2 /************************************************************************
\r
3 * MXChange v0.2.1 Start: 08/31/2003 *
\r
4 * =============== Last change: 11/23/2004 *
\r
6 * -------------------------------------------------------------------- *
\r
7 * File : admin-inc.php *
\r
8 * -------------------------------------------------------------------- *
\r
9 * Short description : Administrative related functions *
\r
10 * -------------------------------------------------------------------- *
\r
11 * Kurzbeschreibung : Für die Administration benötigte Funktionen *
\r
12 * -------------------------------------------------------------------- *
\r
14 * -------------------------------------------------------------------- *
\r
15 * Copyright (c) 2003 - 2007 by Roland Haeder *
\r
16 * For more information visit: http://www.mxchange.org *
\r
18 * This program is free software; you can redistribute it and/or modify *
\r
19 * it under the terms of the GNU General Public License as published by *
\r
20 * the Free Software Foundation; either version 2 of the License, or *
\r
21 * (at your option) any later version. *
\r
23 * This program is distributed in the hope that it will be useful, *
\r
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
\r
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
\r
26 * GNU General Public License for more details. *
\r
28 * You should have received a copy of the GNU General Public License *
\r
29 * along with this program; if not, write to the Free Software *
\r
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
\r
31 * MA 02110-1301 USA *
\r
32 ************************************************************************/
\r
34 // Some security stuff...
\r
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
\r
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
\r
42 function REGISTER_ADMIN ($user, $md5)
\r
45 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
\r
46 array($user), __FILE__, __LINE__);
\r
47 if (SQL_NUMROWS($result) == 0)
\r
49 // Ok, let's create the admin login
\r
50 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')",
\r
51 array($user, $md5), __FILE__, __LINE__);
\r
57 SQL_FREERESULT($result);
\r
59 // Login does already exist
\r
64 // Only be executed on login procedure!
\r
65 function CHECK_ADMIN_LOGIN ($admin_login, $password)
\r
67 global $ADMINS, $CONFIG, $CACHE;
\r
68 $ret = "404"; $pass = "";
\r
69 if (!empty($ADMINS['aid'][$admin_login]))
\r
71 // Get password from cache
\r
72 $pass = $ADMINS['password'][$admin_login];
\r
74 $CONFIG['cache_hits']++;
\r
78 // Get password from DB
\r
79 $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
\r
80 array($admin_login), __FILE__, __LINE__);
\r
81 if (SQL_NUMROWS($result) == 1)
\r
84 list($pass) = SQL_FETCHROW($result);
\r
85 SQL_FREERESULT($result);
\r
89 //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."<BR>";
\r
90 if ((strlen($pass) == 32) && ($pass == md5($password)))
\r
92 // Generate new hash
\r
93 $pass = generateHash($password);
\r
94 if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done";
\r
96 elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))
\r
102 // Generate salt of password
\r
103 define('__SALT', substr($pass, 0, -40));
\r
106 // Check if password is same
\r
107 if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt)))
\r
110 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
\r
111 array($pass, $admin_login), __FILE__, __LINE__);
\r
113 // Shall I remove the cache file?
\r
114 if ((EXT_IS_ACTIVE("cache")) && ($CACHE != false))
\r
116 if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
\r
119 // Password matches!
\r
122 elseif ((empty($salt)) && ($ret == "pass"))
\r
124 // Something bad went wrong
\r
129 // Only be executed on cookie checking
\r
130 function CHECK_ADMIN_COOKIES ($admin_login, $password)
\r
132 global $ADMINS, $CONFIG;
\r
133 $ret = "404"; $pass = "";
\r
134 if (!empty($ADMINS['aid'][$admin_login]))
\r
136 // Get password from cache
\r
137 $pass = $ADMINS['password'][$admin_login];
\r
139 $CONFIG['cache_hits']++;
\r
143 // Get password from DB
\r
144 $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
\r
145 array($admin_login), __FILE__, __LINE__);
\r
146 if (SQL_NUMROWS($result) == 1)
\r
149 list($pass) = SQL_FETCHROW($result);
\r
150 SQL_FREERESULT($result);
\r
154 //* DEBUG: */ echo "*".$pass."/".$password."<BR>";
\r
156 // Check if password matches
\r
157 if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password)))
\r
159 // Passwords matches!
