[dgoette] 38615: Welcome RosCMS admin interface, now we can manage roscms groups, ACLs and languages online and don't need to touch our DB for this again. - Ros-diffs

6 Jan 2009

Author: dgoette
Date: Tue Jan  6 13:51:22 2009
New Revision: 38615

URL: http://svn.reactos.org/svn/reactos?rev=38615&view=rev
Log:
Welcome RosCMS admin interface, now we can manage roscms groups, ACLs and languages online
and don't need to touch our DB for this again.

Added:
    branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js
    branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Languages.class.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php
Modified:
    branches/danny-web/reactos.org/htdocs/roscms/index.php
    branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php

Modified: branches/danny-web/reactos.org/htdocs/roscms/index.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================

--- branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] (original)
+++ branches/danny-web/reactos.org/htdocs/roscms/index.php [iso-8859-1] Tue Jan  6
13:51:22 2009
@@ -109,6 +109,9 @@
       case 'maintain':
         new HTML_CMS_Maintain();
         break;
+      case 'admin':
+        new HTML_CMS_Admin();
+        break;
       case 'stats':
         new HTML_CMS_Stats();
         break;
@@ -158,6 +161,24 @@
       case 'maintain':
         new Export_Maintain();
         break;
+      case 'admin':
+        // Admin interface interaction
+        switch (@$_GET['d_u']) {
+          case 'acl': // Access Control Lists
+            new Admin_ACL();
+            break;
+          case 'group':
+            new Admin_Groups();
+            break;
+          case 'lang':
+            new Admin_Languages();
+            break;
+          default:
+            die('');
+            break;
+        } // end $_GET['d_u']
+        break;
+        break;
     } // end switch
     break;
 

Added: branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js (added)
+++ branches/danny-web/reactos.org/htdocs/roscms/js/cms_admin.js [iso-8859-1] Tue Jan  6
13:51:22 2009
@@ -1,0 +1,208 @@
+
+
+
+/**
+ * requests a form for a new entry specified by subject
+ * the subject is interpreted in index.php
+ *
+ * @param string subject 'acl','group' or 'lang'
+ */ 
+function showNew( subject )
+{
+  makeRequest('?page=data_out&d_f=admin&d_u=' + subject +
'&action=new', 'GET');
+}
+
+
+
+/**
+ * @FILLME
+ */
+function submitNew( subject )
+{
+  makeRequest('?page=data_out&d_f=admin&d_u=' + subject +
'&action=new&submit=true', 'POST');
+  return false;
+}
+
+
+
+/**
+ * @FILLME
+ *
+ * @param string subject 'acl','group' or 'lang'
+ * @param string type 'edit' or 'delete'
+ */ 
+function showSearch( subject, type )
+{
+  makeRequest('?page=data_out&d_f=admin&d_u=' + subject +
'&action=search&for='+type, 'GET');
+}
+
+
+
+/**
+ * @FILLME
+ *
+ * @param string subject 'acl','group' or 'lang'
+ * @param string type 'edit' or 'delete'
+ */ 
+function submitSearch( subject, type )
+{
+  makeRequest('?page=data_out&d_f=admin&d_u=' + subject +
'&action=search&submit=true&for='+type, 'POST');
+}
+
+
+/**
+ * @FILLME
+ *
+ * @param string subject 'acl','group' or 'lang'
+ */ 
+function showEdit( subject )
+{
+  makeRequest('?page=data_out&d_f=admin&d_u=' + subject +
'&action=edit', 'GET');
+}
+
+
+
+/**
+ * @FILLME
+ */
+function submitEdit( subject )
+{
+  makeRequest('?page=data_out&d_f=admin&d_u=' + subject +
'&action=edit&submit=true', 'POST');
+  return false;
+}
+
+
+
+/**
+ * @FILLME
+ */
+function submitDelete( subject )
+{
+  var uf = confirm("Do you really want delete this entry ?");
+  if (uf==true) {
+    makeRequest('?page=data_out&d_f=admin&d_u=' + subject +
'&action=delete&submit=true', 'POST');
+  }
+  return false;
+}
+
+
+
+
+function getFormData( )
+{
+  var postdata = '';
+  var value;
+
+  for(var i = 0; i < document.forms[0].elements.length; i++) {
+    if (postdata != '') postdata += "&";
+
+    switch (document.forms[0].elements[i].type) {
+      case 'text':
+      case 'hidden':
+      case 'select-one':
+        value = document.forms[0].elements[i].value;
+        break;
+      case 'checkbox':
+        value = document.forms[0].elements[i].checked ? 'true' :
'false';
+        break;
+      default:
+        value = undefined;
+        break;
+    }
+
+    if (value != undefined) {
+      postdata = postdata + document.forms[0].elements[i].name+"="+value;
+    }
+
+  }
+  
+  return postdata;
+}
+
+
+
+/**
+ * starts a new AJAX request
+ * if kind is 'POST' the form data will automatically used as params
+ *
+ * @param string url
+ * @param string kind
+ */
+function makeRequest( url, kind )
+{
+  var http_request = false;
+
+  if (window.XMLHttpRequest) { // Mozilla, Safari,...
+    http_request = new XMLHttpRequest();
+  }
+  else if (window.ActiveXObject) { // IE
+    try {
+      http_request = new ActiveXObject("Msxml2.XMLHTTP");
+    } catch (e) {
+      try {
+        http_request = new ActiveXObject("Microsoft.XMLHTTP");
+      } catch (e) {
+      }
+    }
+  }
+
+  if (!http_request) { // stop if browser doesn't support AJAX
+    alert('Cannot create an XMLHTTP instance. \nMake sure that your browser does
support AJAX. \nMake sure that your browser does support AJAX. \nTry out IE 5.5+ (with
ActiveX enabled), IE7+, Mozilla, Opera 9+ or Safari 3+.');
+    return false;
+  }
+
+  // override mime
+  if (http_request.overrideMimeType) {
+    http_request.overrideMimeType('text/html');
+  }
+
+  http_request.onreadystatechange = function() { alertContents(http_request); };
+
+  if (kind == 'POST') {
+  
+    // put form data as params
+    var parameters = getFormData();
+
+    http_request.open('POST', url, true);
+    http_request.setRequestHeader("Content-type",
"application/x-www-form-urlencoded");
+    http_request.setRequestHeader("Content-length", parameters.length);
+    http_request.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000
00:00:00 GMT");	// Bypass the IE Cache
+    http_request.setRequestHeader("Connection", "close");
+    http_request.send(parameters);
+  }
+  else {
+    http_request.open('GET', url, true);
+    http_request.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000
00:00:00 GMT");	// Bypass the IE Cache
+    http_request.send(null);
+  }
+
+  return true;
+}
+
+
+
+/**
+ * inserts request results
+ *
+ * @param object reference to AJAX-Object
+ */
+function alertContents( http_request )
+{
+  try {
+    if (http_request.readyState == 4) {
+      if (http_request.status == 200) {
+        document.getElementById('ajaxloadinginfo').style.display =
'none';
+        document.getElementById('adminarea').innerHTML =
http_request.responseText;
+      }
+      else {
+        alert('There was a problem with the request ['+http_request.status+'
/ '+http_request.readyState+']. \n\nA client (browser) or server problem. Please
check and try to update your browser. \n\nIf this error happens more than once or twice,
contac the website admin.');
+      }
+    }
+  }
+  catch( e ) {
+    alert('Caught Exception: ' + e.description +'\n\nIf this error occur more
than once or twice, please contact the website admin with the exact error message. \n\nIf
you use the Safari browser, please make sure you run the latest version.');
+  }
+
+  // to prevent memory leak
+  http_request = null;
+}

