File Coverage

blib/lib/Labyrinth/Plugin/Users.pm

Criterion	Covered	Total	%
statement	9	9	100.0
branch			n/a
condition			n/a
subroutine	3	3	100.0
pod			n/a
total	12	12	100.0

line	stmt	sub	time	code
1				package Labyrinth::Plugin::Users;
2
3	2	2	7869	use warnings;
	2		3
	2		67
4	2	2	6	use strict;
	2		2
	2		109
5
6				my $VERSION = '5.17';
7
8				=head1 NAME
9
10				Labyrinth::Plugin::Users - Plugin Users handler for Labyrinth
11
12				=head1 DESCRIPTION
13
14				Contains all the default user handling functionality for the Labyrinth
15				framework.
16
17				=cut
18
19				# -------------------------------------
20				# Library Modules
21
22	2	2	7	use base qw(Labyrinth::Plugin::Base);
	2		2
	2		666
23
24				use Labyrinth::Audit;
25				use Labyrinth::DBUtils;
26				use Labyrinth::Media;
27				use Labyrinth::MLUtils;
28				use Labyrinth::Session;
29				use Labyrinth::Writer;
30				use Labyrinth::Support;
31				use Labyrinth::Users;
32				use Labyrinth::Variables;
33
34				use Clone qw/clone/;
35				use Digest::MD5 qw(md5_hex);
36				use URI::Escape qw(uri_escape);
37
38				# -------------------------------------
39				# Constants
40
41				use constant MaxUserWidth => 300;
42				use constant MaxUserHeight => 400;
43
44				# -------------------------------------
45				# Variables
46
47				# type: 0 = optional, 1 = mandatory
48				# html: 0 = none, 1 = text, 2 = textarea
49
50				my %fields = (
51				email => { type => 1, html => 1 },
52				effect => { type => 0, html => 1 },
53				userid => { type => 0, html => 0 },
54				nickname => { type => 0, html => 1 },
55				realname => { type => 1, html => 1 },
56				aboutme => { type => 0, html => 2 },
57				search => { type => 0, html => 0 },
58				image => { type => 0, html => 0 },
59				accessid => { type => 0, html => 0 },
60				realmid => { type => 0, html => 0 },
61				);
62
63				my (@mandatory,@allfields);
64				for(keys %fields) {
65				push @mandatory, $_ if($fields{$_}->{type});
66				push @allfields, $_;
67				}
68
69				my $LEVEL = ADMIN;
70
71				# -------------------------------------
72				# The Subs
73
74				=head1 PUBLIC INTERFACE METHODS
75
76				=over 4
77
78				=item UserLists
79
80				Provide the current user list, taking into account of any search strings and
81				filters.
