script su l assegiazione dei permessi

[rocco.mod]

salve ragazzi che ne pensate di cuesto script per assegniare i permessi? da moderatore, l ho fatto stanotte, ma non son tanto sicuro che sia la soluzione giusta l intenzione dello scrit e : io da pc admin inserisco un novo moderatore, se il moderatore e stato inserito inserisce i permessi assegiati,se i permessi sono stati inseriti controlla le impostazioni , se e attivo l alert invia l email di conferma al nuovo moderatore se no si ferma li che ne dite??????????????????

Codice PHP:


include"../../includes/check1.php";
//include"check1.php";
include_once("../../leng/italian.php");
include_once ("../../includes/config.php");
include_once ("../../includes/funzioni.php");
$ip = $_SERVER['REMOTE_ADDR'];
//$date = date('Y-m-d H:i:s');
$today = date("j F Y   g:i:s a");

$DB = new DB();
$DB->connect();
$result = mysql_query("select * from configurazioni ");
while($array=mysql_fetch_array($result)){
$titolosito=$array['nome'];
$logosito=$array['logo'];
$url_sito = $array['link_helpdesk'];
$titolo_helpdesk = $array['titolo_help_desk'];
$path_site = $array['path_helpdesk'];
}
if(!isset($_POST['nome'])){$nome="";}else{$nome = trim($_POST['nome']);}
if(!isset($_POST['cognome'])){$cognome="";}else{$cognome = trim($_POST['cognome']);}
if(!isset($_POST['user'])){$user="";}else{$user = trim($_POST['user']);}
if(!isset($_POST['email'])){$email="";}else{$email = trim($_POST['email']);}
if(!isset($_POST['pass'])){$pass="";}else{$pass = trim($_POST['pass']);}
if(!isset($_POST['stato'])){$stato="";}else{$stato = $_POST['stato']?1:0;}
if(!isset($_POST['telefono'])){$telefono="";}else{$telefono = trim($_POST['telefono']);}
if(!isset($_POST['signature'])){$signature="";}else{$signature = trim($_POST['signature']);}

if(!isset($_POST['change_email'])){$change_email="";}else{$change_email = $_POST['change_email']?1:0;}
if(!isset($_POST['change_signature'])){$change_signature="";}else{$change_signature = $_POST['change_signature']?1:0;}
if(!isset($_POST['change_pass'])){$change_pass="";}else{$change_pass = $_POST['change_pass']?1:0;}

if(!isset($_POST['crea_user'])){$crea_user="";}else{$crea_user = $_POST['crea_user']?1:0;}
if(!isset($_POST['edit_user'])){$edit_user="";}else{$edit_user = $_POST['edit_user']?1:0;}
if(!isset($_POST['approve_user'])){$approve_user="";}else{$approve_user = $_POST['approve_user']?1:0;}
if(!isset($_POST['banned_user'])){$banned_user="";}else{$banned_user = $_POST['banned_user']?1:0;}
if(!isset($_POST['delete_user'])){$delete_user="";}else{$delete_user = $_POST['delete_user']?1:0;}

if(!isset($_POST['add_article'])){$add_article="";}else{$add_article = $_POST['add_article']?1:0;}
if(!isset($_POST['edit_article'])){$edit_article="";}else{$edit_article = $_POST['edit_article']?1:0;}
if(!isset($_POST['delete_article'])){$delete_article="";}else{$delete_article = $_POST['delete_article']?1:0;}
if(!isset($_POST['add_categoria'])){$add_categoria="";}else{$add_categoria = $_POST['add_categoria']?1:0;}
if(!isset($_POST['edit_categoria'])){$edit_categoria="";}else{$edit_categoria = $_POST['edit_categoria']?1:0;}
if(!isset($_POST['delete_categoria'])){$delete_categoria="";}else{$delete_categoria = $_POST['delete_categoria']?1:0;}