Added: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php (added)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin.class.php [iso-8859-1] Tue Jan 
6 13:51:22 2009
@@ -1,0 +1,94 @@
+<?php
+    /*
+    RosCMS - ReactOS Content Management System
+    Copyright (C) 2009  Danny Götte &lt;dangerground(a)web.de&gt;
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+    */
+
+
+/**
+ * class Admin
+ * 
+ */
+abstract class Admin
+{
+
+
+
+  public function __construct()
+  {
+  
+    // check if user has enough rights
+    Login::required();
+    if (ThisUser::getInstance()->securityLevel() < 3) {
+      die('Not enough rights to access this Area.');
+    }
+
+    // is an action given ?
+    if (empty($_GET['action'])) {
+      die('missing param');
+    }
+
+    // show requested form
+    if (empty($_GET['submit'])) {
+      switch ($_GET['action']) {
+        case 'new':
+          $this->showNew();
+          break;
+        case 'search':
+          $this->showSearch();
+          break;
+        case 'edit':
+          $this->showEdit();
+          break;
+        case 'delete':
+          $this->showDelete();
+          break;
+      }
+    }
+
+    // submit form data
+    else {
+      switch ($_GET['action']) {
+        case 'new':
+          $this->submitNew();
+          break;
+        case 'search':
+          $this->submitSearch();
+          break;
+        case 'edit':
+          $this->submitEdit();
+          break;
+        case 'delete':
+          $this->submitDelete();
+          break;
+      }
+    }
+  }
+
+
+
+  abstract protected function showNew();
+  abstract protected function showSearch();
+  abstract protected function showEdit();
+  abstract protected function showDelete();
+  
+  abstract protected function submitNew();
+  abstract protected function submitSearch();
+  abstract protected function submitEdit();
+  abstract protected function submitDelete();
+} // end of Admin
+?>

