Add group_uuid to v_group_users when assigning a user to a group.

core/users/groupmemberadd.php

@@ -41,38 +41,38 @@ else {
 	}
 
 //get the http values and set them as variables
+	$group_uuid = check_str($_POST["group_uuid"]);
 	$group_name = check_str($_POST["group_name"]);
 	$user_uuid = check_str($_POST["user_uuid"]);
 
-if (strlen($user_uuid) > 0  && strlen($group_name) > 0)   {
-	$sql_insert = "insert into v_group_users ";
-	$sql_insert .= "(";
-	$sql_insert .= "group_user_uuid, ";
-	$sql_insert .= "domain_uuid, ";
-	$sql_insert .= "group_name, ";
-	$sql_insert .= "user_uuid ";
-	$sql_insert .= ")";
-	$sql_insert .= "values ";
-	$sql_insert .= "(";
-	$sql_insert .= "'".uuid()."', ";
-	$sql_insert .= "'$domain_uuid', ";
-	$sql_insert .= "'$group_name', ";
-	$sql_insert .= "'$user_uuid' ";
-	$sql_insert .= ")";
-	if (!$db->exec($sql_insert)) {
-		//echo $db->errorCode() . "<br>";
-		$info = $db->errorInfo();
-		print_r($info);
-		// $info[0] == $db->errorCode() unified error code
-		// $info[1] is the driver specific error code
-		// $info[2] is the driver specific error string
+//add the user to the group
+	if (is_uuid($user_uuid) && is_uuid($group_uuid) && strlen($group_name) > 0)   {
+		$sql = "insert into v_group_users ";
+		$sql .= "(";
+		$sql .= "group_user_uuid, ";
+		$sql .= "domain_uuid, ";
+		$sql .= "group_uuid, ";
+		$sql .= "group_name, ";
+		$sql .= "user_uuid ";
+		$sql .= ")";
+		$sql .= "values ";
+		$sql .= "(";
+		$sql .= "'".uuid()."', ";
+		$sql .= "'$domain_uuid', ";
+		$sql .= "'$group_uuid', ";
+		$sql .= "'$group_name', ";
+		$sql .= "'$user_uuid' ";
+		$sql .= ")";
+		if (!$db->exec($sql)) {
+			$info = $db->errorInfo();
+			print_r($info);
+		}
+		else {
+			//log the success
+			//$log_type = 'group'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." added to group: ".$group_name;
+			//log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
+		}
 	}
-	else {
-		//log the success
-		//$log_type = 'group'; $log_status='add'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." added to group: ".$group_name;
-		//log_add($db, $log_type, $log_status, $log_desc, $log_add_user, $_SERVER["REMOTE_ADDR"]);
-	}
-}
 
 //redirect the user
 	header("Location: groupmembers.php?group_name=$group_name");

core/users/groupmemberdelete.php

@@ -43,19 +43,16 @@ else {
 //get the http values and set them as variables
 	$group_name = check_str($_GET["group_name"]);
 	$user_uuid = check_str($_GET["user_uuid"]);
+	$group_uuid = check_str($_GET["group_uuid"]);
 
 //delete the group membership
 	$sql_delete = "delete from v_group_users ";
 	$sql_delete .= "where domain_uuid = '$domain_uuid' ";
 	$sql_delete .= "and user_uuid = '$user_uuid' ";
-	$sql_delete .= "and group_name = '$group_name' ";
+	$sql_delete .= "and group_uuid = '$group_uuid' ";
 	if (!$db->exec($sql_delete)) {
-		//echo $db->errorCode() . "<br>";
 		$info = $db->errorInfo();
 		print_r($info);
-		// $info[0] == $db->errorCode() unified error code
-		// $info[1] is the driver specific error code
-		// $info[2] is the driver specific error string
 	}
 	else {
 		//$log_type = 'group'; $log_status='remove'; $log_add_user=$_SESSION["username"]; $log_desc= "username: ".$username." removed from group: ".$group_name;

core/users/groupmembers.php

@@ -60,6 +60,37 @@ else {
 	}
 	//$exampledatareturned = example("apples", 1);
 