\r
165 function admin_WriteData ($FILE, $COMMENT, $PREFIX, $SUFFIX, $DATA, $SEEK=0)
\r
167 $DONE = false; $SEEK++; $found = false;
\r
168 if (file_exists($FILE))
\r
170 $SEARCH = "CFG: ".$COMMENT;
\r
171 $TMP = $FILE.".tmp";
\r
172 $fp = fopen($FILE, 'r') or OUTPUT_HTML ("<STRONG>READ:</STRONG> ".$FILE."<BR>");
\r
175 $fp_tmp = fopen($TMP, 'w') or OUTPUT_HTML ("<STRONG>WRITE:</STRONG> ".$TMP."<BR>");
\r
178 while (! feof($fp))
\r
180 $line = fgets ($fp, 1024);
\r
181 if (strpos($line, $SEARCH) > -1) { $next = 0; $found = true; }
\r
184 if ($next == $SEEK)
\r
187 $line = $PREFIX.$DATA.$SUFFIX."\n";
\r
194 fputs($fp_tmp, $line);
\r
197 // Finished writing tmp file
\r
201 if (($DONE) && ($found))
\r
203 // Copy back tmp file and delete tmp :-)
\r
204 @copy($TMP, $FILE);
\r
206 define ('_FATAL', false);
\r
210 OUTPUT_HTML ("<STRONG>CHANGE:</STRONG> 404!");
\r
211 define ('_FATAL', true);
\r
215 OUTPUT_HTML ("<STRONG>TMP:</STRONG> UNDONE!");
\r
216 define ('_FATAL', true);
\r
222 OUTPUT_HTML ("<STRONG>404:</STRONG> ".$FILE."<BR>");
\r
226 function ADMIN_DO_ACTION($wht)
\r
228 global $menuDesription, $MTITLE, $CONFIG, $EXTENSIONS, $link, $DATA;
\r
229 //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*<br />\n";
\r
230 if (EXT_IS_ACTIVE("cache"))
\r
232 // Include cache instance
\r
236 // Remove any spaces from variable
\r
239 // Default admin action is the overview page
\r
244 // Compile out some chars
\r
245 $wht = COMPILE_CODE($wht, false, false, false);
\r
248 // Get action value
\r
249 $act = GET_ACTION($GLOBALS['module'], $wht);
\r
251 // Define admin login name and ID number
\r
252 define('__ADMIN_LOGIN', SQL_ESCAPE($_COOKIE['admin_login']));
\r
253 define('__ADMIN_ID' , GET_ADMIN_ID($_COOKIE['admin_login']));
\r
255 // Preload templates
\r
256 if (EXT_IS_ACTIVE("admins")) {
\r
257 define('__ADMIN_WELCOME', LOAD_TEMPLATE("admin_welcome_admins", true));
\r
259 define('__ADMIN_WELCOME', LOAD_TEMPLATE("admin_welcome", true));
\r
261 define('__ADMIN_FOOTER' , LOAD_TEMPLATE("admin_footer" , true));
\r
262 define('__ADMIN_MENU' , ADD_ADMIN_MENU($act, $wht, true));
\r
265 LOAD_TEMPLATE("admin_main_header");
\r
267 // Check if action/what pair is valid
\r
268 $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu
\r
269 WHERE action='%s' AND ((what='%s' AND what != 'overview') OR (what='' AND '%s'='overview'))
\r
270 LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);
\r
271 if (SQL_NUMROWS($result) == 1)
\r
274 SQL_FREERESULT($result);
\r
276 // Is valid but does the inlcude file exists?
\r
277 $INC = sprintf(PATH."inc/modules/admin/action-%s.php", $act);
\r
278 if ((file_exists($INC)) && (is_readable($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true))
\r
280 // Ok, we finally load the admin action module
\r
283 elseif (__ACL_ALLOW == false)
\r
286 LOAD_TEMPLATE("admin_menu_failed", false, ADMINS_ACCESS_DENIED);
\r
287 ADD_FATAL(ADMINS_ACCESS_DENIED);
\r
291 // Include file not found! :-(
\r
292 LOAD_TEMPLATE("admin_menu_failed", false, ADMIN_404_ACTION);
\r
293 ADD_FATAL(ADMIN_404_ACTION_1.$act.ADMIN_404_ACTION_2);
\r
296 // Invalid action/what pair found!
