I would like to modify a copy of edit_user.php to allow the currently signed in user to select what groups they are a member of, and that is all.
I made a copy of edit_user.php and named it edit_user2.php. I can pass the user_id of the currently signed in user...but I still get a permission error in the script that I don't know how to get around. If I make the user admin, it works...but then they have access to everything else we don't want.
Here is what I have so far:
<?php
/*****************************************************************************
$Id: edit_user.php,v 1.13 2002/10/07 14:28:52 djresonance Exp $
Copyright 2002 Brandon Tallent
This file is part of phpTest.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*****************************************************************************/
require_once('./include/h.inc.php');
pt_register('GET', 'user_id', 'feedback');
pt_register('POST', 'submit', 'user_name', 'password1', 'password2', 'email', 'real_name', 'admin',
'subjects', 'user_groups', 'group_permissions', 'user_id');
if (!count($user->group_permissions)) {
pt_check_admin();
}
$new_user = new cUser;
if (isset($submit)) {
// error checking
if (empty($user_groups)) {
$feedback .= $strings['USER_NO_GROUPS'];
}
if (empty($admin)) {
$admin = 0;
}
if (REQUIRE_VALID_EMAIL) {
if (!pt_verify_email($email)) {
$feedback .= $strings['USER_INVALID_EMAIL'];
}
}
// make sure that if a partial permission was granted on subjects, partial group permisson
// was also granted, and vice versa
if ((!empty($subjects) && empty($group_permissions)) ||
(!empty($group_permissions) && empty($subjects))) {
$feedback .= $strings['USER_NO_SUBJECT_OR_GROUP'];
}
if (!empty($feedback)) {
pt_redirect("edit_user.php?user_id=$user_id&feedback=" . urlencode($strings['ERROR_FORM_INPUT'] . $feedback));
}
if (!$new_user->update($user_id, $user_name, $email, $real_name, $admin)) {
$feedback .= $new_user->error_message;
} else {
// delete old skill and group permissions
$db->query("DELETE FROM group_permissions WHERE user_id = $user_id");
$db->query("DELETE FROM subject_permissions WHERE user_id = $user_id");
$db->query("DELETE FROM user_groups WHERE user_id = $user_id");
// insert subjects and group permissions into db
if (!empty($subjects)) {
foreach($subjects as $subject) {
$subject_id = pt_get_subject_id($subject);
$db->query("INSERT INTO subject_permissions (user_id, subject_id) VALUES ($user_id, $subject_id)");
$db->query("UPDATE users SET menu_edit_subject = 1 WHERE user_id = $user_id");
}
} else {
// user shouldn't be able to view skill releated menu items
$db->query("UPDATE users SET menu_edit_subject = 0 WHERE user_id = $user_id");
}
if (!empty($group_permissions)) {
foreach($group_permissions as $group_permission) {
$group_id = pt_get_group_id($group_permission);
$db->query("INSERT INTO group_permissions (user_id, group_id) VALUES ($user_id, $group_id)");
$db->query("UPDATE users SET menu_edit_group = 1 WHERE user_id = $user_id");
}
} else {
$db->query("UPDATE users SET menu_edit_group = 0 WHERE user_id = $user_id");
}
if (!empty($user_groups)) {
foreach($user_groups as $user_group) {
$group_id = pt_get_group_id($user_group);
$db->query("INSERT INTO user_groups (user_id, group_id)
VALUES ($user_id, $group_id)");
}
}
pt_redirect('view_users.php?feedback=' . urlencode($strings['USER_UPDATED']));
}
// if we get here, the update was not successfull.
pt_redirect("edit_user.php?user_id=$user_id&feedback=" . urlencode($strings['ERROR_FORM_INPUT'] . $feedback));
} else {
require_once('./include/header.inc.php');
$result = $db->query("SELECT * FROM users WHERE user_id = $user_id");
$row = $db->fetch_object($result);
$checked = $row->admin ? 'checked' : '';
$form = new cForm;
if (isset($feedback)) {
$form->add_feedback($feedback, 2);
}
$form->add_text($strings['USER_DESIRED_USERNAME'], 1);
$form->input('user_name', 2, $row->username);
$form->add_text($strings['USER_EMAIL'], 1);
$form->input('email', 2, $row->email);
$form->add_text($strings['USER_REAL_NAME'], 1);
$form->input('real_name', 2, $row->real_name);
$form->add_text($strings['USER_GROUP'], 1);
$form->add_text(pt_group_multiple('user_groups', 1, pt_get_user_groups($user_id)), 1);
// give admins option to grant admin access
if ($user->admin) {
$form->add_text($strings['USER_ADD_ADMIN'], 0);
$form->checkbox('admin', '1', 2, $checked);
}
$form->add_text($strings['SUBJECT_PERMISSIONS'], 1);
$form->add_text(pt_subject_multiple(pt_get_subject_permissions($user_id)), 2);
$form->add_text($strings['GROUP_PERMISSIONS'], 1);
$form->add_text(pt_group_multiple('group_permissions', 1, pt_get_group_permissions($user_id)), 2);
$form->hidden('user_id', $user_id);
$form->draw();
}
require_once('./include/footer.inc.php');
?>
Reason is:
I want to consider "groups" as "classes" where the user can indiciate which classes they are signing in for so that they may take a test. For example:
Volunteer Management 101 - Fall 2005
Board Development 201 - Fall 2005
If these are group options, I would like to let the user have an option that says "join a class" where they can check off which classes they should be a part of and able to take a test for.
