2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/30/2003 *
4 * =============== Last change: 11/27/2004 *
6 * -------------------------------------------------------------------- *
7 * File : admins_functions.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Functions for the admins extension *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Funktionen fuer die admins-Erweiterung *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2008 by Roland Haeder *
21 * For more information visit: http://www.mxchange.org *
23 * This program is free software; you can redistribute it and/or modify *
24 * it under the terms of the GNU General Public License as published by *
25 * the Free Software Foundation; either version 2 of the License, or *
26 * (at your option) any later version. *
28 * This program is distributed in the hope that it will be useful, *
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
31 * GNU General Public License for more details. *
33 * You should have received a copy of the GNU General Public License *
34 * along with this program; if not, write to the Free Software *
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
37 ************************************************************************/
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
41 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
45 // Check ACL for menu combination
46 function adminsCheckAdminAcl ($act, $wht) {
47 // If action is login or logout allow allways!
49 if (($act == 'login') || ($act == 'logout')) return true;
55 $aid = getCurrentAdminId();
57 // Get admin's defult access right
58 $default = getAdminDefaultAcl($aid);
61 // Check for parent menu:
62 // First get it's action value
63 $parent_action = getModeAction('admin', $wht);
65 // Check with this function...
66 $parent = adminsCheckAdminAcl($parent_action, '');
68 // Anything else is true!
72 // Shall I test for a main or sub menu? (action or what?)
74 if ((GET_EXT_VERSION('cache') >= '0.1.2') && (count($GLOBALS['cache_array']['admin_acls']) > 0)) {
76 if ((!empty($act)) && (isset($GLOBALS['cache_array']['admin_acls']['action_menu'][$aid])) & ($GLOBALS['cache_array']['admin_acls']['action_menu'][$aid] == $act)) {
77 // Main menu line found
78 $acl_mode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$aid];
81 incrementConfigEntry('cache_hits');
82 } elseif ((!empty($wht)) && (isset($GLOBALS['cache_array']['admin_acls']['what_menu'][$aid])) && ($GLOBALS['cache_array']['admin_acls']['what_menu'][$aid] == $wht)) {
84 $acl_mode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$aid];
87 incrementConfigEntry('cache_hits');
89 } elseif (!EXT_IS_ACTIVE('cache')) {
90 // Old version, so load it from database
93 $result = SQL_QUERY_ESC("SELECT access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND action_menu='%s' LIMIT 1",
94 array(bigintval($aid), $act), __FUNCTION__, __LINE__);
95 } elseif (!empty($wht)) {
97 $result = SQL_QUERY_ESC("SELECT access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND what_menu='%s' LIMIT 1",
98 array(bigintval($aid), $wht), __FUNCTION__, __LINE__);
101 // Is an entry found?
102 if (SQL_NUMROWS($result) == 1) {
104 list($acl_mode) = SQL_FETCHROW($result);
108 SQL_FREERESULT($result);
111 // Check ACL and (maybe) allow
112 if (($default == 'allow') || (($default == 'deny') && ($acl_mode == 'allow')) || ($parent === true)) {
118 //* DEBUG: */ print __FUNCTION__."[".__LINE__."]:act={$act},wht={$wht},default={$default},acl_mode={$acl_mode}<br />\n";
122 // Create email link to admins's account
123 function generateAdminEmailLink ($email, $mod = 'admin') {
125 if (strpos($email, '@') !== false) {
127 $result = SQL_QUERY_ESC("SELECT `id`
129 `{!_MYSQL_PREFIX!}_admins`
133 array($email), __FUNCTION__, __LINE__);
135 // Is there an entry?