\r
297 LOAD_TEMPLATE("admin_menu_failed", false, ADMIN_INVALID_ACTION);
\r
298 ADD_FATAL(ADMIN_INVALID_ACTION_1.$act."/".$wht.ADMIN_INVALID_ACTION_2);
\r
302 LOAD_TEMPLATE("admin_main_footer");
\r
305 function ADD_ADMIN_MENU($act, $wht,$return=false)
\r
307 global $_GET, $menuDesription, $MTITLE, $link;
\r
310 // Menu descriptions
\r
311 $menuDesription = array();
\r
315 $result_main = SQL_QUERY("SELECT action, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE what='' ORDER BY sort, id DESC", __FILE__, __LINE__);
\r
317 if (SQL_NUMROWS($result_main) > 0)
\r
319 $OUT = "<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"admin_menu_main\">
\r
320 <TR><TD colspan=\"2\" height=\"7\" class=\"seperator\"> </TD></TR>\n";
\r
321 while (list($menu, $title, $descr) = SQL_FETCHROW($result_main))
\r
323 if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))
\r
325 $ACL = ADMINS_CHECK_ACL($menu, "");
\r
329 // ACL is "allow"... hmmm
\r
336 // Insert compiled menu title and description
\r
337 $MTITLE[$menu] = $title;
\r
338 $menuDesription[$menu] = $descr;
\r
341 <TD class=\"admin_menu\" colspan=\"2\">
\r
342 <NOBR> <STRONG>·</STRONG> ";
\r
343 if (($menu == $act) && (empty($wht)))
\r
345 $OUT .= "<STRONG>";
\r
349 $OUT .= "[ <A href=\"".URL."/modules.php?module=admin&action=".$menu."\">";
\r
352 if (($menu == $act) && (empty($wht)))
\r
354 $OUT .= "</STRONG>";
\r
358 $OUT .= "</A> ]";
\r
360 $OUT .= "</NOBR></TD>
\r
362 $result_what = SQL_QUERY_ESC("SELECT what, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' ORDER BY sort, id DESC",
\r
363 array($menu), __FILE__, __LINE__);
\r
364 if ((SQL_NUMROWS($result_what) > 0) && ($act == $menu))
\r
366 $menuDesription = array();
\r
367 $MTITLE = array(); $SUB = true;
\r
369 <TD width=\"10\" class=\"seperator\"> </TD>
\r
370 <TD class=\"admin_menu\">
\r
371 <TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"admin_menu_sub\">\n";
\r
372 while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what))
\r
375 $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $wht_sub);
\r
376 if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))
\r
378 $ACL = ADMINS_CHECK_ACL("", $wht_sub);
\r
382 // ACL is "allow"... hmmm
\r
385 $readable = ((file_exists($INC)) && (is_readable($INC)));
\r
388 // Insert compiled title and description
\r
389 $MTITLE[$wht_sub] = $title_what;
\r
390 $menuDesription[$wht_sub] = $desc_what;
\r
392 <TD class=\"admin_menu\" colspan=\"2\">
\r
393 <NOBR> <STRONG>--></STRONG> ";
\r
396 if ($wht == $wht_sub)
\r
398 $OUT .= "<STRONG>";
\r
402 $OUT .= "[ <A href=\"".URL."/modules.php?module=admin&what=".$wht_sub."\">";
\r
407 $OUT .= "<I class=\"admin_note\">";
\r
409 $OUT .= $title_what;
\r
412 if ($wht == $wht_sub)
\r
414 $OUT .= "</STRONG>";
\r
418 $OUT .= "</A> ]";
\r
425 $OUT .= "</NOBR></TD>
\r
431 SQL_FREERESULT($result_what);
\r
436 $OUT .= "<TR><TD height=\"7\" colspan=\"2\"></TD></TR>\n";
\r
441 SQL_FREERESULT($result_main);
\r
442 $OUT .= "</TABLE>\n";
\r
445 // Compile and run the code here. This inserts all constants into the
\r
446 // HTML output. Costs me some time to figure this out... *sigh* Quix0r
\r
447 $eval = "\$OUT = \"".COMPILE_CODE(addslashes($OUT))."\";";
\r
450 // Return or output content?