82
83				=item Gravatar
84
85				Provide the gravatar for a specified user.
86
87				=item Item
88
89				Provide the content attributed to the specified user.
90
91				=item Name
92
93				Provide the name of the specified user.
94
95				=item Password
96
97				Check and store a change of password.
98
99				=item Register
100
101				Provide the template variable hash for a new user to register.
102
103				=item Registered
104
105				Set the email address for the newly registered user, to auto log them in.
106
107				=back
108
109				=cut
110
111				sub UserLists {
112				my (%search,$search,$key);
113				my @fields = ();
114				$search{where} = '';
115				$search{order} = 'realname,nickname';
116				$search{search} = 1;
117				$search{access} = MASTER + 1;
118
119				if(Authorised(ADMIN)) {
120				$search{order} = 'u.realname' if($cgiparams{ordered});
121				$search{search} = 0;
122				$search{access} = PUBLISHER if($tvars{loginid} > 1);
123				}
124
125				if($cgiparams{'all'}) {
126				$key = 'SearchUsers';
127				@fields = ('%','%');
128
129				} elsif($cgiparams{'letter'}) {
130				$search = ($cgiparams{'letter'} \|\| '') . '%';
131				@fields = ($search,$search);
132				$key = 'SearchUserNames';
133
134				} elsif($cgiparams{'searchname'}) {
135				$search = '%' . $cgiparams{'searchname'} . '%';
136				@fields = ($search,$search);
137				$key = 'SearchUserNames';
138
139				} elsif($cgiparams{'searched'}) {
140				@fields = ($cgiparams{'searched'},$cgiparams{'searched'});
141				$key = 'SearchUsers';
142
143				} else {
144				$key = 'SearchUsers';
145				@fields = ('%','%');
146				}
147
148				my @rows = $dbi->GetQuery('hash',$key,\%search,@fields);
149				LogDebug("UserList: key=[$key], rows found=[".scalar(@rows)."]");
150
151				for(@rows) {
152				($_->{width},$_->{height}) = GetImageSize($_->{link},$_->{dimensions},$_->{width},$_->{height},MaxUserWidth,MaxUserHeight);
153				$_->{gravatar} = GetGravatar($_->{userid},$_->{email});
154
155				if($_->{url} && $_->{url} !~ /^https?:/) {
156				$_->{url} = 'http://' . $_->{url};
157				}
158				if($_->{aboutme}) {
159				$_->{aboutme} = ' ' . $_->{aboutme} unless($_->{aboutme} =~ /^\s* /si);
160				$_->{aboutme} .= ' ' unless($_->{aboutme} =~ m! \s*$!si);
161				}
162				my @grps = $dbi->GetQuery('hash','LinkedUsers',$_->{userid});
163				if(@grps) {
164				$_->{member} = $grps[0]->{member};
165				}
166				if(Authorised(ADMIN)) {
167				$_->{name} = $_->{realname};
168				$_->{name} .= " ($_->{nickname})" if($_->{nickname});
169				} else {
170				$_->{name} = $_->{nickname} \|\| $_->{realname};
171				}
172				}
173
174				$tvars{users} = \@rows if(@rows);
175				$tvars{searched} = $fields[0] if(@fields);
176				}
177
178				sub Gravatar {
179				my $nophoto = uri_escape($settings{nophoto});
180				$tvars{data}{gravatar} = $nophoto;
181
182				return unless $cgiparams{'userid'};
183				my @rows = $dbi->GetQuery('hash','GetUserByID',$cgiparams{'userid'});
184				return unless @rows;
185
186				$tvars{data}{gravatar} =
187				'http://www.gravatar.com/avatar.php?'
188				.'gravatar_id='.md5_hex($rows[0]->{email})
189				.'&default='.$nophoto
190				.'&size=80';
191				}
192
193				sub Item {
194				return unless $cgiparams{'userid'};
195
196				my @rows = $dbi->GetQuery('hash','GetUserByID',$cgiparams{'userid'});
197				return unless(@rows);
198
199				$rows[0]->{tag} = '' if($rows[0]->{link} =~ /blank.png/);
200				$rows[0]->{link} = '' if($rows[0]->{link} =~ /blank.png/);
201
202				($rows[0]->{width},$rows[0]->{height}) = GetImageSize($rows[0]->{link},$rows[0]->{dimensions},$rows[0]->{width},$rows[0]->{height},MaxUserWidth,MaxUserHeight);
203				$rows[0]->{gravatar} = GetGravatar($rows[0]->{userid},$rows[0]->{email});
204
205				$tvars{data} = $rows[0];
206				}
207
208				sub Name {
209				return unless($cgiparams{'userid'});
210				return UserName($cgiparams{'userid'})
211				}
212
213				sub Password {
214				return unless $tvars{'loggedin'};
215
216				$cgiparams{'userid'} = $tvars{'loginid'} unless(Authorised(ADMIN) && $cgiparams{'userid'});