Added: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php (added)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_ACL.class.php [iso-8859-1] Tue
Jan  6 13:51:22 2009
@@ -1,0 +1,404 @@
+<?php
+    /*
+    RosCMS - ReactOS Content Management System
+    Copyright (C) 2009  Danny Götte &lt;dangerground(a)web.de&gt;
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+    */
+
+
+/**
+ * class Admin_ACL
+ * 
+ */
+class Admin_ACL extends Admin
+{
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showNew( )
+  {
+    echo_strip('
+      <h2>Create new Access Control List (ACL)</h2>
+      <form onsubmit="return false;">
+        <fieldset>
+          <legend>Access Control List Options</legend>
+          <label for="acl_name">Name</label>
+          <input id="acl_name" name="acl_name"
maxlength="100" value="" />
+          <br />
+
+          <label for="acl_short">Short Name (Identifier)</label>
+          <input id="acl_short" name="acl_short"
maxlength="50" value="" />
+          <br />
+
+          <label for="acl_desc">Description</label>
+          <input id="acl_desc" name="acl_desc"
maxlength="255" value="" />
+        </fieldset>
+        <br />
+        <fieldset>
+          <legend>Groups Access Rights</legend>
+          <table>
+            <tr>
+              <th title="Security Level">SecLvl</th>
+              <th>Group Name</th>
+              <th title="read">R</th>
+              <th title="write">W</th>
+              <th title="add">A</th>
+              <th title="delete">D</th>
+              <th title="publish">P</th>
+              <th title="translate">T</th>
+            </tr>');
+
+    $stmt=&DBConnection::getInstance()->prepare("SELECT id, name,
security_level, description FROM ".ROSCMST_GROUPS." ORDER BY security_level ASC,
name ASC");
+    $stmt->execute();
+    while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      echo_strip('
+        <tr
title="'.htmlspecialchars($group['description']).'">
+          <td>'.$group['security_level'].'</td>
+          <td>'.htmlspecialchars($group['name']).'</td>
+          <td title="read entries"><input type="checkbox"
name="read'.$group['id'].'"
id="read'.$group['id'].'" checked="checked"
value="1" /></td>
+          <td title="edit entries"><input type="checkbox"
name="write'.$group['id'].'"
id="write'.$group['id'].'" value="1" /></td>
+          <td title="add new entries"><input type="checkbox"
name="add'.$group['id'].'"
id="add'.$group['id'].'" value="1" /></td>
+          <td title="delete entries"><input type="checkbox"
name="del'.$group['id'].'"
id="del'.$group['id'].'" value="1" /></td>
+          <td title="make entries stable"><input
type="checkbox" name="pub'.$group['id'].'"
id="pub'.$group['id'].'" value="1" /></td>
+          <td title="translate entries"><input
type="checkbox" name="trans'.$group['id'].'"
id="trans'.$group['id'].'" value="1" /></td>
+        </tr>');
+    }
+
+    echo_strip('
+          </table>
+        </fieldset>
+        <button
onclick="'."submitNew('acl')".'">Create new
ACL</button>
+      </form>
+    ');
+  } // end of member function showNew
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitNew( )
+  {
+    $success = true;
+  
+    // try to insert new access list
+    $stmt=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_ACCESS." (name, name_short, description) VALUES (:name, :short,
:description)");
+    $stmt->bindParam('name',$_POST['acl_name'],PDO::PARAM_STR);
+    $stmt->bindParam('short',$_POST['acl_short'],PDO::PARAM_STR);
+   
$stmt->bindParam('description',$_POST['acl_desc'],PDO::PARAM_STR);
+    if ($stmt->execute()) {
+    
+      // check for new access list id
+      $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM
".ROSCMST_ACCESS." WHERE name=:name");
+      $stmt->bindParam('name',$_POST['acl_name'],PDO::PARAM_STR);
+      $stmt->execute();
+      $access_id = $stmt->fetchColumn();
+      if ($access_id !== false) {
+
+        // prepare for usage in loop
+        $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_ACL." (acl_id, group_id, can_read, can_write, can_add, can_delete,
can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add, :delete,
:publish, :translate)");
+        $stmt_ins->bindParam('acl_id',$access_id,PDO::PARAM_INT);
+
+        // insert access rights for each group
+        $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM
".ROSCMST_GROUPS);
+        $stmt->execute();
+        while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
+         
$stmt_ins->bindParam('group_id',$group['id'],PDO::PARAM_INT);
+         
$stmt_ins->bindValue('read',$_POST['read'.$group['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('write',$_POST['write'.$group['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('add',$_POST['add'.$group['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('delete',$_POST['del'.$group['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('publish',$_POST['pub'.$group['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('translate',$_POST['trans'.$group['id']]=='true',PDO::PARAM_BOOL);
+          $success = $success && $stmt_ins->execute();
+        }
+      } // end got list id
+      else {
+        $success = false;
+      }
+    } // end list inserted
+    else {
+      $success = false;
+    }
+
+    // give the user a success or failure message
+    if ($success) {
+      echo 'New ACL was created successfully';
+    }
+    else {
+      echo 'Error, while creating new ACL';
+    }
+  } // end of member function submitNew
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showSearch( )
+  {
+    echo_strip('
+      <h2>Select ACL to '.($_GET['for']=='edit' ?
'edit' : 'delete').'</h2>
+      <form onsubmit="return false;">
+        <select name="acl" id="acl">
+          <option value="0">&nbsp;</option>');
+
+    $stmt=&DBConnection::getInstance()->prepare("SELECT id, name, description
FROM ".ROSCMST_ACCESS." ORDER BY name ASC");
+    $stmt->execute();
+    while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      echo '<option value="'.$access['id'].'"
title="'.$access['description'].'">'.$access['name'].'</option>';
+    }
+
+    echo_strip('
+        </select>
+        <button
onclick="'."submitSearch('acl','".($_GET['for'] ==
'edit' ? 'edit' : 'delete')."')".'">go
on</button>
+      </form>');
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitSearch( )
+  {
+    // show edit / delete form, if entry was selected
+    if ($_POST['acl'] > 0) {
+      if ($_GET['for'] == 'edit') {
+        self::showEdit();
+      }
+      elseif ($_GET['for'] == 'delete') {
+        self::showDelete();
+      }
+    }
+
+    // show search again
+    else {
+      self::showSearch();
+    }
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showEdit( )
+  {
+    $stmt=&DBConnection::getInstance()->prepare("SELECT name, name_short,
description, id FROM ".ROSCMST_ACCESS." WHERE id=:acl_id");
+    $stmt->bindParam('acl_id',$_POST['acl'],PDO::PARAM_INT);
+    $stmt->execute();
+    $access = $stmt->fetchOnce(PDO::FETCH_ASSOC);
+
+    echo_strip('
+      <h2>Edit Access Control List (ACL)</h2>
+      <form onsubmit="return false;">
+        <fieldset>
+          <legend>Access Control List Options</legend>
+          <input type="hidden" name="acl_id" id="acl_id"
value="'.$access['id'].'" />
+          
+          <label for="acl_name">Name</label>
+          <input id="acl_name" name="acl_name"
maxlength="100" value="'.$access['name'].'" />
+          <br />
+
+          <label for="acl_short">Short Name (Identifier)</label>
+          <input id="acl_short" name="acl_short"
maxlength="50" value="'.$access['name_short'].'"
/>
+          <br />
+
+          <label for="acl_desc">Description</label>
+          <input id="acl_desc" name="acl_desc"
maxlength="255" value="'.$access['description'].'"
/>
+        </fieldset>
+        <br />
+        <fieldset>
+          <legend>Groups Access Rights</legend>
+          <table>
+            <tr>
+              <th title="Security Level">SecLvl</th>
+              <th>Group Name</th>
+              <th title="read">R</th>
+              <th title="write">W</th>
+              <th title="add">A</th>
+              <th title="delete">D</th>
+              <th title="publish">P</th>
+              <th title="translate">T</th>
+            </tr>');
+
+    $stmt=&DBConnection::getInstance()->prepare("SELECT g.id, g.name,
g.security_level, g.description, a.can_read, a.can_write, a.can_add, a.can_delete,
a.can_publish, a.can_translate FROM ".ROSCMST_ACL." a JOIN
".ROSCMST_GROUPS." g ON g.id=a.group_id WHERE a.acl_id=:acl_id ORDER BY
g.security_level ASC, g.name ASC");
+    $stmt->bindParam('acl_id',$access['id'],PDO::PARAM_INT);
+    $stmt->execute();
+    while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      echo_strip('
+        <tr
title="'.htmlspecialchars($group['description']).'">
+          <td>'.$group['security_level'].'</td>
+          <td>'.htmlspecialchars($group['name']).'</td>
+          <td title="read entries"><input type="checkbox"
name="read'.$group['id'].'"
id="read'.$group['id'].'" '.($group['can_read'] ==
true ? 'checked="checked"' : '').' value="1"
/></td>
+          <td title="edit entries"><input type="checkbox"
name="write'.$group['id'].'"
id="write'.$group['id'].'" '.($group['can_write'] ==
true ? 'checked="checked"' : '').' value="1"
/></td>
+          <td title="add new entries"><input type="checkbox"
name="add'.$group['id'].'"
id="add'.$group['id'].'" '.($group['can_add'] ==
true ? 'checked="checked"' : '').' value="1"
/></td>
+          <td title="delete entries"><input type="checkbox"
name="del'.$group['id'].'"
id="del'.$group['id'].'" '.($group['can_delete'] ==
true ? 'checked="checked"' : '').' value="1"
/></td>
+          <td title="make entries stable"><input
type="checkbox" name="pub'.$group['id'].'"
id="pub'.$group['id'].'" '.($group['can_publish'] ==
true ? 'checked="checked"' : '').' value="1"
/></td>
+          <td title="translate entries"><input
type="checkbox" name="trans'.$group['id'].'"
id="trans'.$group['id'].'"
'.($group['can_translate'] == true ? 'checked="checked"' :
'').' value="1" /></td>
+        </tr>');
+    }
+
+    echo_strip('
+          </table>
+        </fieldset>
+        <button
onclick="'."submitEdit('acl')".'">edit
ACL</button>
+      </form>
+    ');
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitEdit( )
+  {
+    $success = true;
+
+    // try to insert new access list
+    $stmt=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_ACCESS." SET name=:name, name_short=:short, description=:description
WHERE id=:acl_id");
+    $stmt->bindParam('name',$_POST['acl_name'],PDO::PARAM_STR);
+    $stmt->bindParam('short',$_POST['acl_short'],PDO::PARAM_STR);
+   
$stmt->bindParam('description',$_POST['acl_desc'],PDO::PARAM_STR);
+    $stmt->bindParam('acl_id',$_POST['acl_id'],PDO::PARAM_INT);
+    $success = $success && $stmt->execute();
+
+    // prepare for usage in loop
+    $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_ACL." SET can_read=:read, can_write=:write, can_add=:add,
can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id
AND group_id=:group_id");
+    $stmt_ins->bindParam('acl_id',$_POST['acl_id'],PDO::PARAM_INT);
+
+    // insert access rights for each group
+    $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM
".ROSCMST_GROUPS);
+    $success = $success && $stmt->execute();
+    while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      $stmt_ins->bindParam('group_id',$group['id'],PDO::PARAM_INT);
+     
$stmt_ins->bindValue('read',$_POST['read'.$group['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('write',$_POST['write'.$group['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('add',$_POST['add'.$group['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('delete',$_POST['del'.$group['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('publish',$_POST['pub'.$group['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('translate',$_POST['trans'.$group['id']]=='true',PDO::PARAM_BOOL);
+      $success = $success && $stmt_ins->execute();
+    }
+
+    // give the user a success or failure message
+    if ($success) {
+      echo 'ACL was edited successfully';
+    }
+    else {
+      echo 'Error, while editing ACL';
+    }
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showDelete( )
+  {
+    $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(id) FROM
".ROSCMST_ENTRIES." WHERE acl_id=:acl_id");
+    $stmt->bindParam('acl_id',$_POST['acl'],PDO::PARAM_INT);
+    $stmt->execute();
+    $data_count = $stmt->fetchColumn();
+
+    // check if
+    if ($data_count > 0) {
+      echo '<div>Can\'t delete entry: It\'s used in
'.$data_count.' entries. Remove usage first, and try again
later.</div>';
+    }
+    else {
+      $stmt=&DBConnection::getInstance()->prepare("SELECT name, name_short,
description, id FROM ".ROSCMST_ACCESS." WHERE id=:acl_id");
+      $stmt->bindParam('acl_id',$_POST['acl'],PDO::PARAM_INT);
+      $stmt->execute();
+      $access = $stmt->fetchOnce(PDO::FETCH_ASSOC);
+
+      echo_strip('
+        <form onsubmit="return false;">
+          <div>
+            <input type="hidden" name="acl_id"
id="acl_id" value="'.$access['id'].'" />
+
+            Do you really want to delete the ACL &quot;<span
title="'.$access['description'].'">'.$access['name'].'</span>&quot;
?
+            <button style="color: red;"
onclick="'."submitDelete('acl')".'"
name="uaq" value="yes">Yes, Delete it.</button>
+            <button style="color: green;" name="uaq"
value="no">No</button>
+          </div>
+        </form>');
+    }
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitDelete( )
+  {
+    $success = true;
+
+    // check if it is used anywhere
+    $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(id) FROM
".ROSCMST_ENTRIES." WHERE acl_id=:acl_id");
+    $stmt->bindParam('acl_id',$_POST['acl_id'],PDO::PARAM_INT);
+    $stmt->execute();
+    $data_count = $stmt->fetchColumn();
+    if ($data_count > 0) {
+      echo '<div>Can\'t delete entry: It\'s used in
'.$data_count.' entries. Remove usage first, and try again
later.</div>';
+    }
+    else {
+
+      // delete acl
+      $stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_ACCESS." WHERE id=:acl_id");
+      $stmt->bindParam('acl_id',$_POST['acl_id'],PDO::PARAM_INT);
+      $success = $success && $stmt->execute();
+
+      // delete rights list
+      if ($success) {
+        $stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_ACL." WHERE acl_id=:acl_id");
+        $stmt->bindParam('acl_id',$_POST['acl_id'],PDO::PARAM_INT);
+        $success = $success && $stmt->execute();
+      }
+
+      // status message
+      if ($success) {
+        echo 'ACL was deleted successfully';
+      }
+      else {
+        echo 'Error, while deleting ACL';
+      }
+    }
+  }
+
+} // end of Admin_ACL
+?>