\r
454 OUTPUT_HTML ($OUT);
\r
458 function ADD_MEMBER_SELECTION_BOX($add_all = false, $return = false, $none = false, $def = "0")
\r
461 // Output selection form with all confirmed user accounts listed
\r
462 $result = SQL_QUERY("SELECT userid, surname, family FROM "._MYSQL_PREFIX."_user_data ORDER BY userid", __FILE__, __LINE__);
\r
465 // USe this only for adding points (e.g. adding refs really makes no sence ;-) )
\r
466 if ($add_all) $OUT = " <OPTION value=\"all\">".ALL_MEMBERS."</OPTION>\n";
\r
467 elseif ($none) $OUT = " <OPTION value=\"0\">".SELECT_NONE."</OPTION>\n";
\r
468 while (list($id, $sname, $fname) = SQL_FETCHROW($result))
\r
470 $OUT .= " <OPTION value=\"".$id."\"";
\r
471 if ($def == $id) $OUT .= " selected=\"selected\"";
\r
472 $OUT .= ">".$sname." ".$fname." (".$id.")</OPTION>\n";
\r
476 SQL_FREERESULT($result);
\r
478 // Remeber options in constant
\r
479 define('_MEMBER_SELECTION', $OUT);
\r
483 // Display selection box
\r
484 define('__LANG_VALUE', GET_LANGUAGE());
\r
487 LOAD_TEMPLATE("admin_member_selection_box", false, $GLOBALS['what']);
\r
491 function ADMIN_MENU_SELECTION($MODE, $default="", $defid="")
\r
493 $wht = "what != ''";
\r
494 if ($MODE == "action") $wht = "what='' AND action !='login'";
\r
495 $result = SQL_QUERY_ESC("SELECT %s, title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$wht." ORDER BY sort",
\r
496 array($MODE), __FILE__, __LINE__);
\r
497 if (SQL_NUMROWS($result) > 0)
\r
499 // Load menu as selection
\r
500 $OUT = "<SELECT name=\"".$MODE."_menu";
\r
501 if ((!empty($defid)) || ($defid == "0")) $OUT .= "[".$defid."]";
\r
502 $OUT .= "\" size=\"1\" class=\"admin_select\">
\r
503 <OPTION value=\"\">".SELECT_NONE."</OPTION>\n";
\r
504 while (list($menu, $title) = SQL_FETCHROW($result))
\r
506 $OUT .= " <OPTION value=\"".$menu."\"";
\r
507 if ((!empty($default)) && ($default == $menu)) $OUT .= " selected=\"selected\"";
\r
508 $OUT .= ">".$title."</OPTION>\n";
\r
512 SQL_FREERESULT($result);
\r
513 $OUT .= "</SELECT>\n";
\r
518 $OUT = ADMIN_PROBLEM_NO_MENU;
\r
525 function ADMIN_SAVE_SETTINGS (&$POST, $TABLE, $WHERE="config='1'", $translateComma = array(), $alwaysAdd=false)
\r
527 global $CONFIG, $CFG_CACHE, $CACHE;
\r
529 $skip = false; $TEST2 = "";
\r
530 foreach ($POST as $id=>$val) {
\r
531 // Process only formular field but not submit buttons ;)
\r
533 // Do not save the ok value
\r
534 $TEST = substr($id, -3);
\r
535 if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (isset($val))) {
\r
536 // Found a multi-selection for timings?
\r
537 $TEST = substr($id, 0, -3);
\r
538 if ((isset($POST[$TEST."_ye"])) && (isset($POST[$TEST."_mo"])) && (isset($POST[$TEST."_we"])) && (isset($POST[$TEST."_da"])) && (isset($POST[$TEST."_ho"])) && (isset($POST[$TEST."_mi"])) && (isset($POST[$TEST."_se"])) && ($TEST != $TEST2)) {
\r
539 // Generate timestamp
\r
540 $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);
\r
541 $DATA[] = "$TEST='".$POST[$TEST]."'";
\r
543 // Remove data from array
\r
544 unset($POST[$TEST."_ye"]);
\r
545 unset($POST[$TEST."_mo"]);
\r
546 unset($POST[$TEST."_we"]);
\r
547 unset($POST[$TEST."_da"]);
\r
548 unset($POST[$TEST."_ho"]);
\r
549 unset($POST[$TEST."_mi"]);
\r
550 unset($POST[$TEST."_se"]);
\r
553 unset($id); $skip = true; $TEST2 = $TEST;
\r
556 // Process this entry
\r
557 $skip = false; $TEST2 = "";
\r
560 // Shall we process this ID? It muss not be empty, of course
\r
561 if ((!$skip) && (!empty($id))) {
\r
563 $val = COMPILE_CODE($val);
\r
565 // Translate the value? (comma to dot!)
