2 /************************************************************************
\r
3 * MXChange v0.2.1 Start: 06/30/2003 *
\r
4 * =============== Last change: 11/27/2004 *
\r
6 * -------------------------------------------------------------------- *
\r
7 * File : admins_functions.php *
\r
8 * -------------------------------------------------------------------- *
\r
9 * Short description : Functions for the admins extension *
\r
10 * -------------------------------------------------------------------- *
\r
11 * Kurzbeschreibung : Funktionen fuer die admins-Erweiterung *
\r
12 * -------------------------------------------------------------------- *
\r
14 * -------------------------------------------------------------------- *
\r
15 * Copyright (c) 2003 - 2007 by Roland Haeder *
\r
16 * For more information visit: http://www.mxchange.org *
\r
18 * This program is free software; you can redistribute it and/or modify *
\r
19 * it under the terms of the GNU General Public License as published by *
\r
20 * the Free Software Foundation; either version 2 of the License, or *
\r
21 * (at your option) any later version. *
\r
23 * This program is distributed in the hope that it will be useful, *
\r
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
\r
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
\r
26 * GNU General Public License for more details. *
\r
28 * You should have received a copy of the GNU General Public License *
\r
29 * along with this program; if not, write to the Free Software *
\r
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
\r
31 * MA 02110-1301 USA *
\r
32 ************************************************************************/
\r
34 // Some security stuff...
\r
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
\r
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
\r
41 function ADMINS_CHECK_ACL($act, $wht)
\r
43 global $_COOKIE, $ADMINS, $ADMINS_ACLS, $CONFIG;
\r
44 // If action is login or logout allow allways!
\r
45 if (($act == "login") || ($act == "logout")) return true;
\r
50 // Get admin's defult access right
\r
51 if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']]))
\r
54 $default = $ADMINS['def_acl'][$_COOKIE['admin_login']];
\r
57 $CONFIG['cache_hits']++;
\r
61 // Load from database
\r
62 $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
\r
63 array($_COOKIE['admin_login']), __FILE__, __LINE__);
\r
64 list($default) = SQL_FETCHROW($result);
\r
65 SQL_FREERESULT($result);
\r
69 $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
\r
73 // Check for parent menu:
\r
74 // First get it's action value
\r
75 $parent_action = GET_ACTION("admin", $wht);
\r
77 // Check with this function...
\r
78 $parent = ADMINS_CHECK_ACL($parent_action, "");
\r
82 // Anything else is true!
\r
86 // Shall I test for a main or sub menu? (action or what?)
\r
87 $lines = 0; $acl_mode = "failed";
\r
88 if (GET_EXT_VERSION("cache") >= "0.1.2")
\r
90 // Load only from array when there are lines!
\r
91 if (count($ADMINS_ACLS) > 0)
\r
93 // Load ACL from array
\r
94 foreach ($ADMINS_ACLS['admin_id'] as $id=>$aid_acls)
\r
96 if ($aid == $aid_acls)
\r
98 // Okay, one line was found!
\r
99 if ((!empty($act)) && ($ADMINS_ACLS['action_menu'][$id] == $act))
\r
101 // Main menu line found
\r
102 $acl_mode = $ADMINS_ACLS['access_mode'][$id];
\r
105 elseif ((!empty($wht)) && ($ADMINS_ACLS['what_menu'][$id] == $wht))
\r
108 $acl_mode = $ADMINS_ACLS['access_mode'][$id];
\r
113 // Count cache hits
\r
114 $CONFIG['cache_hits']++;
\r
121 if ($acl_mode == "failed")
\r
135 // Old version, so load it from database
\r
139 $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1",
\r
140 array(bigintval($aid), $act), __FILE__, __LINE__);
\r
142 elseif (!empty($wht))
\r
145 $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1",
\r
146 array(bigintval($aid), $wht), __FILE__, __LINE__);
\r
149 // Get number of lines
\r
150 $lines = SQL_NUMROWS($result);
\r
153 list($acl_mode) = SQL_FETCHROW($result);
\r
154 SQL_FREERESULT($result);
\r
157 // Check ACL and (maybe) allow
\r
158 if ((($default == "allow") && ($lines == 0)) || (($default == "deny") && ($lines == "1") && ($acl_mode == "allow")) || (($lines == 0) && ($parent))) $ret = true;
\r
163 // Create email link to admins's account
\r
164 function ADMINS_CREATE_EMAIL_LINK($email, $mod="admin")
\r
166 $locked = " AND status='CONFIRMED'";
\r
167 if (IS_ADMIN()) $locked = "";
\r
168 if (strpos("@", $email) > 0)
\r
170 // Create email link
\r
171 $result = SQL_QUERY_ESC("SELECT id
\r
172 FROM "._MYSQL_PREFIX."_admins
\r
173 WHERE email='%s'".$locked." LIMIT 1",
\r
174 array($email), __FILE__, __LINE__);
\r
175 if (SQL_NUMROWS($result) == 1)
\r
178 list($uid) = SQL_FETCHROW($result);
\r
180 // Rewrite email address to contact link
\r
181 $email = URL."/modules.php?module=".$mod."&what=user_contct&u_id=".bigintval($uid);
\r
185 SQL_FREERESULT($result);
\r
187 elseif (bigintval($email) > 0)
\r
190 $email = URL."/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($email);
\r
193 // Return rewritten (?) email address
\r