00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00046 function getGroupRow($groupName) {
00047 $groupQuery = "SELECT * FROM `".MYSQL_DATABASE_PREFIX."groups` WHERE `group_name` = '".escape($groupName)."'";
00048 $groupResult = mysql_query($groupQuery);
00049 return mysql_fetch_assoc($groupResult);
00050 }
00051
00052 function getGroupIdFromName($groupName) {
00053 $groupRow = getGroupRow($groupName);
00054 return $groupRow['group_id'];
00055 }
00060 function getGroupIdFromFormId($formId){
00061 if($formId == 0) {
00062 return false;
00063 }
00064 $query = "SELECT `group_id` FROM `".MYSQL_DATABASE_PREFIX."groups` WHERE `form_id`=".escape($formId);
00065 $result = mysql_query($query);
00066 if(mysql_num_rows($result)>0){
00067 $array = mysql_fetch_assoc($result);
00068 $groupId = $array['group_id'];
00069 return $groupId;
00070 }
00071 else
00072 return false;
00073 }
00078 function getFormIdFromGroupId($groupId){
00079 $query = "SELECT `form_id` FROM `".MYSQL_DATABASE_PREFIX."groups` WHERE `group_id`=".escape($groupId);
00080 $result = mysql_query($query);
00081 if(mysql_num_rows($result)>0){
00082 $array = mysql_fetch_assoc($result);
00083 $formId = $array['form_id'];
00084 return $formId;
00085 }
00086 else
00087 return false;
00088 }
00089
00097 function shiftGroupPriority($userId, $groupName, $direction = 'up', $userMaxPriority, $shiftNeighbours = true) {
00098 $userId=escape($userId);
00099 $direction=escape($direction);
00100 $userMaxPriority=escape($userMaxPriority);
00101 $groupRow = getGroupRow($groupName);
00102 if(!$groupRow) {
00103 return false;
00104 }
00105
00106 $groupId = $groupRow['group_id'];
00107 $groupPriority = $groupRow['group_priority'];
00108
00109 $op = ($direction == 'up' ? '+' : '-');
00110 $rel = ($direction == 'up' ? '>' : '<');
00111 $order = ($direction == 'up' ? 'asc' : 'desc');
00112
00113 $groupsTable = MYSQL_DATABASE_PREFIX . 'groups';
00114 $usergroupTable = MYSQL_DATABASE_PREFIX . 'usergroup';
00115
00117 if($groupRow['group_priority'] == $userMaxPriority) {
00118
00119 $memberQuery = "SELECT `$usergroupTable`.`group_id` FROM `$usergroupTable`, `$groupsTable` WHERE `group_priority` = {$groupRow['group_priority']} AND `user_id` = $userId AND `$usergroupTable`.`group_id` = `$groupsTable`.`group_id`";
00120 $memberResult = mysql_query($memberQuery);
00121 if(!$memberResult) {
00122 displayerror($memberQuery . '<br />' . mysql_error());
00123 return false;
00124 }
00125 if(mysql_num_rows($memberResult) == 1) {
00126 $memberRow = mysql_fetch_row($memberResult);
00127 if($memberRow[0] == $groupId) {
00128 displayerror('Error. Cannot shift the group that gives you grant permissions at this level.');
00129 return false;
00130 }
00131 }
00132 }
00133
00144 $newPriority = -1;
00145
00146 if($shiftNeighbours) {
00147 $groupQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . 'groups` WHERE `group_priority` = ' . $groupPriority;
00148 $groupResult = mysql_query($groupQuery);
00149 if(mysql_num_rows($groupResult) > 1) {
00150 $groupQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . 'groups` WHERE `group_priority` = ' . $groupPriority . " $op 1";
00151 $groupResult = mysql_query($groupQuery);
00152 if (mysql_num_rows($groupResult) > 0) {
00153 $shiftQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_priority` = `group_priority` + 1 WHERE `group_priority` " . ($direction == 'up' ? '>' : '>=') . " $groupPriority";
00154 $shiftResult = mysql_query($shiftQuery);
00155 $groupPriority++;
00156 }
00157
00158 if($direction == 'up')
00159 $newPriority = $groupPriority + 1;
00160 else
00161 $newPriority = $groupPriority - 1;
00162 }
00163 else {
00165 $groupQuery = 'SELECT `group_priority` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_priority` $rel $groupPriority ORDER BY `group_priority` $order LIMIT 0, 1";
00166 $groupResult = mysql_query($groupQuery);
00167 if(mysql_num_rows($groupResult) == 1) {
00168 $groupRow = mysql_fetch_row($groupResult);
00169 $newPriority = $groupRow[0];
00170 }
00171 else {
00172 if($direction == 'up')
00173 $newPriority = $groupPriority + 1;
00174 else
00175 $newPriority = $groupPriority - 1;
00176 }
00177 }
00178 }
00179 else {
00180 $groupQuery = 'SELECT `group_priority` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_priority` $rel $groupPriority ORDER BY `group_priority` $order LIMIT 0, 1";
00181 $groupResult = mysql_query($groupQuery);
00182 if(mysql_num_rows($groupResult) == 1) {