\r
566 if ((is_array($translateComma)) && (in_array($id, $translateComma))) {
\r
567 // Then do it here... :)
\r
568 $val = str_replace(",", ".", $val);
\r
571 // Shall we add numbers or strings?
\r
572 $test = (float)$val;
\r
573 if ("".$val."" == "".$test."") {
\r
575 $DATA[] = $id."=".$val."";
\r
578 $DATA[] = $id."='".trim($val)."'";
\r
581 // Update current configuration
\r
582 $CONFIG[$id] = $val;
\r
587 // Check if entry does exist
\r
590 if (!empty($WHERE)) {
\r
591 $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$TABLE." WHERE ".$WHERE." LIMIT 1", __FILE__, __LINE__);
\r
593 $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$TABLE." LIMIT 1", __FILE__, __LINE__);
\r
597 if (SQL_NUMROWS($result) == 1) {
\r
598 // "Implode" all data to single string
\r
599 $DATA_UPDATE = implode(", ", $DATA);
\r
601 // Generate SQL string
\r
602 $SQL = "UPDATE "._MYSQL_PREFIX.$TABLE." SET ".$DATA_UPDATE." WHERE ".$WHERE." LIMIT 1";
\r
604 // Add Line (does only work with auto_increment!
\r
605 $KEYs = array(); $VALUEs = array();
\r
606 foreach ($DATA as $entry) {
\r
608 $line = explode("=", $entry);
\r
609 $KEYs[] = $line[0]; $VALUEs[] = $line[1];
\r
612 // Add both in one line
\r
613 $KEYs = implode(", ", $KEYs);
\r
614 $VALUEs = implode(", ", $VALUEs);
\r
616 // Generate SQL string
\r
617 $SQL = "INSERT INTO "._MYSQL_PREFIX.$TABLE." (".$KEYs.") VALUES(".$VALUEs.")";
\r
621 SQL_FREERESULT($result);
\r
623 // Simply run generated SQL string
\r
624 $result = SQL_QUERY($SQL, __FILE__, __LINE__);
\r
626 // Is the config table updated and the cache extension installed?
\r
627 if ((GET_EXT_VERSION("cache") >= "0.1.2") && ($TABLE == "_config")) {
\r
628 // Remove it here...
\r
629 if ($CACHE->cache_file("config", true)) $CACHE->cache_destroy();
\r
634 LOAD_TEMPLATE("admin_settings_saved", false, "<STRONG class=\"admin_done\">".SETTINGS_SAVED."</STRONG>");
\r
637 function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") {
\r
638 // Init the selection box
\r
639 $OUT = "<SELECT name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <OPTION value=\"\">".IS_TOP_MENU."</OPTION>\n";
\r
641 // Open the requested menu directory
\r
642 $handle = opendir(PATH."inc/modules/".$menu."/") or mxchange_die("Cannot load menu ".$menu."!");
\r
643 while ($file = readdir($handle)) {
\r
644 // Is this a PHP script?
\r
645 if (($file != ".") && ($file != "..") && ($file != "lost+found") && (strpos($file, "".$type."-") > -1) && (strpos($file, ".php") > 0)) {
\r
646 // Then test if the file is readable
\r
647 $test = PATH."inc/modules/".$menu."/".$file;
\r
648 if (is_readable($test)) {
\r
649 // Extract the value for what=xxx
\r
650 $part = substr($file, (strlen($type) + 1)); $part = substr($part, 0, strpos($part, ".php"));
\r
652 // Is that part different from the overview?