if(!isset($_POST['add_troubleshooter'])){$add_troubleshooter="";}else{$add_troubleshooter = $_POST['add_troubleshooter']?1:0;}
if(!isset($_POST['edit_troubleshooter'])){$edit_troubleshooter="";}else{$edit_troubleshooter = $_POST['edit_troubleshooter']?1:0;}
if(!isset($_POST['delete_troubleshooter'])){$delete_troubleshooter="";}else{$delete_troubleshooter = $_POST['delete_troubleshooter']?1:0;}

if(!isset($_POST['add_news'])){$add_news="";}else{$add_news = $_POST['add_news']?1:0;}
if(!isset($_POST['edit_news'])){$edit_news="";}else{$edit_news = $_POST['edit_news']?1:0;}
if(!isset($_POST['delete_news'])){$delete_news="";}else{$delete_news = $_POST['delete_news']?1:0;}

if(!isset($_POST['add_files'])){$add_files="";}else{$add_files = $_POST['add_files']?1:0;}
if(!isset($_POST['edit_files'])){$edit_files="";}else{$edit_files = $_POST['edit_files']?1:0;}
if(!isset($_POST['delete_files'])){$delete_files="";}else{$delete_files = $_POST['delete_files']?1:0;}
if(!isset($_POST['add_file_category'])){$add_file_category="";}else{$add_file_category = $_POST['add_file_category']?1:0;}
if(!isset($_POST['edit_file_category'])){$edit_file_category="";}else{$edit_file_category = $_POST['edit_file_category']?1:0;}
if(!isset($_POST['delete_file_category'])){$delete_file_category="";}else{$delete_file_category = $_POST['delete_file_category']?1:0;}



if(!isset($_POST['view_unassigned_tickets'])){$view_unassigned_tickets="";}else{$view_unassigned_tickets = $_POST['view_unassigned_tickets']?1:0;}
if(!isset($_POST['view_other_tech_tickets'])){$view_other_tech_tickets="";}else{$view_other_tech_tickets = $_POST['view_other_tech_tickets']?1:0;}
if(!isset($_POST['edit_other_tech_tickets'])){$edit_other_tech_tickets="";}else{$edit_other_tech_tickets = $_POST['edit_other_tech_tickets']?1:0;}
if(!isset($_POST['reply_other_tech_tickets'])){$reply_other_tech_tickets="";}else{$reply_other_tech_tickets = $_POST['reply_other_tech_tickets']?1:0;}
if(!isset($_POST['delete_other_tech_tickets'])){$delete_other_tech_tickets="";}else{$delete_other_tech_tickets = $_POST['delete_other_tech_tickets']?1:0;}
if(!isset($_POST['close_tickets'])){$close_tickets="";}else{$close_tickets = $_POST['close_tickets']?1:0;}
if(!isset($_POST['reopen_tickets'])){$reopen_tickets="";}else{$reopen_tickets = $_POST['reopen_tickets']?1:0;}
if(!isset($_POST['create_new_tickets'])){$create_new_tickets="";}else{$create_new_tickets = $_POST['create_new_tickets']?1:0;}




