query("SELECT `cldgroup` FROM `$dbname`.`user` WHERE `uuid`='$uuid'")->fetch()) === false) { $err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } $cld_groups = array(); if(isset($dbdata['cldgroup']) && $dbdata['cldgroup'] != '') { $cld_groups = explode(',', $dbdata['cldgroup']); } $disabled = ''; $allowed_groups_arr = array(); $csrf_token = bin2hex(openssl_random_pseudo_bytes(32)); if ($mysqlcon->exec("INSERT INTO `$dbname`.`csrf_token` (`token`,`timestamp`,`sessionid`) VALUES ('$csrf_token','".time()."','".session_id()."')") === false) { $err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } if (($db_csrf = $mysqlcon->query("SELECT * FROM `$dbname`.`csrf_token` WHERE `sessionid`='".session_id()."'")->fetchALL(PDO::FETCH_UNIQUE|PDO::FETCH_ASSOC)) === false) { $err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } if(count($_SESSION[$rspathhex.'multiple']) > 1 and !isset($_SESSION[$rspathhex.'uuid_verified'])) { $disabled = 1; $err_msg = sprintf($lang['stag0006'], '', ''); $err_lvl = 3; } elseif ($_SESSION[$rspathhex.'connected'] == 0) { $err_msg = sprintf($lang['stag0015'], '', ''); $err_lvl = 3; $disabled = 1; } else { if(($sqlhisgroup = $mysqlcon->query("SELECT * FROM `$dbname`.`groups`")->fetchAll(PDO::FETCH_ASSOC|PDO::FETCH_UNIQUE)) === false) { $err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } $allowed_groups_arr = explode(',', $addons_config['assign_groups_groupids']['value']); $excepted_groups_arr = explode(',', $addons_config['assign_groups_excepted_groupids']['value']); if(isset($_POST['update']) && isset($db_csrf[$_POST['csrf_token']])) { if(($sumentries = $mysqlcon->query("SELECT COUNT(*) FROM `$dbname`.`addon_assign_groups` WHERE `uuid`='$uuid'")->fetch(PDO::FETCH_NUM)) === false) { $err_msg = print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } else { if($sumentries[0] > 0) { $err_msg = $lang['stag0007']; $err_lvl = 3; } else { $set_groups = ''; $count_limit = $excepted = 0; if(isset($excepted_groups_arr) && $excepted_groups_arr != '') { foreach($excepted_groups_arr as $excepted_group) { if(in_array($excepted_group, $cld_groups)) { $excepted++; $err_msg = sprintf($lang['stag0019'], $sqlhisgroup[$excepted_group]['sgidname'], $excepted_group); break; } } } foreach($allowed_groups_arr as $allowed_group) { if(in_array($allowed_group, $cld_groups)) { $count_limit++; } if(isset($_POST[$allowed_group]) && $_POST[$allowed_group] == 1 && !in_array($allowed_group, $cld_groups)) { $set_groups .= $allowed_group.','; array_push($cld_groups, $allowed_group); $count_limit++; } if(!isset($_POST[$allowed_group]) && in_array($allowed_group, $cld_groups)) { $set_groups .= '-'.$allowed_group.','; $position = array_search($allowed_group, $cld_groups); array_splice($cld_groups, $position, 1); $count_limit--; } } $set_groups = substr($set_groups, 0, -1); if($set_groups != '' && $count_limit <= $addons_config['assign_groups_limit']['value'] && $excepted == 0) { if ($mysqlcon->exec("INSERT INTO `$dbname`.`addon_assign_groups` SET `uuid`='$uuid',`grpids`='$set_groups'") === false) { $err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } elseif($mysqlcon->exec("UPDATE `$dbname`.`job_check` SET `timestamp`=1 WHERE `job_name`='reload_trigger'; ") === false) { $err_msg = $lang['isntwidbmsg'].print_r($mysqlcon->errorInfo(), true); $err_lvl = 3; } else { $err_msg = $lang['stag0008']; $err_lvl = NULL; } } elseif($count_limit > $addons_config['assign_groups_limit']['value']) { $err_msg = sprintf($lang['stag0009'], $addons_config['assign_groups_limit']['value']); $err_lvl = 3; } elseif($excepted > 0) { $err_lvl = 3; } else { $err_msg = $lang['stag0010']; $err_lvl = 3; } } } } elseif(isset($_POST['update'])) { echo '

',$lang['errcsrf'],'

'; rem_session_ts3(); exit; } } ?>