\r
653 if ($part != "overview") {
\r
654 $OUT .= " <OPTION value=\"".$part."\"";
\r
655 if ($part == $default) $OUT .= "selected";
\r
656 $OUT .= ">".$part."</OPTION>\n";
\r
662 $OUT .= "</SELECT>\n";
\r
666 function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user")
\r
668 if (($title == "") && ($title != "0")) { $title = $uid; }
\r
669 if (($title == "0") && ($wht == "list_refs"))
\r
671 // Return title again
\r
675 //* DEBUG: */ echo "A:".$title."<BR>";
\r
677 return "<A href=\"".URL."/modules.php?module=admin&what=".$wht."&u_id=".$uid."\" title=\"".ADMIN_USER_PROFILE_TITLE."\">".$title."</A>";
\r
680 function ADMIN_CHECK_MENU_MODE()
\r
682 global $CONFIG, $ADMINS, $_COOKIE;
\r
684 // Set the global mode as the mode for all admins
\r
685 $MODE = $CONFIG['admin_menu']; $ADMIN = $MODE;
\r
687 // Check individual settings of current admin
\r
688 if (isset($ADMINS['la_mode'][$_COOKIE['admin_login']]))
\r
691 $ADMIN = $ADMINS['la_mode'][$_COOKIE['admin_login']];
\r
692 $CONFIG['cache_hits']++;
\r
694 elseif (GET_EXT_VERSION("admins") >= "0.6.7")
\r
696 // Load from database when version of "admins" is enough
\r
697 $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
\r
698 array($_COOKIE['admin_login']), __FILE__, __LINE__);
\r
699 if (SQL_NUMROWS($result) == 1)
\r
702 list($ADMIN) = SQL_FETCHROW($result);
\r
706 SQL_FREERESULT($result);
\r
709 // Check what the admin wants and set it when it's not the global mode
\r
710 if ($ADMIN != "global") $MODE = $ADMIN;
\r
712 // Return admin-menu's mode
\r
715 // Change activation status
\r
716 function ADMIN_CHANGE_ACTIVATION_STATUS (array $IDs, $table, $row, $idRow = "id") {
\r
718 $cnt = 0; $newStatus = "Y";
\r
719 if (count($IDs) > 0) {
\r
720 // "Walk" all through and count them
\r
721 foreach ($IDs as $id=>$selected) {
\r
722 // Secure the ID number
\r
723 $id = bigintval($id);
\r
725 // Should always be 1 ;-)
\r
726 if ($selected == 1) {
\r
727 // Determine new status
\r
728 $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%d LIMIT 1",
\r
729 array($row, $table, $idRow, $id), __FILE__, __LINE__);
\r
732 if (SQL_NUMROWS($result) == 1) {
\r
734 list($currStatus) = SQL_FETCHROW($result);
\r
735 if ($currStatus == "Y") $newStatus="N"; else $newStatus = "Y";
\r
737 // Change this status
\r
738 SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%d LIMIT 1",
\r
739 array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__);
\r
741 // Count up affected rows
\r
742 $cnt += SQL_AFFECTEDROWS();
\r
746 SQL_FREERESULT($result);
\r
751 LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_STATUS_CHANGED_1.$cnt.ADMIN_STATUS_CHANGED_2.count($IDs).ADMIN_STATUS_CHANGED_3);
\r
753 // Nothing selected!
\r
754 LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NOTHING_SELECTED_CHANGE);
\r
757 // Delete rows by given ID numbers
\r
758 function ADMIN_DELETE_ENTRIES_CONFIRM (array $IDs, $table, $row, array $columns = array(), array $filterFunctions = array(), $deleteNow=false, $idRow="id") {
\r
760 $OUT = ""; $SW = 2;
\r
761 if (count($IDs) > 0) {
\r
762 // "Walk" through all entries and count them
\r
766 // List for confirmation
\r
767 foreach ($IDs as $id=>$selected) {
\r
768 // Secure ID number
\r
769 $id = bigintval($id);
\r
771 // Will always be 1 ;-)
\r
772 if ($selected == 1) {
\r
773 // Get result from a given column array and table name
\r
774 $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idRow, $id);
\r
776 // Is there one entry?
\r
777 if (SQL_NUMROWS($result) == 1) {
\r
779 $content = SQL_FETCHARRAY($result);
\r
782 foreach ($content as $key=>$value) {
\r
783 // Is a filter function set?
\r
784 $idx = array_search($key, $columns, true);
\r
785 if (!empty($filterFunctions[$idx])) {
\r
787 $content[$key] = call_user_func($filterFunctions[$idx], $value);
\r
791 // Add color switching
\r
792 $content['sw'] = $SW;
\r
794 // Then list it again...
\r
795 $OUT .= LOAD_TEMPLATE("admin_del_".$table."_row", true, $content);
\r
800 SQL_FREERESULT($result);
\r
804 // Load master template
\r
805 LOAD_TEMPLATE("admin_del_".$table."", false, $OUT);
\r