Added: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php (added)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Groups.class.php [iso-8859-1]
Tue Jan  6 13:51:22 2009
@@ -1,0 +1,400 @@
+<?php
+    /*
+    RosCMS - ReactOS Content Management System
+    Copyright (C) 2009  Danny Götte &lt;dangerground(a)web.de&gt;
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+    */
+
+
+/**
+ * class Admin_Groups
+ * 
+ */
+class Admin_Groups extends Admin
+{
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showNew( )
+  {
+    echo_strip('
+      <h2>Create new Group</h2>
+      <form onsubmit="return false;">
+        <fieldset>
+          <legend>Group Data</legend>
+          <label for="group_sec">Security Level</label>
+          <select id="group_sec" name="group_sec">
+            <option value="0">0 (no access to CMS, only that myRosCMS
stuff)</option>
+            <option value="1">1 (simple users (e.g.
translator))</option>
+            <option value="2">2 (advanced rights, e.g.
developers)</option>
+            <option value="3">3 (some admin functions)</option>
+          </select>
+          <br />
+
+          <label for="group_name">Name</label>
+          <input id="group_name" name="group_name"
maxlength="100" />
+          <br />
+
+          <label for="group_short">Short Name (Identifier)</label>
+          <input id="group_short" name="group_short"
maxlength="50" />
+          <br />
+
+          <label for="group_desc">Description</label>
+          <input id="group_desc" name="group_desc"
maxlength="255" />
+        </fieldset>
+        <br />
+        <fieldset>
+          <legend>configure group access rights</legend>
+          <table>
+            <tr>
+              <th>ACL Name</th>
+              <th title="read">R</th>
+              <th title="write">W</th>
+              <th title="add">A</th>
+              <th title="delete">D</th>
+              <th title="publish">P</th>
+              <th title="translate">T</th>
+            </tr>');
+
+    $stmt=&DBConnection::getInstance()->prepare("SELECT id, name, description
FROM ".ROSCMST_ACCESS." ORDER BY name ASC");
+    $stmt->execute();
+    while ($acl = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      echo_strip('
+        <tr
title="'.htmlspecialchars($acl['description']).'">
+          <td>'.htmlspecialchars($acl['name']).'</td>
+          <td title="read entries"><input type="checkbox"
name="read'.$acl['id'].'"
id="read'.$acl['id'].'" value="1" /></td>
+          <td title="edit entries"><input type="checkbox"
name="write'.$acl['id'].'"
id="write'.$acl['id'].'" value="1" /></td>
+          <td title="add new entries"><input type="checkbox"
name="add'.$acl['id'].'"
id="add'.$acl['id'].'" value="1" /></td>
+          <td title="delete entries"><input type="checkbox"
name="del'.$acl['id'].'"
id="del'.$acl['id'].'" value="1" /></td>
+          <td title="make entries stable"><input
type="checkbox" name="pub'.$acl['id'].'"
id="pub'.$acl['id'].'" value="1" /></td>
+          <td title="translate entries"><input
type="checkbox" name="trans'.$acl['id'].'"
id="trans'.$acl['id'].'" value="1" /></td>
+        </tr>');
+    }
+
+    echo_strip('
+          </table>
+        </fieldset>
+        <button
onclick="'."submitNew('group')".'">Create new
Group</button>
+      </form>
+    ');
+  } // end of member function showNew
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitNew( )
+  {
+    $success = true;
+  
+    // try to insert new access list
+    $stmt=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_GROUPS." (name, name_short, description, security_level, visible)
VALUES (:name, :short, :description, :security_level, FALSE)");
+    $stmt->bindParam('name',$_POST['group_name'],PDO::PARAM_STR);
+    $stmt->bindParam('short',$_POST['group_short'],PDO::PARAM_STR);
+   
$stmt->bindParam('description',$_POST['group_desc'],PDO::PARAM_STR);
+   
$stmt->bindParam('security_level',$_POST['group_sec'],PDO::PARAM_INT);
+    if ($stmt->execute()) {
+    
+      // check for new access list id
+      $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM
".ROSCMST_GROUPS." WHERE name=:name");
+      $stmt->bindParam('name',$_POST['group_name'],PDO::PARAM_STR);
+      $stmt->execute();
+      $group_id = $stmt->fetchColumn();
+      if ($group_id !== false) {
+
+        // prepare for usage in loop
+        $stmt_ins=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_ACL." (acl_id, group_id, can_read, can_write, can_add, can_delete,
can_publish, can_translate) VALUES (:acl_id, :group_id, :read, :write, :add, :delete,
:publish, :translate)");
+        $stmt_ins->bindParam('group_id',$group_id,PDO::PARAM_INT);
+
+        // insert access rights for each group
+        $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM
".ROSCMST_ACCESS);
+        $stmt->execute();
+        while ($acl = $stmt->fetch(PDO::FETCH_ASSOC)) {
+          $stmt_ins->bindParam('acl_id',$acl['id'],PDO::PARAM_INT);
+         
$stmt_ins->bindValue('read',$_POST['read'.$acl['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('write',$_POST['write'.$acl['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('add',$_POST['add'.$acl['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('delete',$_POST['del'.$acl['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('publish',$_POST['pub'.$acl['id']]=='true',PDO::PARAM_BOOL);
+         
$stmt_ins->bindValue('translate',$_POST['trans'.$acl['id']]=='true',PDO::PARAM_BOOL);
+          $success = $success && $stmt_ins->execute();
+        }
+      } // end got list id
+      else {
+        $success = false;
+      }
+    } // end list inserted
+    else {
+      $success = false;
+    }
+
+    // give the user a success or failure message
+    if ($success) {
+      echo_strip('New Group was created successfully');
+    }
+    else {
+      echo_strip('Error, while creating new Group');
+    }
+  } // end of member function submitNew
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showSearch( )
+  {
+    echo_strip('
+      <h2>Select Group to '.($_GET['for']=='edit' ?
'edit' : 'delete').'</h2>
+      <form onsubmit="return false;">
+        <select name="group" id="group">
+          <option value="0">&nbsp;</option>');
+
+    $stmt=&DBConnection::getInstance()->prepare("SELECT id, name, description
FROM ".ROSCMST_GROUPS." ORDER BY name ASC");
+    $stmt->execute();
+    while ($group = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      echo '<option value="'.$group['id'].'"
title="'.$group['description'].'">'.$group['name'].'</option>';
+    }
+
+    echo_strip('
+        </select>
+        <button
onclick="'."submitSearch('group','".($_GET['for']
== 'edit' ? 'edit' :
'delete')."')".'">go on</button>
+      </form>');
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitSearch( )
+  {
+    // show edit / delete form, if entry was selected
+    if ($_POST['group'] > 0) {
+      if ($_GET['for'] == 'edit') {
+        self::showEdit();
+      }
+      elseif ($_GET['for'] == 'delete') {
+        self::showDelete();
+      }
+    }
+
+    // show search again
+    else {
+      self::showSearch();
+    }
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showEdit( )
+  {
+    $stmt=&DBConnection::getInstance()->prepare("SELECT name, name_short,
description, id, security_level FROM ".ROSCMST_GROUPS." WHERE
id=:acl_id");
+    $stmt->bindParam('acl_id',$_POST['group'],PDO::PARAM_INT);
+    $stmt->execute();
+    $group = $stmt->fetchOnce(PDO::FETCH_ASSOC);
+
+    echo_strip('
+      <h2>Edit Group</h2>
+      <form onsubmit="return false;">
