I have added a new functionality to easily re-assign 'record ownerships'.
With authentication enabled to the maximum, only the record owners may view or affect their records. Others, including administrators, cannot. This is an issue when -
1. Previously authentication was not enabled or was not that strict, and/or,
2. Some users have 'left'
In such situations, one may need to re-assign ownerships (e.g., from former member Bob to new member Jane, or from being 'empty' to Jane, and so on). These re-assignments may be table-specific, and record-specific
I have addressed this issue by modifying DaDaBik code by adding these lines in admin.php before the footer include statement at the bottom. Note that by allowing the administrator to pass extra MySQL clauses, the functionality gets a lot of muscle.
---
if ($enable_authentication === 1){ // for ID_user transfers
//////
//-- actions
if (isset($_POST['reassign']))
{ // submitted form for reassignment
if (empty($_POST['table_for_reassign']) or empty($_POST['from_user']) or empty($_POST['to_user']))
{
$user_assign_message = '<span style="color:red;">You did not choose one of the options</span>';
}
else
{
$to_user = $_POST['to_user'];
if ($_POST['to_user'] == 'no_one')
{$to_user = '';} // will clear ID_user
$from_user = $_POST['from_user'];
if ($_POST['from_user'] == 'no_one')
{$from_user = '';} // ID_user empty
$sql = 'UPDATE `'.$_POST['table_for_reassign'].'` SET `ID_user` = \''.$to_user.'\'';
if ($_POST['from_user'] !== 'any_one')
{$sql .= 'WHERE `ID_user` = \''.$from_user.'\'';
if (!empty($_POST['extra_sql']))
{
$sql .= ' '.strip_slashes($_POST['extra_sql']);
}
}
else
{$sql .= 'WHERE `ID_user` LIKE \'%\'';
if (!empty($_POST['extra_sql']))
{
$sql .= ' '.strip_slashes($_POST['extra_sql']);
}
}
mysql_query($sql);
if (!(mysql_error()))
{
$user_assign_message = '<b>The re-assignment was successful - '.mysql_affected_rows().' records(s) needed the modification</b>';
}
else
{
$user_assign_message = '<span style="color:red;">MySQL error for query - <br /><i>' . $sql . '</i><br />Please check the extra MySQL clauses that you may have passed.</span>';
}
}
}
//-- display
echo ('<br /><div style="width:700px; background-color:#f0f0f0;"><table summary="none" border="0" cellpadding="5"><tr><td><a name="id_user" id="id_user"></a><b>Record owner re-assignment</b><p>Use the options below if you want to change the "ID_user" field values to re-assign "ownership" of records. Depending on configurations in the config.php file, the ability to view details of, edit or delete a record for a table may be restricted to the record "owner."</p>');
echo ('<p>'.$user_assign_message.'</p>');
// options for tables for form; only installed tables with ID_user field
$table_options = '';
$table_possible = array();
foreach ($installed_tables_ar as $key => $value)
{
if ($value !== $users_table_name)
{
$sql = 'SHOW COLUMNS FROM '.$value.' LIKE \'ID_user\'';
$result = mysql_query($sql);
if (mysql_fetch_array($result)){$table_possible[] = $value;}
}
}
$table_options .= '<select single="single" id="table_for_reassign" name="table_for_reassign"><option value="">Select table...</option>';
foreach ($table_possible as $key => $value)
{
$table_options .= '<option value="'.$value.'">'.$value.'</option>';
}
$table_options .= '</select>';
// options for users for form
$to_user_options = '<select single="single" id="to_user" name="to_user"><option value="">Select new owner (ID_user)...</option>';
$from_user_options = '<select single="single" id="from_user" name="from_user"><option value="">Select current owner (ID_user)...</option>';
$user_options = '';
$sql = 'SELECT `'.$users_table_username_field.'`, `ID_user` FROM `'.$users_table_name.'`';
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result))
{
$user_options .= '<option value="'.$row[1].'">'.$row[0].' ('.$row[1].')</option>';
}
$to_user_options .= $user_options.'<option value="no_one">* No one * make empty</option></select>';
$from_user_options .= $user_options.'<option value="no_one">* No one * now empty</option><option value="any_one">* Anyone * all</option></select>';
// for extra sql
$for_extra_sql = '<textarea id="extra_sql" name="extra_sql" rows="2" cols="50"></textarea>';
// build form
echo ('<form id="user_reassignment" method="POST" action="admin.php#id_user"><table summary="none" border="0" cellspacing="2" cellpadding="0"><tr><td><b>Table:</b><br />'.$table_options.'</td><td><b>Current owner:</b><br />'.$from_user_options.'</td><td><b>New owner:</b><br />'.$to_user_options.'</td></tr><tr><td colspan="2"><b>Extra for MySQL SELECT statement:</b><br />'.$for_extra_sql.'<br /></td><td><input name="reassign" id="reassign" type="submit" value="Submit" /></td></tr><tr><td colspan="3"><br />You may use the text-field above to pass extra clauses for the MySQL SELECT statement used for the user re-assignment. Do not use if you are not familiar with MySQL syntax. This is useful if you want to restrict the re-assignment or limit it to certain number. E.g., if filled with <i>AND `artist` LIKE \'%bruce%\' LIMIT 1</i>, note the back-ticks and single quote-marks, only those records will be re-assigned that have <i>bruce</i> for the "artist" field.</td></tr></table></form>');
echo ('</td></tr></table></div>');
//--
/////
}
---
Note the 'strip_slashes' functions. If you have magic_quotes ON and do not use the magic_quotes_setting get-around described here, you can probably use just stripslashes, an in-built function.
If you try this, please post any bugs, and fixes.
Again, I have included it in the modified DaDaBik on Sourceforge.