00183 $groupRow = mysql_fetch_row($groupResult);
00184 $newPriority = $groupRow[0];
00185 }
00186 else {
00187 if($direction == 'up')
00188 $newPriority = $groupPriority + 1;
00189 else
00190 $newPriority = $groupPriority - 1;
00191 }
00192 }
00193
00194
00195 if($newPriority <= 0) {
00196 displayinfo('You cannot decrease the priority of a group below the current priority.');
00197 return false;
00198 }
00199 elseif($newPriority > $userMaxPriority) {
00200 displayinfo('You cannot increase the priority of the group above the current priority.');
00201 return false;
00202 }
00203
00204 $groupQuery = "UPDATE `".MYSQL_DATABASE_PREFIX."groups` SET `group_priority` = $newPriority WHERE `group_id` = $groupId";
00205 if(mysql_query($groupQuery)) {
00206 return true;
00207 }
00208 else {
00209 return false;
00210 }
00211 }
00212
00213 function getUsersRegisteredToGroup($groupId) {
00214 $userQuery = 'SELECT `user_id` FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `group_id` = ' . $groupId;
00215 $userResult = mysql_query($userQuery);
00216 $registeredUserIds = array();
00217 while($userRow = mysql_fetch_row($userResult)) {
00218 $registeredUserIds[] = $userRow[0];
00219 }
00220
00221 return $registeredUserIds;
00222 }
00223
00224 function associateGroupWithForm($groupId, $formId) {
00225 global $sourceFolder, $moduleFolder;
00226 require_once("$sourceFolder/$moduleFolder/form.lib.php");
00227
00228 $existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . 'groups` WHERE `form_id` = ' . $formId;
00229 $existsResult = mysql_query($existsQuery);
00230 if(!$existsResult) displayerror($existsQuery . ' ' . mysql_error());
00231 if(mysql_num_rows($existsResult)) {
00232 displayerror('The given form is already associated with another group.');
00233 return false;
00234 }
00235 $isFormEmpty = (form::getRegisteredUserCount($formId) == 0);
00236 if(!isGroupEmpty($groupId) && !$isFormEmpty) {
00237 displayerror('The group cannot be associated with the form because neither the given group, nor the selected form is empty.');
00238 return false;
00239 }
00240 if(!form::isGroupAssociable($formId)) {
00241 displayerror('The selected form cannot be associated with a group because it either allows anonymous users to register, and does not allow users to unregister.');
00242 return false;
00243 }
00244
00245 if($isFormEmpty) {
00247 $groupUsers = getUsersRegisteredToGroup($groupId);
00248 $groupUsersCount = count($groupUsers);
00249
00250 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00251
00252 for($i = 0; $i < $groupUsersCount; $i++) {
00253 registerUser($formId, $groupUsers[$i]);
00254 }
00255 }
00256 else {
00257 $registeredUsers = form::getRegisteredUserArray($formId);
00258
00259 if(count($registeredUsers) > 0) {
00260 $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'usergroup` (`user_id`, `group_id`) VALUES ';
00261 $registeredUserCount = count($registeredUsers);
00262 for($i = 0; $i < $registeredUserCount; $i++) {
00263 $registeredUsers[$i] = "($registeredUsers[$i], $groupId)";
00264 }
00265 $insertQuery .= implode($registeredUsers, ', ');
00266 if(!mysql_query($insertQuery)) {
00267 displayerror('Could not move registered users to group.');
00268 return false;
00269 }
00270 }
00271 }
00272
00274 $updateQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . "groups` SET `form_id` = $formId WHERE `group_id` = $groupId";
00275 if(!mysql_query($updateQuery)) {
00276 displayerror('Could not associate the given group with the selected form.');
00277 return false;
00278 };
00279
00280 return true;
00281 }
00282
00283 function unassociateFormFromGroup($groupId) {
00284 $updateQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'groups` SET `form_id` = 0 WHERE `group_id` = ' . $groupId;
00285 $updateResult = mysql_query($updateQuery);
00286 if(!$updateResult) {
00287 displayerror('MySQL error! Could not unassociate the form from the given group.');
00288 }
00289
00290 $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `group_id` = ' . $groupId;
00291 $deleteResult = mysql_query($deleteQuery);
00292 if(!$deleteResult) {
00293 displayerror('MySQL error! Could not remove users from the given group.');
00294 }
00295 }
00296
00297 function getAssociableFormsList($userId, $emptyFormsOnly = false) {
00299 $formIdQuery = 'SELECT `page_id`, `form_desc`.`page_modulecomponentid`, `page_title` FROM `' . MYSQL_DATABASE_PREFIX . "pages`, `form_desc` " .