+        <fieldset>
+          <legend>Group Data</legend>
+          <input type="hidden" name="group_id"
id="group_id" value="'.$group['id'].'" />
+
+          <label for="group_sec">Security Level</label>
+          <select id="group_sec" name="group_sec">
+            <option value="0"'.($group['security_level'] == 0 ?
' selected="selected"' : '').'>0 (no access to CMS, only
that myRosCMS stuff)</option>
+            <option value="1"'.($group['security_level'] == 1 ?
' selected="selected"' : '').'>1 (simple users (e.g.
translator))</option>
+            <option value="2"'.($group['security_level'] == 2 ?
' selected="selected"' : '').'>2 (advanced rights, e.g.
developers)</option>
+            <option value="3"'.($group['security_level'] == 3 ?
' selected="selected"' : '').'>3 (some admin
functions)</option>
+          </select>
+          <br />
+
+          <label for="group_name">Name</label>
+          <input id="group_name" name="group_name"
maxlength="100"
value="'.htmlspecialchars($group['name']).'" />
+          <br />
+
+          <label for="group_short">Short Name (Identifier)</label>
+          <input id="group_short" name="group_short"
maxlength="50"
value="'.htmlspecialchars($group['name_short']).'" />
+          <br />
+
+          <label for="group_desc">Description</label>
+          <input id="group_desc" name="group_desc"
maxlength="255"
value="'.htmlspecialchars($group['description']).'"  />
+        </fieldset>
+        <br />
+        <fieldset>
+          <legend>configure group access rights</legend>
+          <table>
+            <tr>
+              <th>ACL Name</th>
+              <th title="read">R</th>
+              <th title="write">W</th>
+              <th title="add">A</th>
+              <th title="delete">D</th>
+              <th title="publish">P</th>
+              <th title="translate">T</th>
+            </tr>');
+
+    $stmt=&DBConnection::getInstance()->prepare("SELECT s.id, s.name,
s.description, a.can_read, a.can_write, a.can_add, a.can_delete, a.can_publish,
a.can_translate FROM ".ROSCMST_ACCESS." s JOIN ".ROSCMST_ACL." a ON
a.acl_id=s.id WHERE a.group_id=:group_id ORDER BY name ASC");
+    $stmt->bindParam('group_id',$group['id'],PDO::PARAM_INT);
+    $stmt->execute();
+    while ($acl = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      echo_strip('
+        <tr
title="'.htmlspecialchars($acl['description']).'">
+          <td>'.htmlspecialchars($acl['name']).'</td>
+          <td title="read entries"><input type="checkbox"
name="read'.$acl['id'].'"
id="read'.$acl['id'].'" '.($acl['can_read'] == true
? 'checked="checked"' : '').' value="1"
/></td>
+          <td title="edit entries"><input type="checkbox"
name="write'.$acl['id'].'"
id="write'.$acl['id'].'" '.($acl['can_write'] ==
true ? 'checked="checked"' : '').' value="1"
/></td>
+          <td title="add new entries"><input type="checkbox"
name="add'.$acl['id'].'"
id="add'.$acl['id'].'" '.($acl['can_add'] == true ?
'checked="checked"' : '').' value="1"
/></td>
+          <td title="delete entries"><input type="checkbox"
name="del'.$acl['id'].'"
id="del'.$acl['id'].'" '.($acl['can_delete'] == true
? 'checked="checked"' : '').' value="1"
/></td>
+          <td title="make entries stable"><input
type="checkbox" name="pub'.$acl['id'].'"
id="pub'.$acl['id'].'" '.($acl['can_publish'] ==
true ? 'checked="checked"' : '').' value="1"
/></td>
+          <td title="translate entries"><input
type="checkbox" name="trans'.$acl['id'].'"
id="trans'.$acl['id'].'" '.($acl['can_translate'] ==
true ? 'checked="checked"' : '').' value="1"
/></td>
+        </tr>');
+    }
+
+    echo_strip('
+          </table>
+        </fieldset>
+        <button
onclick="'."submitEdit('group')".'">Edit
Group</button>
+      </form>
+    ');
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitEdit( )
+  {
+    $success = true;
+
+    // try to insert new access list
+    $stmt=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_GROUPS." SET name=:name, name_short=:short, description=:description,
security_level=:sec_level WHERE id=:group_id");
+    $stmt->bindParam('name',$_POST['group_name'],PDO::PARAM_STR);
+    $stmt->bindParam('short',$_POST['group_short'],PDO::PARAM_STR);
+   
$stmt->bindParam('description',$_POST['group_desc'],PDO::PARAM_STR);
+    $stmt->bindParam('sec_level',$_POST['group_sec'],PDO::PARAM_STR);
+    $stmt->bindParam('group_id',$_POST['group_id'],PDO::PARAM_INT);
+    $success = $success && $stmt->execute();
+
+    // prepare for usage in loop
+    $stmt_ins=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_ACL." SET can_read=:read, can_write=:write, can_add=:add,
can_delete=:delete, can_publish=:publish, can_translate=:translate WHERE acl_id=:acl_id
AND group_id=:group_id");
+   
$stmt_ins->bindParam('group_id',$_POST['group_id'],PDO::PARAM_INT);
+
+    // insert access rights for each group
+    $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM
".ROSCMST_ACCESS);
+    $success = $success && $stmt->execute();
+    while ($access = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      $stmt_ins->bindParam('acl_id',$access['id'],PDO::PARAM_INT);
+     
$stmt_ins->bindValue('read',$_POST['read'.$access['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('write',$_POST['write'.$access['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('add',$_POST['add'.$access['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('delete',$_POST['del'.$access['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('publish',$_POST['pub'.$access['id']]=='true',PDO::PARAM_BOOL);
+     
$stmt_ins->bindValue('translate',$_POST['trans'.$access['id']]=='true',PDO::PARAM_BOOL);
+      $success = $success && $stmt_ins->execute();
+    }
+
+    // give the user a success or failure message
+    if ($success) {
+      echo 'Group was edited successfully';
+    }
+    else {
+      echo 'Error, while editing Group';
+    }
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showDelete( )
+  {
+    $stmt=&DBConnection::getInstance()->prepare("SELECT name, description, id
FROM ".ROSCMST_GROUPS." WHERE id=:group_id");
+    $stmt->bindParam('group_id',$_POST['group'],PDO::PARAM_INT);
+    $stmt->execute();
+    $group = $stmt->fetchOnce(PDO::FETCH_ASSOC);
+
+    echo_strip('
+      <form onsubmit="return false;">
+        <div>
+          <input type="hidden" name="group_id"
id="group_id" value="'.$group['id'].'" />
+
+          Do you really want to delete the Group &quot;<span
title="'.$group['description'].'">'.$group['name'].'</span>&quot;
?
+          <button style="color: red;"
onclick="'."submitDelete('group')".'"
name="uaq" value="yes">Yes, Delete it.</button>
+          <button style="color: green;" name="uaq"
value="no">No</button>
+        </div>
+      </form>');
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitDelete( )
+  {
+    $success = true;
+
+    // delete acl
+    $stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_GROUPS." WHERE id=:group_id");
+    $stmt->bindParam('group_id',$_POST['group_id'],PDO::PARAM_INT);
+    $success = $success && $stmt->execute();
+
+    // delete rights list
+    if ($success) {
+      $stmt=&DBConnection::getInstance()->prepare("DELETE FROM
".ROSCMST_ACL." WHERE group_id=:group_id");
+      $stmt->bindParam('group_id',$_POST['group_id'],PDO::PARAM_INT);
+      $success = $success && $stmt->execute();
+    }
+
+    // status message
+    if ($success) {
+      echo 'Group was deleted successfully';
+    }
+    else {
+      echo 'Error, while deleting Group';
+    }
+  }
+
+
+
+} // end of Admin_Groups
+?>