With authentication enabled to the maximum, only the record owners may view or affect their records. Others, including administrators, cannot. This is an issue when -
1. Previously authentication was not enabled or was not that strict, and/or,
2. Some users have 'left'
In such situations, one may need to re-assign ownerships (e.g., from former member Bob to new member Jane, or from being 'empty' to Jane, and so on). These re-assignments may be table-specific, and record-specific
I have addressed this issue by modifying DaDaBik code by adding these lines in admin.php before the footer include statement at the bottom. Note that by allowing the administrator to pass extra MySQL clauses, the functionality gets a lot of muscle.
---
if ($enable_authentication === 1){ // for ID_user transfers
//////
//-- actions
if (isset($_POST['reassign']))
{ // submitted form for reassignment
if (empty($_POST['table_for_reassign']) or empty($_POST['from_user']) or empty($_POST['to_user']))
{
$user_assign_message = '<span style="color:red;">You did not choose one of the options</span>';
}
else
{
$to_user = $_POST['to_user'];
if ($_POST['to_user'] == 'no_one')
{$to_user = '';} // will clear ID_user
$from_user = $_POST['from_user'];
if ($_POST['from_user'] == 'no_one')
{$from_user = '';} // ID_user empty
$sql = 'UPDATE `'.$_POST['table_for_reassign'].'` SET `ID_user` = \''.$to_user.'\'';
if ($_POST['from_user'] !== 'any_one')
{$sql .= 'WHERE `ID_user` = \''.$from_user.'\'';
if (!empty($_POST['extra_sql']))
{
$sql .= ' '.strip_slashes($_POST['extra_sql']);
}
}
else
{$sql .= 'WHERE `ID_user` LIKE \'%\'';
if (!empty($_POST['extra_sql']))
{
$sql .= ' '.strip_slashes($_POST['extra_sql']);
}
}
mysql_query($sql);
if (!(mysql_error()))
{
$user_assign_message = '<b>The re-assignment was successful - '.mysql_affected_rows().' records(s) needed the modification</b>';
}
else
{
$user_assign_message = '<span style="color:red;">MySQL error for query - <br /><i>' . $sql . '</i><br />Please check the extra MySQL clauses that you may have passed.</span>';
}
}
}
//-- display
echo ('<br /><div style="width:700px; background-color:#f0f0f0;"><table summary="none" border="0" cellpadding="5"><tr><td><a name="id_user" id="id_user"></a><b>Record owner re-assignment</b><p>Use the options below if you want to change the "ID_user" field values to re-assign "ownership" of records. Depending on configurations in the config.php file, the ability to view details of, edit or delete a record for a table may be restricted to the record "owner."</p>');
echo ('<p>'.$user_assign_message.'</p>');
// options for tables for form; only installed tables with ID_user field
$table_options = '';
$table_possible = array();
foreach ($installed_tables_ar as $key => $value)
{
if ($value !== $users_table_name)
{
$sql = 'SHOW COLUMNS FROM '.$value.' LIKE \'ID_user\'';
$result = mysql_query($sql);
if (mysql_fetch_array($result)){$table_possible[] = $value;}
}
}
$table_options .= '<select single="single" id="table_for_reassign" name="table_for_reassign"><option value="">Select table...</option>';
foreach ($table_possible as $key => $value)
{
$table_options .= '<option value="'.$value.'">'.$value.'</option>';
}
$table_options .= '</select>';
// options for users for form
$to_user_options = '<select single="single" id="to_user" name="to_user"><option value="">Select new owner (ID_user)...</option>';
$from_user_options = '<select single="single" id="from_user" name="from_user"><option value="">Select current owner (ID_user)...</option>';
$user_options = '';
$sql = 'SELECT `'.$users_table_username_field.'`, `ID_user` FROM `'.$users_table_name.'`';
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result))
{
$user_options .= '<option value="'.$row[1].'">'.$row[0].' ('.$row[1].')</option>';
}
$to_user_options .= $user_options.'<option value="no_one">* No one * make empty</option></select>';
$from_user_options .= $user_options.'<option value="no_one">* No one * now empty</option><option value="any_one">* Anyone * all</option></select>';
// for extra sql
$for_extra_sql = '<textarea id="extra_sql" name="extra_sql" rows="2" cols="50"></textarea>';
// build form
echo ('<form id="user_reassignment" method="POST" action="admin.php#id_user"><table summary="none" border="0" cellspacing="2" cellpadding="0"><tr><td><b>Table:</b><br />'.$table_options.'</td><td><b>Current owner:</b><br />'.$from_user_options.'</td><td><b>New owner:</b><br />'.$to_user_options.'</td></tr><tr><td colspan="2"><b>Extra for MySQL SELECT statement:</b><br />'.$for_extra_sql.'<br /></td><td><input name="reassign" id="reassign" type="submit" value="Submit" /></td></tr><tr><td colspan="3"><br />You may use the text-field above to pass extra clauses for the MySQL SELECT statement used for the user re-assignment. Do not use if you are not familiar with MySQL syntax. This is useful if you want to restrict the re-assignment or limit it to certain number. E.g., if filled with <i>AND `artist` LIKE \'%bruce%\' LIMIT 1</i>, note the back-ticks and single quote-marks, only those records will be re-assigned that have <i>bruce</i> for the "artist" field.</td></tr></table></form>');
echo ('</td></tr></table></div>');
//--
/////
}
---
Note the 'strip_slashes' functions. If you have magic_quotes ON and do not use the magic_quotes_setting get-around described here, you can probably use just stripslashes, an in-built function.
If you try this, please post any bugs, and fixes.
Again, I have included it in the modified DaDaBik on Sourceforge.