217				$tvars{data}->{name} = UserName($cgiparams{userid});
218
219				my @manfields = qw(userid effect2 effect3);
220				push @manfields, 'effect1' if($cgiparams{'userid'} == $tvars{'loginid'} \|\| $tvars{user}{access} < ADMIN);
221
222				if(FieldCheck(\@manfields,\@manfields)) {
223				$tvars{errmess} = 'All fields must be complete, please try again.';
224				$tvars{errcode} = 'ERROR';
225				return;
226				}
227
228				my $who = $cgiparams{'userid'};
229				$who = $tvars{'loginid'} if(Authorised(ADMIN));
230
231				if($cgiparams{'userid'} == $tvars{'loginid'} \|\| $tvars{user}{access} < ADMIN) {
232				my @rows = $dbi->GetQuery('hash','ValidUser',$who,$cgiparams{'effect1'});
233				unless(@rows) {
234				$tvars{errmess} = 'Current password is invalid, please try again.';
235				$tvars{errcode} = 'ERROR';
236				return;
237				}
238				}
239
240				if($cgiparams{effect2} ne $cgiparams{effect3}) {
241				$tvars{errmess} = 'New & verify passwords don\'t match, please try again.';
242				$tvars{errcode} = 'ERROR';
243				return;
244				}
245
246				my %passerrors = (
247				1 => "Password too short, length should be $settings{minpasslen}-$settings{maxpasslen} characters.",
248				2 => "Password too long, length should be $settings{minpasslen}-$settings{maxpasslen} characters.",
249				3 => 'Password not cyptic enough, please enter as per password rules.',
250				4 => 'Password contains spaces or tabs.',
251				5 => 'Password should contain 3 or more unique characters.',
252				);
253
254				my $invalid = PasswordCheck($cgiparams{effect2});
255				if($invalid) {
256				$tvars{errmess} = $passerrors{$invalid};
257				$tvars{errcode} = 'ERROR';
258				return;
259				}
260
261				$dbi->DoQuery('ChangePassword',$cgiparams{effect2},$cgiparams{'userid'});
262				$tvars{thanks} = 2;
263
264				if($cgiparams{mailuser}) {
265				my @rows = $dbi->GetQuery('hash','GetUserByID',$cgiparams{'userid'});
266				MailSend( template => 'mailer/reset.eml',
267				name => $rows[0]->{realname},
268				password => $cgiparams{effect2},
269				recipient_email => $rows[0]->{email}
270				);
271				}
272
273				SetCommand('user-adminedit') if(Authorised(ADMIN) && $cgiparams{'userid'} != $tvars{'loginid'});
274				}
275
276				sub Register {
277				my %data = (
278				'link' => 'images/blank.png',
279				'tag' => '[No Image]',
280				'admin' => Authorised(ADMIN),
281				);
282
283				$tvars{data}{$_} = $data{$_} for(keys %data);
284				$tvars{userid} = 0;
285				$tvars{newuser} = 1;
286				$tvars{htmltags} = LegalTags();
287				}
288
289				sub Registered {
290				$cgiparams{cause} = $cgiparams{email};
291				}
292
293				=head1 ADMIN INTERFACE METHODS
294
295				=over 4
296
297				=item Login
298
299				Action the login functionality to the site.
300
301				=item Logout
302
303				Action the logout functionality to the site.
304
305				=item Store
306
307				=item Retrieve
308
309				=item LoggedIn
310
311				Check with the current user is logged in.
312
313				=item ImageCheck
314
315				Check whether images uploaded for the user profile are still being used. Used
316				to allow the images plugin to delete unused images.
317
318				=item Admin
319
320				List current users.
321
322				=item Add
323
324				Provide the template variable hash to create a new user.
325
326				=item Edit
327
328				Edit the given user.
329
330				=item Save
331
332				Save the given user. For use by the currently logged in user.
333
334				=item AdminSave
335
336				Save the given user. For use by admin user to update any non-system user.
337
338				=item Delete
339
340				Delete the specified user account
341
342				=item Ban
343
344				Ban the specified user account. Account can be reactivated or deleted.
345
346				Banned users should receive a message at login, explain who they need to
347				contact to be reinstated.
348
349				=item Disable
350
351				Disable the specified user account. This different from a banned user, in that
352				disabled accounts cannot be reactivated or deleted. This is to prevent reuse of
353				an old account.