Added: branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Languages.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Languages.class.php (added)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/Admin_Languages.class.php
[iso-8859-1] Tue Jan  6 13:51:22 2009
@@ -1,0 +1,257 @@
+<?php
+    /*
+    RosCMS - ReactOS Content Management System
+    Copyright (C) 2009  Danny Götte &lt;dangerground(a)web.de&gt;
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+    */
+
+
+/**
+ * class Admin_Languages
+ * 
+ */
+class Admin_Languages extends Admin
+{
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showNew( )
+  {
+    echo_strip('
+      <h2>add new Language</h2>
+      <form onsubmit="return false;">
+        <fieldset>
+          <legend>Language Data</legend>
+          <label for="lang_name">Name</label>
+          <input id="lang_name" name="lang_name"
maxlength="64" />
+          <br />
+
+          <label for="lang_short">Short Name</label>
+          <input id="lang_short" name="lang_short"
maxlength="8" /> (folder name, where the generated content is stored)
+          <br />
+
+          <label for="lang_org">Native Name</label>
+          <input id="lang_org" name="lang_org"
maxlength="64" />
+          <br />
+
+          <label for="lang_level">Language level</label>
+          <select id="lang_level" name="lang_level">
+            <option value="0">0 (processed last)</option>
+            <option value="1">1</option>
+            <option value="2">2</option>
+            <option value="3">3</option>
+            <option value="4">4</option>
+            <option value="5">5</option>
+            <option value="6">6</option>
+            <option value="7">7</option>
+            <option value="8">8</option>
+            <option value="9">9</option>
+            <option value="10">10 (reserved for standard
language)</option>
+          </select>
+        </fieldset>
+        <button
onclick="'."submitNew('lang')".'">Create new
Language</button>
+      </form>
+    ');
+  } // end of member function showNew
+
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitNew( )
+  {
+    // try to insert new access list
+    $stmt=&DBConnection::getInstance()->prepare("INSERT INTO
".ROSCMST_LANGUAGES." (name, name_short, name_original, level) VALUES (:name,
:short, :org, :level)");
+    $stmt->bindParam('name',$_POST['lang_name'],PDO::PARAM_STR);
+    $stmt->bindParam('short',$_POST['lang_short'],PDO::PARAM_STR);
+    $stmt->bindParam('org',$_POST['lang_org'],PDO::PARAM_STR);
+    $stmt->bindParam('level',$_POST['lang_level'],PDO::PARAM_INT);
+
+    // give the user a success or failure message
+    if ($stmt->execute()) {
+      echo_strip('New Lanaguage was created successfully');
+    }
+    else {
+      echo_strip('Error, while creating new Language');
+    }
+  } // end of member function submitNew
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showSearch( )
+  {
+    echo_strip('
+      <h2>Select Language to '.($_GET['for']=='edit' ?
'edit' : 'delete').'</h2>
+      <form onsubmit="return false;">
+        <select name="lang" id="lang">
+          <option value="0">&nbsp;</option>');
+
+    $stmt=&DBConnection::getInstance()->prepare("SELECT id, name,
name_original FROM ".ROSCMST_LANGUAGES." ORDER BY name ASC");
+    $stmt->execute();
+    while ($lang = $stmt->fetch(PDO::FETCH_ASSOC)) {
+      echo '<option
value="'.$lang['id'].'">'.$lang['name'].'
('.htmlentities($lang['name_original']).')</option>';
+    }
+
+    echo_strip('
+        </select>
+        <button
onclick="'."submitSearch('lang','".($_GET['for'] ==
'edit' ? 'edit' : 'delete')."')".'">go
on</button>
+      </form>');
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitSearch( )
+  {
+    // show edit / delete form, if entry was selected
+    if ($_POST['lang'] > 0) {
+      if ($_GET['for'] == 'edit') {
+        self::showEdit();
+      }
+      elseif ($_GET['for'] == 'delete') {
+        self::showDelete();
+      }
+    }
+
+    // show search again
+    else {
+      self::showSearch();
+    }
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showEdit( )
+  {
+    $stmt=&DBConnection::getInstance()->prepare("SELECT name, name_short,
name_original, id, level FROM ".ROSCMST_LANGUAGES." WHERE id=:lang_id");
+    $stmt->bindParam('lang_id',$_POST['lang'],PDO::PARAM_INT);
+    $stmt->execute();
+    $lang = $stmt->fetchOnce(PDO::FETCH_ASSOC);
+
+    echo_strip('
+      <h2>edit Language</h2>
+      <form onsubmit="return false;">
+        <fieldset>
+          <legend>Language Data</legend>
+          <input type="hidden" name="lang_id"
id="lang_id" value="'.$lang['id'].'" />
+
+          <label for="lang_name">Name</label>
+          <input id="lang_name" name="lang_name"
maxlength="64" value="'.$lang['name'].'" />
+          <br />
+
+          <label for="lang_short">Short Name</label>
+          <input id="lang_short" name="lang_short"
maxlength="8" value="'.$lang['name_short'].'" />
(folder name, where the generated content is stored)
+          <br />
+
+          <label for="lang_org">Native Name</label>
+          <input id="lang_org" name="lang_org"
maxlength="64" value="'.$lang['name_original'].'"
/>
+          <br />
+
+          <label for="lang_level">Language level</label>
+          <select id="lang_level" name="lang_level">
+            <option value="0" '.($lang['level'] == 0 ? '
selected="selected"' : '').'">0 (processed
last)</option>
+            <option value="1" '.($lang['level'] == 1 ? '
selected="selected"' : '').'>1</option>
+            <option value="2" '.($lang['level'] == 2 ? '
selected="selected"' : '').'">2</option>
+            <option value="3" '.($lang['level'] == 3 ? '
selected="selected"' : '').'">3</option>
+            <option value="4" '.($lang['level'] == 4 ? '
selected="selected"' : '').'">4</option>
+            <option value="5" '.($lang['level'] == 5 ? '
selected="selected"' : '').'">5</option>
+            <option value="6" '.($lang['level'] == 6 ? '
selected="selected"' : '').'">6</option>
+            <option value="7" '.($lang['level'] == 7 ? '
selected="selected"' : '').'">7</option>
+            <option value="8" '.($lang['level'] == 8 ? '
selected="selected"' : '').'">8</option>
+            <option value="9" '.($lang['level'] == 9 ? '
selected="selected"' : '').'">9</option>
+            <option value="10" '.($lang['level'] == 10 ? '
selected="selected"' : '').'">10 (reserved for standard
language)</option>
+          </select>
+        </fieldset>
+        <button
onclick="'."submitEdit('lang')".'">Edit
Language</button>
+      </form>
+    ');
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitEdit( )
+  {
+    // try to insert new access list
+    $stmt=&DBConnection::getInstance()->prepare("UPDATE
".ROSCMST_LANGUAGES." SET name=:name, name_short=:short, name_original=:org,
level=:level WHERE id=:lang_id");
+    $stmt->bindParam('name',$_POST['lang_name'],PDO::PARAM_STR);
+    $stmt->bindParam('short',$_POST['lang_short'],PDO::PARAM_STR);
+    $stmt->bindParam('org',$_POST['lang_org'],PDO::PARAM_STR);
+    $stmt->bindParam('level',$_POST['lang_level'],PDO::PARAM_STR);
+    $stmt->bindParam('lang_id',$_POST['lang_id'],PDO::PARAM_INT);
+
+    // give the user a success or failure message
+    if ($stmt->execute()) {
+      echo 'Language was edited successfully';
+    }
+    else {
+      echo 'Error, while editing Language';
+    }
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function showDelete( )
+  {
+    echo 'not supported';
+  }
+
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function submitDelete( )
+  {
+    echo 'not supported';
+  }
+
+} // end of Admin_Languages
+?>