+//get the group from v_groups
+	$sql = "select * from v_groups ";
+	$sql .= "where group_uuid = '".$group_uuid."' ";
+	$sql .= "and (domain_uuid = '".$_SESSION['domain_uuid']."' or domain_uuid is null) ";
+	$prep_statement = $db->prepare(check_sql($sql));
+	$prep_statement->execute();
+	$groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	foreach ($groups as &$row) {
+		$group_name = $row["group_name"];
+	}
+	unset ($prep_statement);
+
+//get the the users array
+	if (permission_exists('group_member_add')) {
+		$sql = "SELECT * FROM v_users ";
+		$sql .= "where domain_uuid = '$domain_uuid' ";
+		$sql .= "order by username ";
+		$prep_statement = $db->prepare(check_sql($sql));
+		$prep_statement->execute();
+		$users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	}
+
+//get the groups users
+	$sql = "SELECT u.user_uuid, u.username, g.group_user_uuid, g.group_uuid FROM v_group_users as g, v_users as u ";
+	$sql .= "where g.user_uuid = u.user_uuid ";
+	$sql .= "and g.domain_uuid = '$domain_uuid' ";
+	$sql .= "and g.group_name = '$group_name' ";
+	$prep_statement = $db->prepare(check_sql($sql));
+	$prep_statement->execute();
+	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+
 //include the header
 	require_once "resources/header.php";
 	$document['title'] = $text['title-group_members'];
@@ -80,22 +111,17 @@ else {
 	if (permission_exists('group_member_add')) {
 		echo "		<td align='right' nowrap='nowrap' valign='top'>\n";
 		echo "			<form method='post' action='groupmemberadd.php'>";
-		$sql = "SELECT * FROM v_users ";
-		$sql .= "where domain_uuid = '$domain_uuid' ";
-		$sql .= "order by username ";
-		$prep_statement = $db->prepare(check_sql($sql));
-		$prep_statement->execute();
 		echo "			<select name=\"user_uuid\" style='width: 200px;' class='formfld'>\n";
 		echo "				<option value=\"\"></option>\n";
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		foreach($result as $field) {
+		foreach($users as $field) {
 			$username = $field['username'];
 			if (if_group_members($db, $group_name, $field['user_uuid']) && !in_array($field['user_uuid'], $group_users)) {
 				echo "		<option value='".$field['user_uuid']."'>".$field['username']."</option>\n";
 			}
 		}
+		unset($sql, $users);
 		echo "			</select>";
-		unset($sql, $result);
+		echo "			<input type='hidden' name='group_uuid' value='$group_uuid'>";
 		echo "			<input type='hidden' name='group_name' value='$group_name'>";
 		echo "			<input type='submit' class='btn' value='".$text['button-add_member']."'>";
 		echo "			</form>";
@@ -105,13 +131,6 @@ else {
 	echo "</table>\n";
 	echo "<br>";
 
-	$sql = "SELECT u.user_uuid, u.username, g.group_user_uuid FROM v_group_users as g, v_users as u ";
-	$sql .= "where g.user_uuid = u.user_uuid ";
-	$sql .= "and g.domain_uuid = '$domain_uuid' ";
-	$sql .= "and g.group_name = '$group_name' ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-
 	$strlist = "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 	$strlist .= "<tr>\n";
 	$strlist .= "	<th align=\"left\" nowrap> &nbsp; ".$text['label-username']." &nbsp; </th>\n";
@@ -122,17 +141,17 @@ else {
 	$strlist .= "</tr>\n";
 
 	$count = 0;
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 	foreach ($result as &$row) {
 		$group_user_uuid = $row["group_user_uuid"];
 		$username = $row["username"];
 		$user_uuid = $row["user_uuid"];
+		$group_uuid = $row["group_uuid"];
 		$strlist .= "<tr'>";
 		$strlist .= "<td align=\"left\"  class='".$row_style[$c]."' nowrap> &nbsp; $username &nbsp; </td>\n";
 		$strlist .= "<td align=\"left\"  class='".$row_style[$c]."' nowrap> &nbsp; </td>\n";
 		$strlist .= "<td class='list_control_icons' style='width: 25px;'>";
 		if (permission_exists('group_member_delete')) {
-			$strlist .= "<a href='groupmemberdelete.php?user_uuid=$user_uuid&group_name=$group_name' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>$v_link_label_delete</a>";
+			$strlist .= "<a href='groupmemberdelete.php?user_uuid=$user_uuid&group_name=$group_name&group_uuid=$group_uuid' onclick=\"return confirm('".$text['confirm-delete']."')\" alt='".$text['button-delete']."'>$v_link_label_delete</a>";
 		}
 		$strlist .= "</td>\n";
 		$strlist .= "</tr>\n";
@@ -145,7 +164,6 @@ else {
 
 	$strlist .= "</table>\n";
 	echo $strlist;
-
 	echo "<br><br>";
 
 //include the footer