136 if (SQL_NUMROWS($result) == 1) {
138 list($aid) = SQL_FETCHROW($result);
140 // Rewrite email address to contact link
141 $email = "{!URL!}/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($aid);
145 SQL_FREERESULT($result);
146 } elseif ((is_int($email)) && ($email > 0)) {
148 $email = "{!URL!}/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($email);
151 // Return rewritten (?) email address
155 // Change a lot admin account
156 function adminsChangeAdminAccount ($POST) {
159 foreach ($POST['login'] as $id => $login) {
161 $id = bigintval($id);
163 // When both passwords match update admin account
164 if ($POST['pass1'][$id] == $POST['pass2'][$id]) {
165 // Save only when both passwords are the same (also when they are empty)
166 $add = ''; $cache_update = '1';
169 $hash = generateHash($POST['pass1'][$id]);
171 // Save password when set
172 if (!empty($POST['pass1'][$id])) $add = sprintf(", password='%s'", SQL_ESCAPE($hash));
175 $aid = getCurrentAdminId();
176 $salt = substr(GET_ADMIN_HASH($aid), 0, -40);
178 // Rewrite cookie when it's own account
180 // Set timeout cookie
181 setSession('admin_last', time());
183 if ($login != getSession('admin_login')) {
184 // Update login cookie
185 setSession('admin_login', $login);
187 // Update password cookie as well?
188 if (!empty($add)) setSession('admin_md5', $hash);
189 } elseif (generateHash($POST['pass1'][$id], $salt) != getSession('admin_md5')) {
190 // Update password cookie
191 setSession('admin_md5', $hash);
195 // Get default ACL from admin to check if we can allow him to change the default ACL
196 $default = getAdminDefaultAcl(getCurrentAdminId());
198 // Update admin account
199 if ($default == 'allow') {
200 // Allow changing default ACL
201 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET
206 WHERE `id`=%s LIMIT 1",
211 $POST['la_mode'][$id],
213 ), __FUNCTION__, __LINE__);
215 // Do not allow it here
216 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET
220 WHERE `id`=%s LIMIT 1",
224 $POST['la_mode'][$id],
226 ), __FUNCTION__, __LINE__);
230 cachePurgeAdminMenu($id);
232 // Admin account saved
233 $message = ADMIN_ACCOUNT_SAVED;
235 // Passwords did not match
236 $message = ADMINS_ERROR_PASS_MISMATCH;
240 if (!empty($message)) {
241 LOAD_TEMPLATE('admin_settings_saved', false, $message);
246 runFilterChain('post_admin_edited', REQUEST_POST_ARRAY());
249 // Make admin accounts editable
250 function adminsEditAdminAccount ($POST) {
251 // "Resolve" current's admin access mode
252 $currMode = getAdminDefaultAcl(getCurrentAdminId());
254 // Begin the edit loop
256 foreach ($POST['sel'] as $id => $selected) {
258 $id = bigintval($id);
260 // Get the admin's data
261 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM `{!_MYSQL_PREFIX!}_admins` WHERE `id`=%s LIMIT 1",
262 array($id), __FUNCTION__, __LINE__);
263 if ((SQL_NUMROWS($result) == 1) && ($selected == 1)) {
265 $content = SQL_FETCHARRAY($result);
266 SQL_FREERESULT($result);
268 // Prepare some more data for the template
269 $content['sw'] = $SW;
270 $content['id'] = $id;
272 // Shall we allow changing default ACL?
273 if ($currMode == 'allow') {
275 $content['mode'] = generateOptionList('/ARRAY/', array('allow', 'deny'), array(constant('ADMINS_ALLOW_MODE'), constant('ADMINS_DENY_MODE')), $content['mode']);
278 $content['mode'] = ' ';
280 $content['la_mode'] = generateOptionList('/ARRAY/', array('global', 'OLD', 'NEW'), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
282 // Load row template and switch color
283 $OUT .= LOAD_TEMPLATE('admin_edit_admins_row', true, $content);
287 define('__ADMINS_ROWS', $OUT);
290 LOAD_TEMPLATE('admin_edit_admins');
293 // Delete given admin accounts
294 function adminsDeleteAdminAccount ($POST) {
295 // Check if this account is the last one which cannot be deleted...