354
355				=item AdminPass
356
357				Allow the admin user to create a new password of a given user.
358
359				Note passwords are store in an encrypted format, so cannot be viewed.
360
361				=item AdminChng
362
363				Allow the admin user to change the password of a given user.
364
365				=cut
366
367				sub Login { Labyrinth::Session::Login() }
368				sub Logout { Labyrinth::Session::Logout() }
369				sub Store { Labyrinth::Session::Store() }
370				sub Retrieve { Labyrinth::Session::Retrieve() }
371
372				sub LoggedIn {
373				$tvars{errcode} = 'ERROR' if(!$tvars{loggedin});
374				}
375
376				sub ImageCheck {
377				my @rows = $dbi->GetQuery('array','UsersImageCheck',$_[0]);
378				@rows ? 1 : 0;
379				}
380
381				sub Admin {
382				return unless AccessUser($LEVEL);
383
384				# note: cannot alter the guest & master users
385				if(my $ids = join(",",grep {$_ > 2} CGIArray('LISTED'))) {
386				$dbi->DoQuery('SetUserSearch',{ids=>$ids},1) if($cgiparams{doaction} eq 'Show');
387				$dbi->DoQuery('SetUserSearch',{ids=>$ids},0) if($cgiparams{doaction} eq 'Hide');
388				Ban($ids) if($cgiparams{doaction} eq 'Ban');
389				Disable($ids) if($cgiparams{doaction} eq 'Disable');
390				Delete($ids) if($cgiparams{doaction} eq 'Delete');
391				}
392
393				UserLists();
394				}
395
396				sub Add {
397				return unless AccessUser($LEVEL);
398
399				my %data = (
400				'link' => 'images/blank.png',
401				'tag' => '[No Image]',
402				ddrealms => RealmSelect(0),
403				ddaccess => AccessSelect(0),
404				ddgroups => 'no groups assigned',
405				member => 'no group assigned',
406				);
407
408				$tvars{users}{data} = \%data;
409				$tvars{userid} = 0;
410				}
411
412				sub Edit {
413				$cgiparams{userid} \|\|= $tvars{'loginid'};
414				return unless MasterCheck();
415				return unless AuthorCheck('GetUserByID','userid',$LEVEL);
416
417				$tvars{data}{tag} = '[No Image]' if(!$tvars{data}{link} \|\| $tvars{data}{link} =~ /blank.png/);
418				$tvars{data}{name} = UserName($tvars{data}{userid});
419				$tvars{data}{admin} = Authorised(ADMIN);
420				$tvars{data}{ddrealms} = RealmSelect(RealmID($tvars{data}{realm}));
421				$tvars{data}{ddaccess} = AccessSelect($tvars{data}{accessid});
422
423				my @grps = $dbi->GetQuery('hash','LinkedUsers',$cgiparams{'userid'});
424				if(@grps) {
425				$tvars{data}{ddgroups} = join(', ',map {$_->{groupname}} @grps);
426				$tvars{data}{member} = $grps[0]->{member};
427				} else {
428				$tvars{data}{ddgroups} = 'no groups assigned';
429				$tvars{data}{member} = 'no group assigned';
430				}
431
432				$tvars{htmltags} = LegalTags();
433				$tvars{users}{data} = clone($tvars{data}); # data fields need to be editable
434				$tvars{users}{preview} = clone($tvars{data}); # data fields need to be editable
435
436				for(keys %fields) {
437				if($fields{$_}->{html} == 1) { $tvars{users}{data}{$_} = CleanHTML($tvars{users}{data}{$_});
438				$tvars{users}{preview}{$_} = CleanHTML($tvars{users}{preview}{$_}); }
439				elsif($fields{$_}->{html} == 2) { $tvars{users}{data}{$_} = SafeHTML($tvars{users}{data}{$_}); }