Modified: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1]
(original)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS.class.php [iso-8859-1] Tue
Jan  6 13:51:22 2009
@@ -127,7 +127,7 @@
         <td>&nbsp;&nbsp;</td>');
     }
 
-    if ($thisuser->securityLevel() == 3) {
+    if ($thisuser->isMemberOfGroup('transmaint') ||
$thisuser->securityLevel() == 3) {
       echo_strip('
         <th class="int'.(($this->branch == 'maintain') ?
'2' : '1').'"
onclick="'."loadBranch('maintain')".'">
           <div class="tcL">
@@ -136,16 +136,28 @@
             </div>
           </div>
         </th>
-        <td>&nbsp;&nbsp;</td>
-
-        <th class="int'.(($this->branch == 'stats') ? '2'
: '1').'"
onclick="'."loadBranch('stats')".'">
-          <div class="tcL">
-            <div class="tcR">
-              <div class="text">Statistics</div>
-            </div>
-          </div>
-        </th>
         <td>&nbsp;&nbsp;</td>');
+
+      if ($thisuser->securityLevel() == 3) {
+        echo_strip('
+          <th class="int'.(($this->branch == 'admin') ?
'2' : '1').'"
onclick="'."loadBranch('admin')".'">
+            <div class="tcL">
+              <div class="tcR">
+                <div class="text">Administration</div>
+              </div>
+            </div>
+          </th>
+          <td>&nbsp;&nbsp;</td>
+
+          <th class="int'.(($this->branch == 'stats') ?
'2' : '1').'"
onclick="'."loadBranch('stats')".'">
+            <div class="tcL">
+              <div class="tcR">
+                <div class="text">Statistics</div>
+              </div>
+            </div>
+          </th>
+          <td>&nbsp;&nbsp;</td>');
+      }
     }
 