296 $result_main = SQL_QUERY("SELECT `id` FROM `{!_MYSQL_PREFIX!}_admins`", __FUNCTION__, __LINE__);
297 $accounts = SQL_NUMROWS($result_main);
298 SQL_FREERESULT($result_main);
302 foreach ($POST['sel'] as $id => $selected) {
304 $id = bigintval($id);
306 // Get the admin's data
307 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM `{!_MYSQL_PREFIX!}_admins` WHERE `id`=%s LIMIT 1",
308 array($id), __FUNCTION__, __LINE__);
309 if (SQL_NUMROWS($result) == 1) {
311 $content = SQL_FETCHARRAY($result);
312 SQL_FREERESULT($result);
313 $content['mode'] = constant('ADMINS_'.strtoupper($content['mode']).'_MODE');
314 $content['la_mode'] = constant('ADMINS_'.strtoupper($content['la_mode']).'_LA_SETTING');
316 // Prepare some more data
317 $content['sw'] = $SW;
318 $content['id'] = $id;
320 // Load row template and switch color
321 $OUT .= LOAD_TEMPLATE('admin_del_admins_row', true, $content);
325 define('__ADMINS_ROWS', $OUT);
328 LOAD_TEMPLATE('admin_del_admins');
330 // Cannot delete last account!
331 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_ADMINS_CANNOT_DELETE_LAST'));
335 // Remove the given accounts
336 function adminsRemoveAdminAccount ($POST) {
339 foreach ($POST['sel'] as $id => $del) {
341 $id = bigintval($id);
343 // Delete only when it's not your own account!
344 if (($del == 1) && (getCurrentAdminId() != $id)) {
345 // Rewrite his tasks to all admins
346 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_task_system` SET `assigned_admin`=0 WHERE `assigned_admin`=%s",
347 array($id), __FUNCTION__, __LINE__);
350 SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins` WHERE `id`=%s LIMIT 1",
351 array($id), __FUNCTION__, __LINE__);
354 cachePurgeAdminMenu($id);
359 // Remove cache if cache system is activated
360 runFilterChain('post_admin_deleted', REQUEST_POST_ARRAY());
363 // List all admin accounts
364 function adminsListAdminAccounts() {
365 // Select all admin accounts
366 $result = SQL_QUERY("SELECT `id`, `login`, `email`, `default_acl` AS mode, `la_mode` FROM `{!_MYSQL_PREFIX!}_admins` ORDER BY `login` ASC", __FUNCTION__, __LINE__);
368 while ($content = SQL_FETCHARRAY($result)) {
369 // Compile some variables
370 $content['mode'] = constant('ADMINS_'.strtoupper($content['mode']).'_MODE');
371 $content['la_mode'] = constant('ADMINS_'.strtoupper($content['la_mode']).'_LA_SETTING');
373 // Prepare some more data
374 $content['sw'] = $SW;
375 $content['email_link'] = generateEmailLink($content['id'], 'admins');
377 // Load row template and switch color
378 $OUT .= LOAD_TEMPLATE('admin_list_admins_row', true, $content);
383 SQL_FREERESULT($result);
384 define('__ADMINS_ROWS', $OUT);
387 LOAD_TEMPLATE('admin_list_admins');
390 // Filter for adding extra data to the query
391 function FILTER_ADD_EXTRA_SQL_DATA ($add = '') {
392 // Is the admins extension updated? (should be!)
393 if (GET_EXT_VERSION('admins') >= '0.3.0') $add .= ', `default_acl` AS def_acl';
394 if (GET_EXT_VERSION('admins') >= '0.6.7') $add .= ', `la_mode`';
395 if (GET_EXT_VERSION('admins') >= '0.7.2') $add .= ', `login_failures`, UNIX_TIMESTAMP(`last_failure`) AS last_failure';