440				}
441
442				$tvars{users}{preview}{gravatar} = GetGravatar($tvars{users}{preview}{userid},$tvars{users}{preview}{email});
443
444				$tvars{users}{preview}{link} = undef
445				if($tvars{users}{data}{link} && $tvars{users}{data}{link} =~ /blank.png/);
446				}
447
448				sub Save {
449				my $newuser = $cgiparams{'userid'} ? 0 : 1;
450				unless($newuser) {
451				return unless MasterCheck();
452				if($cgiparams{userid} != $tvars{'loginid'} && !Authorised($LEVEL)) {
453				$tvars{errcode} = 'BADACCESS';
454				return;
455				}
456				}
457
458				return unless AuthorCheck('GetUserByID','userid',$LEVEL);
459
460				$tvars{newuser} = $newuser;
461				for(keys %fields) {
462				if($fields{$_}->{html} == 1) { $cgiparams{$_} = CleanHTML($cgiparams{$_}) }
463				elsif($fields{$_}->{html} == 2) { $cgiparams{$_} = CleanTags($cgiparams{$_}) }
464				elsif($fields{$_}->{html} == 3) { $cgiparams{$_} = CleanLink($cgiparams{$_}) }
465				}
466
467				my @manfields = @mandatory;
468				push @manfields, 'effect' if($tvars{command} eq 'regsave');
469
470				return if FieldCheck(\@allfields,\@manfields);
471
472				## before continuing we should ensure the IP address has not
473				## submitted repeated registrations. Though we should be aware
474				## of Proxy Servers too.
475				my $imageid = $cgiparams{imageid} \|\| 1;
476				($imageid) = SaveImageFile(
477				param => 'image',
478				stock => 'Users'
479				) if($cgiparams{image});
480
481				my @fields = ( $tvars{data}{'nickname'}, $tvars{data}{'realname'},
482				$tvars{data}{'email'}, $imageid
483				);
484
485				if($newuser) {
486				$tvars{data}{'accessid'} = $tvars{data}{'accessid'} \|\| 1;
487				$tvars{data}{'search'} = $tvars{data}{'search'} ? 1 : 0;
488				$tvars{data}{'realm'} = 'public';
489				$cgiparams{'userid'} = $dbi->IDQuery('NewUser', $tvars{data}{'effect'},
490				$tvars{data}{'accessid'},
491				$tvars{data}{'search'},
492				$tvars{data}{'realm'},
493				@fields);
494				} else {
495				$dbi->DoQuery('SaveUser',@fields,$cgiparams{'userid'});
496				}
497
498				$tvars{data}{userid} = $cgiparams{'userid'};
499				$tvars{newuser} = 0;
500				$tvars{thanks} = 1;
501				}
502
503				sub AdminSave {
504				return unless AccessUser($LEVEL);
505				return unless MasterCheck();
506
507				my $newuser = $cgiparams{'userid'} ? 0 : 1;
508				return unless AuthorCheck('GetUserByID','userid',$LEVEL);
509
510				$tvars{newuser} = $newuser;
511
512				for(keys %fields) {
513				if($fields{$_}->{html} == 1) { $cgiparams{$_} = CleanHTML($cgiparams{$_}) }
514				elsif($fields{$_}->{html} == 2) { $cgiparams{$_} = CleanTags($cgiparams{$_}) }
515				elsif($fields{$_}->{html} == 3) { $cgiparams{$_} = CleanLink($cgiparams{$_}) }
516				}
517
518				my $realm = $tvars{data}->{realm} \|\| 'public';
519				return if FieldCheck(\@allfields,\@mandatory);
520
521				## before continuing we should ensure the IP address has not
522				## submitted repeated registrations. Though we should be aware
523				## of Proxy Servers too.
