2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/30/2003 *
4 * =============== Last change: 11/27/2004 *
6 * -------------------------------------------------------------------- *
7 * File : admins_functions.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Functions for the admins extension *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Funktionen fuer die admins-Erweiterung *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software; you can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License, or *
21 * (at your option) any later version. *
23 * This program is distributed in the hope that it will be useful, *
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
26 * GNU General Public License for more details. *
28 * You should have received a copy of the GNU General Public License *
29 * along with this program; if not, write to the Free Software *
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
32 ************************************************************************/
34 // Some security stuff...
35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
41 function ADMINS_CHECK_ACL($act, $wht)
43 global $ADMINS, $ADMINS_ACLS, $CONFIG, $CACHE;
44 // If action is login or logout allow allways!
46 if (($act == "login") || ($act == "logout")) return true;
51 // Get admin's defult access right
52 if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']])) {
54 $default = $ADMINS['def_acl'][$_COOKIE['admin_login']];
57 $CONFIG['cache_hits']++;
58 } elseif (!is_object($CACHE)) {
60 $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
61 array($_COOKIE['admin_login']), __FILE__, __LINE__);
62 list($default) = SQL_FETCHROW($result);
63 SQL_FREERESULT($result);
67 $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
71 // Check for parent menu:
72 // First get it's action value
73 $parent_action = GET_ACTION("admin", $wht);
75 // Check with this function...
76 $parent = ADMINS_CHECK_ACL($parent_action, "");
80 // Anything else is true!
84 // Shall I test for a main or sub menu? (action or what?)
85 $lines = 0; $acl_mode = "failed";
86 if (GET_EXT_VERSION("cache") >= "0.1.2")
88 // Load only from array when there are lines!
89 if (count($ADMINS_ACLS) > 0)
91 // Load ACL from array
92 foreach ($ADMINS_ACLS['admin_id'] as $id=>$aid_acls)
94 if ($aid == $aid_acls)
96 // Okay, one line was found!
97 if ((!empty($act)) && ($ADMINS_ACLS['action_menu'][$id] == $act))
99 // Main menu line found
100 $acl_mode = $ADMINS_ACLS['access_mode'][$id];
103 elseif ((!empty($wht)) && ($ADMINS_ACLS['what_menu'][$id] == $wht))
106 $acl_mode = $ADMINS_ACLS['access_mode'][$id];
112 $CONFIG['cache_hits']++;
119 if ($acl_mode == "failed")
133 // Old version, so load it from database
137 $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1",
138 array(bigintval($aid), $act), __FILE__, __LINE__);
140 elseif (!empty($wht))
143 $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1",
144 array(bigintval($aid), $wht), __FILE__, __LINE__);
147 // Get number of lines
148 $lines = SQL_NUMROWS($result);
151 list($acl_mode) = SQL_FETCHROW($result);
152 SQL_FREERESULT($result);
155 // Check ACL and (maybe) allow
156 if ((($default == "allow") && ($lines == 0)) || (($default == "deny") && ($lines == "1") && ($acl_mode == "allow")) || (($lines == 0) && ($parent))) $ret = true;
161 // Create email link to admins's account
162 function ADMINS_CREATE_EMAIL_LINK($email, $mod="admin")
164 $locked = " AND status='CONFIRMED'";
165 if (IS_ADMIN()) $locked = "";
166 if (strpos("@", $email) > 0)
169 $result = SQL_QUERY_ESC("SELECT id
170 FROM "._MYSQL_PREFIX."_admins
171 WHERE email='%s'".$locked." LIMIT 1",
172 array($email), __FILE__, __LINE__);
173 if (SQL_NUMROWS($result) == 1)
176 list($uid) = SQL_FETCHROW($result);
178 // Rewrite email address to contact link
179 $email = URL."/modules.php?module=".$mod."&what=user_contct&u_id=".bigintval($uid);
183 SQL_FREERESULT($result);
185 elseif (bigintval($email) > 0)
188 $email = URL."/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($email);
191 // Return rewritten (?) email address