Browse code
Changed majority of files.
DoubleBastionAdmin authored on 30/11/2024 06:56:40
Showing 1 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,106 @@ |
| 1 |
+<?php |
|
| 2 |
+/** |
|
| 3 |
+ * Copyright (C) 2022, 2024 Double Bastion LLC |
|
| 4 |
+ * |
|
| 5 |
+ * This file is part of Roundpin, which is licensed under the |
|
| 6 |
+ * GNU Affero General Public License Version 3.0. The license terms |
|
| 7 |
+ * are detailed in the "LICENSE.txt" file located in the root directory. |
|
| 8 |
+ */ |
|
| 9 |
+ |
|
| 10 |
+session_start(); |
|
| 11 |
+ |
|
| 12 |
+if (isset($_POST['s_ajax_call']) && ($_POST['s_ajax_call'] == $_SESSION['validate_s_access'])) {
|
|
| 13 |
+ |
|
| 14 |
+ define('ACCESSCONST', TRUE);
|
|
| 15 |
+ |
|
| 16 |
+ require('db-connect.php');
|
|
| 17 |
+ |
|
| 18 |
+ $username = $_POST['username']; |
|
| 19 |
+ $grouptoremove = $_POST['grouptoremove']; |
|
| 20 |
+ $groupwithdelimiter = $grouptoremove . "|"; |
|
| 21 |
+ $groupinsqlguery = "%" . $groupwithdelimiter . "%"; |
|
| 22 |
+ |
|
| 23 |
+ // Get the id and role of the user who performs the update, from the 'app_users' table |
|
| 24 |
+ $queryprm = $mysqli->prepare("SELECT id, userrole, username FROM app_users WHERE username = ?");
|
|
| 25 |
+ $queryprm->bind_param("s", $username);
|
|
| 26 |
+ $queryprm->execute(); |
|
| 27 |
+ $queryprmres = $queryprm->get_result()->fetch_assoc(); |
|
| 28 |
+ $cruserid = $queryprmres["id"]; |
|
| 29 |
+ $cruserrole = $queryprmres["userrole"]; |
|
| 30 |
+ |
|
| 31 |
+ if ($cruserrole == 'admin' || $cruserrole == 'superadmin') {
|
|
| 32 |
+ |
|
| 33 |
+ // Get the userid of the group from the 'groups' table |
|
| 34 |
+ $queryuid = $mysqli->prepare("SELECT id, userid, group_name FROM groups WHERE group_name = ?");
|
|
| 35 |
+ $queryuid->bind_param("s", $grouptoremove);
|
|
| 36 |
+ $queryuid->execute(); |
|
| 37 |
+ $queryuidres = $queryuid->get_result()->fetch_assoc(); |
|
| 38 |
+ $userid = $queryuidres["userid"]; |
|
| 39 |
+ |
|
| 40 |
+ if ($cruserrole == 'superadmin' || $userid == $cruserid) {
|
|
| 41 |
+ |
|
| 42 |
+ // Remove the given group from the 'groups' table |
|
| 43 |
+ $removequery = $mysqli->prepare("DELETE FROM groups WHERE group_name = ?");
|
|
| 44 |
+ $removequery->bind_param("s", $grouptoremove);
|
|
| 45 |
+ |
|
| 46 |
+ if ($removequery->execute()) { $messagetosendgroups = 'success'; } else { $messagetosendgroups = 'failure'; }
|
|
| 47 |
+ $removequery->close(); |
|
| 48 |
+ |
|
| 49 |
+ $dateModified = date("Y-m-d H:i:s");
|
|
| 50 |
+ |
|
| 51 |
+ // Remove the given group from the 'user_groups' column of the 'app_users' table, in all the rows where it is present |
|
| 52 |
+ $updatequery = $mysqli->prepare("UPDATE app_users SET user_groups = REPLACE(user_groups, ?, ''), date_modified = ? WHERE user_groups like ?");
|
|
| 53 |
+ $updatequery->bind_param("sss", $groupwithdelimiter, $dateModified, $groupinsqlguery);
|
|
| 54 |
+ if ($updatequery->execute()) { $message1 = 'success'; } else { $message1 = 'failure'; }
|
|
| 55 |
+ |
|
| 56 |
+ $updatequerysec = $mysqli->prepare("UPDATE app_users SET user_groups = REPLACE(user_groups, '|', NULL) WHERE user_groups like '|'");
|
|
| 57 |
+ if ($updatequerysec->execute()) { $message2 = 'success'; } else { $message2 = 'failure'; }
|
|
| 58 |
+ |
|
| 59 |
+ // Remove the given group from the 'groups' column of the 'contacts' table, in all the rows where it is present |
|
| 60 |
+ $updatequery2 = $mysqli->prepare("UPDATE contacts SET groups = REPLACE(groups, ?, ''), date_modified = ? WHERE groups like ?");
|
|
| 61 |
