2 /************************************************************************
\r
3 * MXChange v0.2.1 Start: 04/18/2004 *
\r
4 * ================ Last change: 04/18/2004 *
\r
6 * -------------------------------------------------------------------- *
\r
7 * File : what-admins_edit.php *
\r
8 * -------------------------------------------------------------------- *
\r
9 * Short description : Edit admin accounts *
\r
10 * -------------------------------------------------------------------- *
\r
11 * Kurzbeschreibung : Admin-Account editieren *
\r
12 * -------------------------------------------------------------------- *
\r
14 * -------------------------------------------------------------------- *
\r
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
\r
16 * For more information visit: http://www.mxchange.org *
\r
18 * This program is free software; you can redistribute it and/or modify *
\r
19 * it under the terms of the GNU General Public License as published by *
\r
20 * the Free Software Foundation; either version 2 of the License, or *
\r
21 * (at your option) any later version. *
\r
23 * This program is distributed in the hope that it will be useful, *
\r
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
\r
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
\r
26 * GNU General Public License for more details. *
\r
28 * You should have received a copy of the GNU General Public License *
\r
29 * along with this program; if not, write to the Free Software *
\r
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
\r
31 * MA 02110-1301 USA *
\r
32 ************************************************************************/
\r
34 // Some security stuff...
\r
35 if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
\r
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
\r
40 // Add description as navigation point
\r
41 ADD_DESCR("admin", basename(__FILE__));
\r
43 // Instance for the cache extension
\r
46 // Set selection data to empty array when it is empty
\r
47 if (empty($_POST['sel'])) $_POST['sel'] = array();
\r
49 // Check if direct admin account was selected
\r
50 if (!empty($_GET['admin']))
\r
53 $aid = bigintval($_GET['admin']);
\r
54 $_POST['edit'] = "1";
\r
55 $_POST['sel'][$aid] = array("1");
\r
58 if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
\r
62 foreach ($_POST['sel'] as $id=>$sel)
\r
64 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
\r
65 array(bigintval($id)), __FILE__, __LINE__);
\r
66 if (SQL_NUMROWS($result) == 1)
\r
69 $content = SQL_FETCHARRAY($result);
\r
70 SQL_FREERESULT($result);
\r
71 $content['mode'] = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
\r
72 $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
\r
74 // Prepare some more data for the template
\r
75 $content['sw'] = $SW;
\r
76 $content['id'] = $id;
\r
78 // Load row template and switch color
\r
79 $OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);
\r
83 define('__ADMINS_ROWS', $OUT);
\r
86 LOAD_TEMPLATE("admin_edit_admins");
\r
88 elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0))
\r
90 // Change admin accounts
\r
91 $CACHE_UPDATE = "0";
\r
92 foreach ($_POST['login'] as $id=>$login)
\r
95 $id = bigintval($id);
\r
97 // When both passwords match update admin account
\r
98 if ($_POST['pass1'][$id] == $_POST['pass2'][$id])
\r
100 // Save only when both passwords are the same (also when they are empty)
\r
101 $ADD = ""; $CACHE_UPDATE = "1";
\r
104 $hash = generateHash($_POST['pass1'][$id]);
\r
106 // Save password when set
\r
107 if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";
\r
110 $salt = substr(GET_ADMIN_HASH($_COOKIE['admin_login']), 0, -40);
\r
111 $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
\r
113 // Rewrite cookie when it's own account
\r
117 $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);
\r
119 // Set timeout cookie
\r
120 @setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH);
\r
122 if ($login != $_COOKIE['admin_login'])
\r
124 // Update login cookie
\r
125 @setcookie("admin_login", $login, $TIMEOUT, COOKIE_PATH);
\r
127 // Update password cookie as well?
\r
128 if (!empty($ADD)) @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
\r
130 elseif (generateHash($_POST['pass1'][$id], $salt) != $_COOKIE['admin_md5'])
\r
132 // Update password cookie
\r
133 @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
\r
138 // Update admin account
\r
139 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
\r
140 login='%s'".$ADD.",
\r
144 WHERE id=%d LIMIT 1",
\r
147 $_POST['email'][$id],
\r
148 $_POST['mode'][$id],
\r
149 $_POST['la_mode'][$id],
\r
151 ), __FILE__, __LINE__);
\r
153 // Admin account saved
\r
154 $MSG = ADMIN_ACCOUNT_SAVED;
\r
158 // Passwords did not match
\r
159 $MSG = ADMINS_ERROR_PASS_MISMATCH;
\r
163 // Remove cache file
\r
164 if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
\r
166 if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
\r
172 LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");
\r
175 elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0))
\r
177 // Check if this account is the last one which cannot be deleted...
\r
178 $result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);
\r
179 $accounts = SQL_NUMROWS($result_main);
\r
180 SQL_FREERESULT($result_main);
\r
184 $SW = 2; $OUT = "";
\r
185 foreach ($_POST['sel'] as $id=>$sel)
\r
187 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
\r
188 array(bigintval($id)), __FILE__, __LINE__);
\r
189 if (SQL_NUMROWS($result) == 1)
\r
192 $content = SQL_FETCHARRAY($result);
\r
193 SQL_FREERESULT($result);
\r
194 $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
\r
196 $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
\r
199 // Prepare some more data
\r
200 $content['sw'] = $SW;
\r
201 $content['id'] = $id;
\r
203 // Load row template and switch color
\r
204 $OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);
\r
208 define('__ADMINS_ROWS', $OUT);
\r
211 LOAD_TEMPLATE("admin_del_admins");
\r
215 // Cannot delete last account!
\r
216 LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);
\r
221 if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0))
\r
223 // Remove accounts now
\r
224 $CACHE_UPDATE = "0";
\r
225 foreach ($_POST['sel'] as $id=>$del)
\r
227 // Delete only when it's not your own account!
\r
228 if (($del == 1) && (GET_ADMIN_ID($_COOKIE['admin_login']) != $id))
\r
230 // Rewrite his tasks to all admins
\r
231 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",
\r
232 array(bigintval($id)), __FILE__, __LINE__);
\r
235 $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
\r
236 array(bigintval($id)), __FILE__, __LINE__);
\r
238 $CACHE_UPDATE = "1";
\r
242 // Remove cache if cache system is activated
\r
243 if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
\r
245 if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
\r
249 // List all admin accounts
\r
250 $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login", __FILE__, __LINE__);
\r
251 $SW = 2; $OUT = "";
\r
252 while ($content = SQL_FETCHARRAY($result))
\r
254 // Compile some variables
\r
255 $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
\r
257 $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
\r
260 // Prepare some more data
\r
261 $content['sw'] = $SW;
\r
262 $content['email_link'] = CREATE_EMAIL_LINK($content['id']);
\r
264 // Load row template and switch color
\r
265 $OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);
\r
270 SQL_FREERESULT($result);
\r
271 define('__ADMINS_ROWS', $OUT);
\r
274 LOAD_TEMPLATE("admin_list_admins");
\r