00300 'WHERE `page_module` = \'form\' AND `form_loginrequired` = 1 AND `' .
00301 'form_desc`.`page_modulecomponentid` = `' . MYSQL_DATABASE_PREFIX . 'pages`.`page_modulecomponentid`';
00302 $formIdResult = mysql_query($formIdQuery);
00303 if(!$formIdResult) displayerror($formIdQuery . ' ' . mysql_error());
00304 $associableForms = array();
00305
00306 global $sourceFolder, $moduleFolder;
00307 require_once("$sourceFolder/$moduleFolder/form.lib.php");
00308
00309 while($formIdRow = mysql_fetch_row($formIdResult)) {
00310
00311 if(getPermissions($userId, $formIdRow[0], 'editregistrants')) {
00312 if($emptyFormsOnly) {
00313 if(form::getRegisteredUserCount($formIdRow[1]) == 0) {
00314 $associableForms[] = array($formIdRow[1], $formIdRow[2], getPagePath($formIdRow[0]));
00315 }
00316 }
00317 else {
00318 $associableForms[] = array($formIdRow[1], $formIdRow[2], getPagePath($formIdRow[0]));
00319 }
00320 }
00321 }
00322
00323 return $associableForms;
00324 }
00325
00326 function emptyGroup($groupName, $silent = false) {
00327 $groupRow = getGroupRow($groupName);
00328 if(!$groupRow) {
00329 return false;
00330 }
00331
00332 $groupId = $groupRow['group_id'];
00333 $formId = $groupRow['form_id'];
00334
00335 if($formId == 0) {
00336 $groupQuery = 'DELETE FROM `'.MYSQL_DATABASE_PREFIX.'usergroup` WHERE `group_id` = '.$groupId;
00337 if(!mysql_query($groupQuery)) {
00338 displayerror('Error running MySQL query. The given group could not be emptied.');
00339 return false;
00340 }
00341 if(!$silent) displayinfo("Group '$groupName' Emptied Successfully");
00342 }
00343 else {
00344 displayinfo(
00345 'This group is associated with a form. You must unassociate the group from the form before you can empty it.' .
00346 '<a href="' . getPagePath(getPageIdFromModuleComponentId('form', $groupRow['form_id'])) . '">Click Here</a> to visit the form\'s edit page.'
