X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fdb%2Fsecurity_db.inc;h=70027c2e7c3b489f161edbf05e23dea6b1b18815;hb=c479264e8db282f8d518d11bdd8883dc7d0b4d46;hp=55e56b556ae7fcab6f6b0fc52e8cd872b6a183cf;hpb=3e2f1b46bb33c1720b4373f324f6126ca26d2ac7;p=fa-stable.git

diff --git a/admin/db/security_db.inc b/admin/db/security_db.inc
index 55e56b55..70027c2e 100644
--- a/admin/db/security_db.inc
+++ b/admin/db/security_db.inc
@@ -13,53 +13,54 @@
 
 function get_security_role($id)
 {
-	$sql = "SELECT * FROM ".TB_PREF."security_roles WHERE id='$id'";
+	$sql = "SELECT * FROM ".TB_PREF."security_roles WHERE id=".(int)$id;
 	$ret = db_query($sql, "could not retrieve security roles");
 	$row = db_fetch($ret);
-	$row['areas'] = explode(';', $row['areas']);
-	$row['modules'] = explode(';', $row['modules']);
+	if ($row != false) {
+		$row['areas'] = explode(';', $row['areas']);
+		$row['sections'] = explode(';', $row['sections']);
+	}
 	return $row;
 }
 
 //--------------------------------------------------------------------------------------------------
 
-function add_security_role($name, $description, $modules, $areas)
+function add_security_role($name, $description, $sections, $areas)
 {
-	$sql = "INSERT INTO ".TB_PREF."security_roles (role, description, modules, areas)
+	$sql = "INSERT INTO ".TB_PREF."security_roles (role, description, sections, areas)
 	VALUES ("
 	.db_escape($name).","
 	.db_escape($description).","
-	.db_escape(implode(';',$modules)).","
-	.db_escape(implode(';',$areas)).")";
+	.db_escape(implode(';', $sections)).","
+	.db_escape(implode(';', $areas)).")";
 
 	db_query($sql, "could not add new security role");
 }
 
 //--------------------------------------------------------------------------------------------------
 
-function update_security_role($id, $name, $description, $modules, $areas)
+function update_security_role($id, $name, $description, $sections, $areas)
 {
     	$sql = "UPDATE ".TB_PREF."security_roles SET role=".db_escape($name)
     	.",description=".db_escape($description)
-    	.",modules=".db_escape(implode(';',$modules))
-    	.",areas=".db_escape(implode(';',$areas))
-    	." WHERE id=$id";
+    	.",sections=".db_escape(implode(';', $sections))
+    	.",areas=".db_escape(implode(';', $areas))
+    	." WHERE id=".(int)$id;
     	db_query($sql, "could not update role");
 }
 //--------------------------------------------------------------------------------------------------
 
 function delete_security_role($id)
 {
-	$sql = "DELETE FROM ".TB_PREF."security_roles WHERE id=$id";
+	$sql = "DELETE FROM ".TB_PREF."security_roles WHERE id=".(int)$id;
 
 	db_query($sql, "could not delete role");
 }
 //--------------------------------------------------------------------------------------------------
 
 function check_role_used($id) {
-	$sql = "SELECT count(*) FROM ".TB_PREF."users WHERE full_access=$id";
+	$sql = "SELECT count(*) FROM ".TB_PREF."users WHERE role_id=".(int)$id;
 	$ret = db_query($sql, 'cannot check role usage');
 	$row = db_fetch($ret);
 	return $row[0];
 }
-?>
\ No newline at end of file