2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/30/2003 *
4 * =============== Last change: 11/27/2004 *
6 * -------------------------------------------------------------------- *
7 * File : admins_functions.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Functions for the admins extension *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Funktionen fuer die admins-Erweiterung *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software; you can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License, or *
21 * (at your option) any later version. *
23 * This program is distributed in the hope that it will be useful, *
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
26 * GNU General Public License for more details. *
28 * You should have received a copy of the GNU General Public License *
29 * along with this program; if not, write to the Free Software *
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
32 ************************************************************************/
34 // Some security stuff...
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
41 function ADMINS_CHECK_ACL($act, $wht)
43 global $_COOKIE, $ADMINS, $ADMINS_ACLS, $CONFIG;
44 // If action is login or logout allow allways!
45 if (($act == "login") || ($act == "logout")) return true;
50 // Get admin's defult access right
51 if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']]))
54 $default = $ADMINS['def_acl'][$_COOKIE['admin_login']];
57 $CONFIG['cache_hits']++;
62 $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
63 array($_COOKIE['admin_login']), __FILE__, __LINE__);
64 list($default) = SQL_FETCHROW($result);
65 SQL_FREERESULT($result);
69 $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
73 // Check for parent menu:
74 // First get it's action value
75 $parent_action = GET_ACTION("admin", $wht);
77 // Check with this function...
78 $parent = ADMINS_CHECK_ACL($parent_action, "");
82 // Anything else is true!
86 // Shall I test for a main or sub menu? (action or what?)
87 $lines = 0; $acl_mode = "failed";
88 if (GET_EXT_VERSION("cache") >= "0.1.2")
90 // Load only from array when there are lines!
91 if (count($ADMINS_ACLS) > 0)
93 // Load ACL from array
94 foreach ($ADMINS_ACLS['admin_id'] as $id=>$aid_acls)
96 if ($aid == $aid_acls)
98 // Okay, one line was found!
99 if ((!empty($act)) && ($ADMINS_ACLS['action_menu'][$id] == $act))
101 // Main menu line found
102 $acl_mode = $ADMINS_ACLS['access_mode'][$id];
105 elseif ((!empty($wht)) && ($ADMINS_ACLS['what_menu'][$id] == $wht))
108 $acl_mode = $ADMINS_ACLS['access_mode'][$id];
114 $CONFIG['cache_hits']++;
121 if ($acl_mode == "failed")
135 // Old version, so load it from database
139 $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1",
140 array(bigintval($aid), $act), __FILE__, __LINE__);
142 elseif (!empty($wht))
145 $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1",
146 array(bigintval($aid), $wht), __FILE__, __LINE__);
149 // Get number of lines
150 $lines = SQL_NUMROWS($result);
153 list($acl_mode) = SQL_FETCHROW($result);
154 SQL_FREERESULT($result);
157 // Check ACL and (maybe) allow
158 if ((($default == "allow") && ($lines == 0)) || (($default == "deny") && ($lines == "1") && ($acl_mode == "allow")) || (($lines == 0) && ($parent))) $ret = true;
163 // Create email link to admins's account
164 function ADMINS_CREATE_EMAIL_LINK($email, $mod="admin")
166 $locked = " AND status='CONFIRMED'";
167 if (IS_ADMIN()) $locked = "";
168 if (strpos("@", $email) > 0)
171 $result = SQL_QUERY_ESC("SELECT id
172 FROM "._MYSQL_PREFIX."_admins
173 WHERE email='%s'".$locked." LIMIT 1",
174 array($email), __FILE__, __LINE__);
175 if (SQL_NUMROWS($result) == 1)
178 list($uid) = SQL_FETCHROW($result);
180 // Rewrite email address to contact link
181 $email = URL."/modules.php?module=".$mod."&what=user_contct&u_id=".bigintval($uid);
185 SQL_FREERESULT($result);
187 elseif (bigintval($email) > 0)
190 $email = URL."/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($email);
193 // Return rewritten (?) email address