00347 );
00348 return false;
00349 }
00350 return true;
00351 }
00352
00353 function deleteGroup($groupName) {
00354 if(emptyGroup($groupName, true)) {
00355 $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'groups` WHERE `group_name` = \'' . $groupName . '\'';
00356 if(mysql_query($deleteQuery)) {
00357 displayinfo("Group '$groupName' Deleted Successfully");
00358 return true;
00359 }
00360 }
00361 return false;
00362 }
00363
00364
00365 function isGroupEmpty($groupId) {
00366 $groupQuery = 'SELECT COUNT(`user_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `group_id` = ' . $groupId;
00367 $groupResult = mysql_query($groupQuery);
00368 $groupRow = mysql_fetch_row($groupResult);
00369 return ($groupRow[0] == 0);
00370 }
00371
00372 function addUserToGroupName($groupName, $userId) {
00373 $groupRow = getGroupRow($groupName);
00374 if(!$groupRow) {
00375 return false;
00376 }
00377 $groupId = $groupRow['group_id'];
00378
00379 $groupQuery = "SELECT `user_id` FROM `".MYSQL_DATABASE_PREFIX."usergroup` WHERE `group_id` = $groupId AND `user_id` = $userId";
00380 $groupResult = mysql_query($groupQuery);
00381 if($groupRow = mysql_fetch_assoc($groupResult)) {
00382 return true;
00383 }
00384
00385 $groupQuery = "INSERT INTO `".MYSQL_DATABASE_PREFIX."usergroup`(`group_id`, `user_id`) VALUES($groupId, $userId)";
00386 mysql_query($groupQuery);
00387 return true;
00388 }
00389
00390 function addUserToGroupId($groupId, $userId) {
00391 $groupQuery = "SELECT `user_id` FROM `".MYSQL_DATABASE_PREFIX."usergroup` WHERE `group_id` = $groupId AND `user_id` = $userId";
00392 $groupResult = mysql_query($groupQuery);
00393 if($groupRow = mysql_fetch_assoc($groupResult)) {
00394 displayerror("User already registered to the group.");
00395 return false;
00396 }
00397
00398 $groupQuery = "INSERT INTO `".MYSQL_DATABASE_PREFIX."usergroup`(`group_id`, `user_id`) VALUES($groupId, $userId)";
00399 $groupResult = mysql_query($groupQuery);
00400 if(mysql_affected_rows() == 0) {
00401 return false;
00402 }
00403 return true;
00404 }
00405 function removeUserFromGroupId($groupId, $userId) {
00406 $groupQuery = "SELECT `user_id` FROM `".MYSQL_DATABASE_PREFIX."usergroup` WHERE `group_id` = $groupId AND `user_id` = $userId";
00407 $groupResult = mysql_query($groupQuery);
00408 if(mysql_num_fields($groupResult)==0) {
00409 return false;
00410 }
00411 $groupQuery = "DELETE FROM `".MYSQL_DATABASE_PREFIX."usergroup` WHERE `user_id`=$userId and `group_id` = $groupId";
00412 $groupResult = mysql_query($groupQuery);
00413 if(mysql_affected_rows() > 0) {
00414 return true;
00415 }
00416 else
00417 return false;
00418 }
00419
00420 function reevaluateGroupPriorities($modifiableGroups) {
00421 $groupIdList = array();
00422 $modifiableCount = count($modifiableGroups);
00423 for($i = 0; $i < $modifiableCount; $i++) {
00424 $groupIdList[] = $modifiableGroups[$i]['group_id'];
00425 }
00426
00427 $modifiableGroups = array();
00428 if($modifiableCount) {
00429 $groupQuery = 'SELECT `group_id`, `group_name`, `group_description`, `group_priority` FROM `' . MYSQL_DATABASE_PREFIX . 'groups` WHERE `group_id` IN (' . join($groupIdList, ', ') . ') ORDER BY `group_priority` DESC';
00430 $groupResult = mysql_query($groupQuery) or die($groupQuery);
00431 while($groupRow = mysql_fetch_assoc($groupResult)) {
00432 $modifiableGroups[] = $groupRow;
00433 }
00434 }
00435
00436 return $modifiableGroups;
00437 }
00438
00439 function getGroupAssociatedWithForm($formId) {
00440 $groupQuery = "SELECT `group_id` FROM `" . MYSQL_DATABASE_PREFIX . "groups` WHERE `form_id` = $formId";
00441 $groupResult = mysql_query($groupQuery);
00442 if(mysql_num_rows($groupResult) != 0) {
00443 $groupRow = mysql_fetch_row($groupResult);
00444 return $groupRow[0];
00445 }
00446
00447 return -1;
00448 }
00449
00450
00451 function getGroupsFromUserId($userId) {
00452 $groupQuery = 'SELECT `' . MYSQL_DATABASE_PREFIX . 'groups`.`group_id`, `group_name`, `group_description`, `form_id` FROM `' . MYSQL_DATABASE_PREFIX .
00453 'groups`, `'. MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = ' . $userId . ' AND `' .
00454 MYSQL_DATABASE_PREFIX . 'groups`.`group_id` = `' . MYSQL_DATABASE_PREFIX . 'usergroup`.`group_id`';
00455 $groupResult = mysql_query($groupQuery);
00456 if(!$groupResult) displayerror($groupQuery . '<br />' . mysql_error());
00457
00458 $groupRows = array();
00459 while($groupRow = mysql_fetch_assoc($groupResult)) {
00460 $groupRows[] = $groupRow;
00461 }
00462 return $groupRows;
00463 }
00464