524				my $imageid = $cgiparams{imageid} \|\| 1;
525				($imageid) = SaveImageFile(
526				param => 'image',
527				stock => 'Users'
528				) if($cgiparams{image});
529
530				# in case of a new user
531				$tvars{data}->{'accessid'} = $tvars{data}->{'accessid'} \|\| 1;
532				$tvars{data}->{'search'} = $tvars{data}->{'search'} ? 1 : 0;
533				$tvars{data}->{'realm'} = Authorised(ADMIN) && $tvars{data}->{'realmid'} ? RealmName($tvars{data}->{realmid}) : $realm;
534
535				my @fields = ( $tvars{data}{'accessid'}, $tvars{data}{'search'},
536				$tvars{data}{'realm'},
537				$tvars{data}{'nickname'}, $tvars{data}{'realname'},
538				$tvars{data}{'email'}, $imageid
539				);
540
541				if($newuser) {
542				$cgiparams{'userid'} = $dbi->IDQuery('NewUser',$tvars{data}->{'effect'},@fields);
543				} else {
544				$dbi->DoQuery('AdminSaveUser',@fields,$cgiparams{'userid'});
545				}
546
547				$tvars{data}->{userid} = $cgiparams{'userid'};
548				$tvars{newuser} = 0;
549				$tvars{thanks} = 1;
550				}
551
552				sub Delete {
553				my $ids = shift;
554				return unless AccessUser($LEVEL);
555				$dbi->DoQuery('DeleteUsers',{ids => $ids});
556				$tvars{thanks} = 'Users Deleted.';
557				}
558
559				sub Disable {
560				my $ids = shift;
561				return unless AccessUser($LEVEL);
562				$dbi->DoQuery('BanUsers',{ids => $ids},'-deleted-');
563				$tvars{thanks} = 'Users Disabled.';
564				}
565
566				sub Ban {
567				my $ids = shift;
568				return unless AccessUser($LEVEL);
569				$dbi->DoQuery('BanUsers',{ids => $ids},'-banned-');
570				$tvars{thanks} = 'Users Banned.';
571				}
572
573				sub AdminPass {
574				return unless($cgiparams{'userid'});
575				return unless MasterCheck();
576				return unless AccessUser($LEVEL);
577				return unless AuthorCheck('GetUserByID','userid',$LEVEL);
578				$tvars{data}{name} = UserName($cgiparams{'userid'});
579				}
580
581				sub AdminChng {
582				return unless($cgiparams{'userid'});
583				return unless MasterCheck();
584				return unless AccessUser($LEVEL);
585
586				my @mandatory = qw(userid effect2 effect3);
587				if(FieldCheck(\@mandatory,\@mandatory)) {
588				$tvars{errmess} = 'All fields must be complete, please try again.';
589				$tvars{errcode} = 'ERROR';
590				return;
591				}
592
593				$tvars{data}{name} = UserName($cgiparams{'userid'});
594
595				if($cgiparams{effect2} ne $cgiparams{effect3}) {
596				$tvars{errmess} = 'New & verify passwords don\'t match, please try again.';
597				$tvars{errcode} = 'ERROR';
598				return;
599				}
600
601				my %passerrors = (
602				1 => "Password too short, length should be $settings{minpasslen}-$settings{maxpasslen} characters.",
603				2 => "Password too long, length should be $settings{minpasslen}-$settings{maxpasslen} characters.",
604				3 => 'Password not cyptic enough, please enter as per password rules.',
605				4 => 'Password contains spaces or tabs.',
606				5 => 'Password should contain 3 or more unique characters.',
607				);
608
609				my $invalid = PasswordCheck($cgiparams{effect2});
610				if($invalid) {
611				$tvars{errmess} = $passerrors{$invalid};
612				$tvars{errcode} = 'ERROR';
613				return;
614				}
615
616				$dbi->DoQuery('ChangePassword',$cgiparams{effect2},$cgiparams{'userid'});
617				$tvars{thanks} = 'Password Changed.';
618
619				if($cgiparams{mailuser}) {
620				my @rows = $dbi->GetQuery('hash','GetUserByID',$cgiparams{'userid'});
621				MailSend( template => 'mailer/reset.eml',
622				name => $rows[0]->{realname},
623				password => $cgiparams{effect2},
624				recipient_email => $rows[0]->{email}
625				);
