$sql="DELETE FROM ".$cfg["tab"]["rights"]." WHERE user_id='".Contenido_Security::escapeDB($userid,$db)."' AND idclient='".Contenido_Security::toInteger($rights_client)."' AND idlang='".Contenido_Security::toInteger($rights_lang)."' AND idarea='".Contenido_Security::toInteger($data[0])."' AND idcat='".Contenido_Security::toInteger($data[2])."' AND idaction='".Contenido_Security::toInteger($data[1])."' AND type=0";
$db->query($sql);
}
}
unset($data);
//search for all mentioned checkboxes
if(is_array($arraysave)){
foreach($arraysaveas$value){
//explodes the key it consits areait+actionid+itemid
$data=explode("|",$value);
// Since areas are stored in a numeric form in the rights table, we have
$sql="UPDATE ".$cfg["tab"]["phplib_auth_user_md5"]." SET perms='".Contenido_Security::escapeDB($rights_perms,$db)."' WHERE user_id='".Contenido_Security::escapeDB($userid,$db)."'";
$db->query($sql);
//save the other rights
saverights();
}
if(!is_object($oTpl)){
$oTpl=newTemplate();
}
$oTpl->reset();
if(!is_object($db2))
$db2=newDB_ConLite;
if(!isset($rights_client)){
$rights_client=$client;
$rights_lang=$lang;
}
//set new right_list (=all possible rights)
if(!is_array($right_list)){
# modified 2007-08-03, H. Librenz <holger.librenz@4fb.de> - this breaks, i do not know really know why, the session if storage container for session is other than database!
# PS: this is a hard, damn shit area of code -- ARRRGGGHHHH!!!!!!!
//register these list fore following sites
// $sess->register("right_list");
$plugxml=newXML_Doc();
//select all rights , actions an theeir locations without area login
$sql="SELECT A.idarea, A.parent_id, B.location,A.name FROM ".$cfg["tab"]["area"]." as A LEFT JOIN ".$cfg["tab"]["nav_sub"]." as B ON A.idarea = B.idarea WHERE A.name!='login' AND A.relevant='1' AND A.online='1' GROUP BY A.name, A.idarea, B.location ORDER BY A.idarea";
$sql="SELECT * FROM ".$cfg["tab"]["lang"]." as A, ".$cfg["tab"]["clients_lang"]." as B WHERE B.idclient='".Contenido_Security::toInteger($key)."' AND A.idlang=B.idlang";
$sql="SELECT idclient, idlang FROM ".$cfg["tab"]["clients_lang"]." WHERE idclientslang = '".Contenido_Security::toInteger($rights_clientslang)."'";
$db->query($sql);
$bEndScript=false;
if($db->next_record())
{
$rights_client=$db->f("idclient");
$rights_lang=$db->f("idlang");
$oTpl->set('s','NOTIFICATION','');
$oTpl->set('s','DISPLAY_FILTER','block');
}else{
$bEndScript=true;
ob_end_clean();
// Account is sysadmin
if(strpos($userperms,"sysadmin")!==false)
{
$oTpl->set('s','NOTIFICATION',$notification->messageBox("warning",i18n("The selected user is a system administrator. A system administrator has all rights for all clients for all languages and therefore rights can't be specified in more detail."),0));
}
// Account is only assigned to clients with admin rights
elseif(strpos($userperms,"admin[")!==false)
{
$oTpl->set('s','NOTIFICATION',$notification->messageBox("warning",i18n("The selected user is assigned to clients as admin, only. An admin has all rights for a client and therefore rights can't be specified in more detail."),0));
}
else
{
$oTpl->set('s','NOTIFICATION',$notification->messageBox("error",i18n("Current user doesn't have any rights to any client/language."),0));