>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
*/
include_once('db.php');
include_once('nonce.php');
if(!isset($_SESSION['id'])){die(_('Insufficient privileges'));}
if(!($privileges&PRIV_PRIVILEGES)){die(_('Insufficient privileges'));}
if(checknonce()) // Save changes
{
$priv=0;
foreach($_POST['privileges'] as $p){$priv+=$p;}
$q='';
if(isset($_POST['addprivileges']) && $_POST['addprivileges']!='')
{
$user=mysqli_real_escape_string($db, $_POST['addprivileges']);
$q.='name="'.$user.'"';
}
elseif(isset($_POST['editprivileges'])){$q='id='.(int)$_POST['editprivileges'];}
if($q!='')
{
mysqli_query($db, 'update users set privileges='.(int)$priv.' where '.$q);
}
}
// Load current
$users='';
$res=mysqli_query($db, 'select id, name, displayname, privileges from users where privileges>0 order by privileges desc');
while($row=mysqli_fetch_assoc($res))
{
$name=htmlentities($row['name']);
$displayname=htmlentities($row['displayname']);
$users.='