     echo_strip('

Added: branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php
URL:
http://svn.reactos.org/svn/reactos/branches/danny-web/reactos.org/htdocs/ro…
==============================================================================
--- branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php (added)
+++ branches/danny-web/reactos.org/htdocs/roscms/lib/HTML_CMS_Admin.class.php [iso-8859-1]
Tue Jan  6 13:51:22 2009
@@ -1,0 +1,84 @@
+<?php
+    /*
+    RosCMS - ReactOS Content Management System
+    Copyright (C) 2009  Danny Götte &lt;dangerground(a)web.de&gt;
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+    */
+
+
+/**
+ * class HTML_CMS_Admin
+ * 
+ */
+class HTML_CMS_Admin extends HTML_CMS
+{
+
+
+  /**
+   *
+   *
+   * @access public
+   */
+  public function __construct( $page_title = '', $page_css = 'roscms' )
+  {
+    $this->branch = 'admin';
+    $this->register_js('cms_admin.js');
+    $this->register_css('cms_admin.css');
+
+    parent::__construct( $page_title, $page_css);
+    if (ThisUser::getInstance()->securityLevel() < 3) {
+      die('Not enough rights to get into this area');
+    }
+  }
+
+
+  /**
+   *
+   *
+   * @access protected
+   */
+  protected function body( )
+  {
+    echo_strip('
+      <ul>
+        <li>Access Control Lists
+          <ul>
+            <li><a href="#"
onclick="'."showNew('acl')".'">new</a></li>
+            <li><a href="#"
onclick="'."showSearch('acl','edit')".'">edit</a></li>
+            <li><a href="#"
onclick="'."showSearch('acl','delete')".'">delete</a></li>
+          </ul>
+        </li>
+        <li>Groups
+          <ul>
+            <li><a href="#"
onclick="'."showNew('group')".'">new</a></li>
+            <li><a href="#"
onclick="'."showSearch('group','edit')".'">edit</a></li>
+            <li><a href="#"
onclick="'."showSearch('group','delete')".'">delete</a></li>
+          </ul>
+        </li>
+        <li>Languages
+          <ul>
+            <li><a href="#"
onclick="'."showNew('lang')".'">new</a></li>
+            <li><a href="#"
onclick="'."showSearch('lang','edit')".'">edit</a></li>
+          </ul>
+        </li>
+      </ul>
+      <div id="adminarea" style="border: 1px dashed red;">
+      </div>');
+  }
+
+
+} // end of HTML_CMS_Stats
+?>


    