626				}
627				}
628
629				=item ACL
630
631				List the current access control levels for the given user.
632
633				=item ACLAdd1
634
635				Apply the given profile to the current user's folders.
636
637				=item ACLAdd2
638
639				Add permissions for the current user to the given folder.
640
641				=item ACLSave
642
643				Save changes to the current access control levels for the given user.
644
645				=item ACLDelete
646
647				Delete the specified access control level for the given user.
648
649				=cut
650
651				sub ACL {
652				return unless AccessUser($LEVEL);
653				return unless $cgiparams{'userid'};
654
655				my @rows = $dbi->GetQuery('hash','GetUserByID',$cgiparams{'userid'});
656				$tvars{data}->{$_} = $rows[0]->{$_} for(qw(userid realname accessname accessid));
657
658				push @{$tvars{data}->{access}}, { folderid => 0, path => 'DEFAULT', accessname => $tvars{data}->{accessname}, ddaccess => AccessSelect($tvars{data}->{accessid},'ACCESS0') };
659
660				@rows = $dbi->GetQuery('hash','UserACLs',$cgiparams{'userid'});
661				for my $row (@rows) {
662				$row->{ddaccess} = AccessSelect($row->{accessid},'ACCESS' . $row->{aclid});
663				push @{$tvars{data}->{access}}, $row;
664				}
665
666				$tvars{ddprofile} = ProfileSelect();
667				$tvars{ddfolder} = FolderSelect();
668				$tvars{ddaccess} = AccessSelect();
669				}
670
671				sub ACLAdd1 {
672				LoadProfiles();
673				if($settings{profiles}{profiles}{$cgiparams{profile}}) {
674				for(keys %{ $settings{profiles}{profiles}{$cgiparams{profile}} }) {
675				my $folderid = FolderID($_);
676				my $accessid = AccessID($settings{profiles}{profiles}{$cgiparams{profile}}{$_});
677
678				my @rows = $dbi->GetQuery('hash','UserACLCheck1', $cgiparams{'userid'}, $folderid);
679				if(@rows) {
680				$dbi->DoQuery('UserACLUpdate1',$accessid,$cgiparams{'userid'},$folderid)
681				if($rows[0]->{accessid} < $accessid);
682				} else {
683				$dbi->DoQuery('UserACLInsert',$accessid,$cgiparams{'userid'},$folderid);
684				}
685				}
686				}
687				}
688
689				sub ACLAdd2 {
690				my ($userid,$aclid,$accessid,$folderid) = @_;
691				if($aclid) {
692				my @rows = $dbi->GetQuery('hash','UserACLCheck2', $userid, $aclid);
693				if(@rows) {
694				$dbi->DoQuery('UserACLUpdate2',$accessid,$userid,$aclid)
695				if($rows[0]->{accessid} < $accessid);
696				} else {
697				$dbi->DoQuery('UserACLInsert',$accessid,$userid,$folderid);
698				}
699				} else {
700				$dbi->DoQuery('UserACLDefault',$accessid,$userid);
701				}
702				}
703
704				sub ACLSave {
705				return unless AccessUser($LEVEL);
706
707				if($cgiparams{submit} eq 'Apply') {
708				ACLAdd1();
709				} elsif($cgiparams{submit} eq 'Add') {
710				ACLAdd2($cgiparams{userid},0,$cgiparams{accessid},$cgiparams{folderid});
711				} else {
712				my @acls = grep {/ACCESS/} keys %cgiparams;
713				for my $acl ( @acls ) {
714				my ($aclid) = $acl =~ /ACCESS(\d+)/;
715				ACLAdd2($cgiparams{userid},$aclid,$cgiparams{'ACCESS'.$aclid});
716				}
717				}
718
719				$tvars{thanks} = 'User permissions saved successfully.';
720				}
721
722				sub ACLDelete {
723				return unless AccessUser($LEVEL);
724
725				my @manfields = qw(userid accessid folderid);;
726				return if FieldCheck(\@manfields,\@manfields);
727
728				$dbi->DoQuery('UserACLDelete',
729				$cgiparams{'userid'},
730				$cgiparams{'accessid'},
731				$cgiparams{'folderid'});
732
733				$tvars{thanks} = 'User access removed successfully.';
734				}
735
736				1;
737
738				__END__