if(get_magic_quotes_gpc())
{
$nome        = stripslashes($nome);
$cognome     = stripslashes($cognome);
$email       = stripslashes($email);
$user        = stripslashes($user);
$pass        = stripslashes($pass);
$telefono    = stripslashes($telefono);
$signature   = stripslashes($signature);
}
$nome      = mysql_real_escape_string($nome);
$cognome   = mysql_real_escape_string($cognome);
$email     = mysql_real_escape_string($email);
$user      = mysql_real_escape_string($user);
$pass      = mysql_real_escape_string($pass);
$telefono  = mysql_real_escape_string($telefono);
$signature = mysql_real_escape_string($signature);
if(!isset($user)OR $user==''){
echo"Il campo username e obligatorio";
return;
}if(!isset($pass)OR $pass==''){
echo"il campo passwod e obblidatorio";
return;
}elseif(!isset($pass)OR (!preg_match("/^[0-9A-Z@]{6,50}$/i", $pass))){
echo"<span class='alertregisterno' >Il campo password è¨ composto con caratteri non ammessi</span>";
return;
}if(!isset($email) OR $email =='' ){    
echo "<span class='alertregisterno' >Il campo email è obbligatorio</span>";
return;
}elseif(!isset($email) OR (!preg_match("/^[-0-9A-Z_\.]{1,50}@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i", $email)) ) {
echo "<span class='alertregisterno' >Il seguente indirizzo email :[b]$email[/b]
E'composto da caratteri non validi!</span>";
return;
}
if($user=="admin"){
echo"e proebito usare il seguente nick";
}
else{
$DB->connect();
$controllo_email=mysql_query("select * from staff where email = '$email' limit 1");
$result_controll=mysql_num_rows($controllo_email);
if($result_controll !=0){
  echo"La presente email ($email) risulta presente nel database";
}else{
$numero_a_caso = rand (1234,5678);
for ($i=0;$i<=7;$i++) { $new_pass .= chr(rand(97, 122)); }
$psw_per_db = criptpass($new_pass);
$inserisco_staff= mysql_query("INSERT INTO staff 
(id,nome,cognome,telefono,nick,email,pass,stato,caso,tipo,id_gruppo,firma,data,date_ultima_mod,ip,agent)VALUES
(NULL,'$nome','$cognome','$telefono','$user','$email','$psw_per_db','$stato','$numero_a_caso','2','0','$signature','".date("j F Y  g:i:s a")."',NULL,'".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_USER_AGENT']."')");
$id_staff = mysql_insert_id();
if($inserisco_staff){
$assegnio_permessi=mysql_query("insert into permission_staff
(id,id_staff,
view_ticket_unasignated,
view_ticket_oter_staff,
edit_ticket_oter_staff,
replay_ticket_oter_staff,
delete_ticket_oter_staff,
closed_ticket,
reopen_ticket,
create_new_ticket,
add_article,
edit_article,
delete_article,
add_category,
edit_category,
delete_category,
add_troubleshooter,
edit_troubleshooter,
delete_troubleshooter,
add_news,
edit_news,
delete_news,
add_download,
edit_download,
delete_download,
add_File_Category,
edit_File_Category,
delete_File_Category,
add_user,
edit_user,
approve_user,
banned_user,
delete_user )VALUES(NULL,'$id_staff'
,'$view_unassigned_tickets'
,'$view_other_tech_tickets'
,'$edit_other_tech_tickets'
,'$reply_other_tech_tickets'
,'$delete_other_tech_tickets'
,'$close_tickets'
,'$reopen_tickets'
,'$create_new_tickets'
,'$add_article'
,'$edit_article'
,'$delete_article'
,'$add_categoria'
,'$edit_categoria'
,'$delete_categoria'
,'$add_troubleshooter'
,'$edit_troubleshooter'
,'$delete_troubleshooter'
,'$add_news'
,'$edit_news'
,'$delete_news'
,'$add_files'
,'$edit_files'
,'$delete_files'
,'$add_file_category'
,'$edit_file_category'
,'$delete_file_category'
,'$crea_user'
,'$edit_user'
,'$approve_user'
,'$banned_user'
,'$delete_user'
)");
if($assegnio_permessi){
echo"la registrazione dell utente $nome e avvenuta con successo.";

$DB->connect();
$controllo_stato_avviso = mysql_query("select * from email_status where add_staff='1' ");
$result_stato_add_staff=mysql_num_rows($controllo_stato_avviso);
if($result_stato_add_staff ==1){
echo"qui partira l email e l allert e attivo";
   } 
   }else{
   echo"c e stato un errore nella registrazione ".mysql_error();
  }
 }else{
  echo"c e stato un errore nella registrazione ".mysql_error();
  
  }
 
 } 
}