main'>
 
371
                                <table style='font-size: 10px'>
 
372
                                        <tr><td>".$GLOBALS["traduct"]->get(163)."</td><td><input type='text' class='text' name='groupe_name' value='".$groupeName."'></td></tr>
 
373
                                        <tr><td>".$GLOBALS["traduct"]->get(61)."</td><td><input type='radio' name='properties' value=1".(($dataGroupe["properties"])? " checked" : "" )."> Oui".str_repeat("&nbsp;", 5)."<input type='radio' name='properties' value=0".((!$dataGroupe["properties"])? " checked" : "" )."> Non</td></tr>
 
374
                                        <tr><td>".$GLOBALS["traduct"]->get(166)."</td><td><input type='radio' name='execSQL' value=1".(($dataGroupe["execSQL"])? " checked" : "" )."> Oui".str_repeat("&nbsp;", 5)."<input type='radio' name='execSQL' value=0".((!$dataGroupe["execSQL"])? " checked" : "" )."> Non</td></tr>
 
375
                                        <tr><td>".$GLOBALS["traduct"]->get(167)."</td><td><input type='radio' name='data' value=1".(($dataGroupe["data"])? " checked" : "" )."> Oui".str_repeat("&nbsp;", 5)."<input type='radio' name='data' value=0".((!$dataGroupe["data"])? " checked" : "" )."> Non</td></tr>
 
376
                                        <tr><td>".$GLOBALS["traduct"]->get(168)."</td><td><input type='radio' name='export' value=1".(($dataGroupe["export"])? " checked" : "" )."> Oui".str_repeat("&nbsp;", 5)."<input type='radio' name='export' value=0".((!$dataGroupe["export"])? " checked" : "" )."> Non</td></tr>
 
377
                                        <tr><td>".$GLOBALS["traduct"]->get(169)."</td><td><input type='radio' name='empty' value=1".(($dataGroupe["empty"])? " checked" : "" )."> Oui".str_repeat("&nbsp;", 5)."<input type='radio' name='empty' value=0".((!$dataGroupe["empty"])? " checked" : "" )."> Non</td></tr>
 
378
                                        <tr><td>".$GLOBALS["traduct"]->get(170)."</td><td><input type='radio' name='del' value=1".(($dataGroupe["del"])? " checked" : "" )."> Oui".str_repeat("&nbsp;", 5)."<input type='radio' name='del' value=0".((!$dataGroupe["del"])? " checked" : "" )."> Non</td></tr>
 
379
                                        <tr><td colspan=2 align='center'><input class='button' type='submit' value='".$GLOBALS["traduct"]->get(51)."'></td>
 
380
                                        </table>
 
381
                                <input type='hidden' name='action' value='".$GLOBALS["action"]."'>
 
382
                                <input type='hidden' name='groupe_id' value='".((isset($GLOBALS["groupe"]))? $GLOBALS["groupe"] : "" )."'>
 
383
                                <input type='hidden' name='auth_action' value='saveGroupe'>
 
384
                                </form>";
 
385
                
 
386
        }
 
387
        
 
388
        /**
 
389
        * change password form
 
390
        */
 
391
        function changePasswd(){
 
392
                $error = false;
 
393
                $err_message = "";
 
394
                if(isset($GLOBALS["passwd_action"]) && ($GLOBALS["passwd_action"] == "save")){
 
395
                        $query = "SELECT user_passwd FROM users WHERE user_id=".$_REQUEST["user"].";";
 
396
                        $GLOBALS['db']->query($query);
 
397
                        $passCurrent = $GLOBALS['db']->fetch_single();
 
398
                        if($passCurrent != md5($_POST["old"])){
 
399
                                $error = true;
 
400
                                $err_message = $GLOBALS["traduct"]->get(171);
 
401
                        } else if($_POST["pass"] != $_POST["confirm"]){
 
402
                                $error = true;
 
403
                                $err_message = $GLOBALS["traduct"]->get(172);
 
404
                        }
 
405
                        if(!$error){
 
406
                                $query = "UPDATE users SET user_passwd='".md5($_POST["pass"])."' WHERE user_id=".$_REQUEST["user"].";";
 
407
                                $GLOBALS['db']->query($query);
 
408
                                echo '<div class="Rights" style="margin: 5px; text-align: center">'.$GLOBALS["traduct"]->get(173);
 
409
                                if(!isset($_REQUEST["auth_action"])) echo "<br><a href=\"index.php?action=logout\" target='_parent' class='Browse'>".$GLOBALS["traduct"]->get(174)."</a>";
 
410
                                echo "</div>";
 
411
                        }
 
412
                }
 
413
                
 
414
                if($error || !isset($GLOBALS["passwd_action"]) || ($GLOBALS["passwd_action"]=="")){
 
415
                        echo "<form name='passwd' method=POST action='main.php' target='main'>";
 
416
                        echo "<table class='tabProp' style='border: 1px solid blue; margin: 2px'>";
 
417
                        echo "<tr><td colspan=2 align='center'>".$GLOBALS["traduct"]->get(157)."</td></tr>";
 
418
                        if($error){
 
419
                                echo "<tr><td colspan=2 align='center'><div width=80% style='border: 1px solid red'>".$err_message."</div></td></tr>";
 
420
                        }
 
421
                        echo "<tr><td align='right' style='white-space: nowrap'>".$GLOBALS["traduct"]->get(175)."</td><td>&nbsp;<input type='password' class='text' name='old' size=10></td></tr>";
 
422
                        echo "<tr><td align='right' style='white-space: nowrap'>".$GLOBALS["traduct"]->get(176)."</td><td>&nbsp;<input type='password' class='text' name='pass' size=10></td></tr>";
 
423
                        echo "<tr><td align='right' style='white-space: nowrap'>".$GLOBALS["traduct"]->get(177)."</td><td>&nbsp;<input type='password' class='text' name='confirm' size=10></td></tr>";
 
424
                        echo "<tr><td colspan=2 align='center'><input class='button' type='submit' value='".$GLOBALS["traduct"]->get(51)."'></td></tr>";
 
425
                        echo "</table>";
 
426
                        echo "<input type='hidden' name='action' value='".$GLOBALS["action"]."'>";
 
427
                        echo "<input type='hidden' name='user' value='".((isset($_REQUEST["user"]))? $_REQUEST["user"] : $_SESSION["SQLiteManagerUserId"] )."'>";
 
428
                        echo "<input type='hidden' name='passwd_action' value='save'>";
 
429
                        if(isset($GLOBALS["auth_action"])) echo "<input type='hidden' name='auth_action' value='".$GLOBALS["auth_action"]."'>";
 
430
                        echo "</form>";
 
431
                }
 
432
        }
 
433
}
 
434
?>