+ $updatequery2->bind_param("sss", $groupwithdelimiter, $dateModified, $groupinsqlguery);
|
|
| 62 |
+ if ($updatequery2->execute()) { $message3 = 'success'; } else { $message3 = 'failure'; }
|
|
| 63 |
+ |
|
| 64 |
+ $updatequery2sec = $mysqli->prepare("UPDATE contacts SET groups = REPLACE(groups, '|', NULL) WHERE groups like '|'");
|
|
| 65 |
+ if ($updatequery2sec->execute()) { $message4 = 'success'; } else { $message4 = 'failure'; }
|
|
| 66 |
+ |
|
| 67 |
+ // Remove the given group from the 'limit_to_groups' column of the 'conferences_text' table, in all the rows where it is present |
|
| 68 |
+ $updatequery3 = $mysqli->prepare("UPDATE conferences_text SET limit_to_groups = REPLACE(limit_to_groups, ?, '') WHERE limit_to_groups like ?");
|
|
| 69 |
+ $updatequery3->bind_param("ss", $groupwithdelimiter, $groupinsqlguery);
|
|
| 70 |
+ if ($updatequery3->execute()) { $message5 = 'success'; } else { $message5 = 'failure'; }
|
|
| 71 |
+ |
|
| 72 |
+ $updatequery3sec = $mysqli->prepare("UPDATE conferences_text SET limit_to_groups = REPLACE(limit_to_groups, '|', NULL) WHERE limit_to_groups like '|'");
|
|
| 73 |
+ if ($updatequery3sec->execute()) { $message6 = 'success'; } else { $message6 = 'failure'; }
|
|
| 74 |
+ |
|
| 75 |
+ // Remove the given group from the 'limit_to_groups' column of the 'conferences_audio' table, in all the rows where it is present |
|
| 76 |
+ $updatequery4 = $mysqli->prepare("UPDATE conferences_audio SET limit_to_groups = REPLACE(limit_to_groups, ?, '') WHERE limit_to_groups like ?");
|
|
| 77 |
+ $updatequery4->bind_param("ss", $groupwithdelimiter, $groupinsqlguery);
|
|
| 78 |
+ if ($updatequery4->execute()) { $message7 = 'success'; } else { $message7 = 'failure'; }
|
|
| 79 |
+ |
|
| 80 |
+ $updatequery4sec = $mysqli->prepare("UPDATE conferences_audio SET limit_to_groups = REPLACE(limit_to_groups, '|', NULL) WHERE limit_to_groups like '|'");
|
|
| 81 |
+ if ($updatequery4sec->execute()) { $message8 = 'success'; } else { $message8 = 'failure'; }
|
|
| 82 |
+ |
|
| 83 |
+ // Remove the given group from the 'limit_to_groups' column of the 'conferences_video' table, in all the rows where it is present |
|
| 84 |
+ $updatequery5 = $mysqli->prepare("UPDATE conferences_video SET limit_to_groups = REPLACE(limit_to_groups, ?, '') WHERE limit_to_groups like ?");
|
|
| 85 |
+ $updatequery5->bind_param("ss", $groupwithdelimiter, $groupinsqlguery);
|
|
| 86 |
+ if ($updatequery5->execute()) { $message9 = 'success'; } else { $message9 = 'failure'; }
|
|
| 87 |
+ |
|
| 88 |
+ $updatequery5sec = $mysqli->prepare("UPDATE conferences_video SET limit_to_groups = REPLACE(limit_to_groups, '|', NULL) WHERE limit_to_groups like '|'");
|
|
| 89 |
+ if ($updatequery5sec->execute()) { $message10 = 'success'; } else { $message10 = 'failure'; }
|
|
| 90 |
+ |
|
| 91 |
+ if (in_array('failure', [$message1, $message2, $message3, $message4, $message5, $message6, $message7, $message8, $message9, $message10], true)) {
|
|
| 92 |
+ $messagetosend = 'Error while attempting to remove the group from some of the records.'; |
|
| 93 |
+ } else { $messagetosend = "success"; }
|
|
| 94 |
+ |
|
| 95 |
+ } else { $messagetosend = 'Admins can remove only the groups created by them.'; }
|
|
| 96 |
+ |
|
| 97 |
+ } else { $messagetosend = 'Only Admins and Superadmins can remove groups.'; }
|
|
| 98 |
+ |
|
| 99 |
+ $response = array('result' => $messagetosend);
|
|
| 100 |
+ echo json_encode($response); |
|
| 101 |
+ |
|
| 102 |
+} else {
|
|
| 103 |
+ header("Location: ../login.php");
|
|
| 104 |
+} |
|
| 105 |
+ |
|
| 106 |
+?> |