2 /************************************************************************
3 * MXChange v0.2.1 Start: 04/18/2004 *
4 * ================ Last change: 04/18/2004 *
6 * -------------------------------------------------------------------- *
7 * File : what-admins_edit.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Edit admin accounts *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Admin-Account editieren *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software; you can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License, or *
21 * (at your option) any later version. *
23 * This program is distributed in the hope that it will be useful, *
24 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
26 * GNU General Public License for more details. *
28 * You should have received a copy of the GNU General Public License *
29 * along with this program; if not, write to the Free Software *
30 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
32 ************************************************************************/
34 // Some security stuff...
35 if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
37 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
40 // Add description as navigation point
41 ADD_DESCR("admin", basename(__FILE__));
43 // Instance for the cache extension
46 // Set selection data to empty array when it is empty
47 if (empty($_POST['sel'])) $_POST['sel'] = array();
49 // Check if direct admin account was selected
50 if (!empty($_GET['admin']))
53 $aid = bigintval($_GET['admin']);
55 $_POST['sel'][$aid] = array("1");
58 if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
62 foreach ($_POST['sel'] as $id=>$sel)
64 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
65 array(bigintval($id)), __FILE__, __LINE__);
66 if (SQL_NUMROWS($result) == 1)
69 $content = SQL_FETCHARRAY($result);
70 SQL_FREERESULT($result);
71 $content['mode'] = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
72 $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
74 // Prepare some more data for the template
78 // Load row template and switch color
79 $OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);
83 define('__ADMINS_ROWS', $OUT);
86 LOAD_TEMPLATE("admin_edit_admins");
88 elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0))
90 // Change admin accounts
92 foreach ($_POST['login'] as $id=>$login)
97 // When both passwords match update admin account
98 if ($_POST['pass1'][$id] == $_POST['pass2'][$id])
100 // Save only when both passwords are the same (also when they are empty)
101 $ADD = ""; $CACHE_UPDATE = "1";
104 $hash = generateHash($_POST['pass1'][$id]);
106 // Save password when set
107 if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";
110 $salt = substr(GET_ADMIN_HASH($_COOKIE['admin_login']), 0, -40);
111 $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
113 // Rewrite cookie when it's own account
117 $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);
119 // Set timeout cookie
120 @setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH);
122 if ($login != $_COOKIE['admin_login'])
124 // Update login cookie
125 @setcookie("admin_login", $login, $TIMEOUT, COOKIE_PATH);
127 // Update password cookie as well?
128 if (!empty($ADD)) @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
130 elseif (generateHash($_POST['pass1'][$id], $salt) != $_COOKIE['admin_md5'])
132 // Update password cookie
133 @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
138 // Update admin account
139 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
144 WHERE id=%d LIMIT 1",
147 $_POST['email'][$id],
149 $_POST['la_mode'][$id],
151 ), __FILE__, __LINE__);
153 // Admin account saved
154 $MSG = ADMIN_ACCOUNT_SAVED;
158 // Passwords did not match
159 $MSG = ADMINS_ERROR_PASS_MISMATCH;
164 if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
166 if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
172 LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");
175 elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0))
177 // Check if this account is the last one which cannot be deleted...
178 $result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);
179 $accounts = SQL_NUMROWS($result_main);
180 SQL_FREERESULT($result_main);
185 foreach ($_POST['sel'] as $id=>$sel)
187 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
188 array(bigintval($id)), __FILE__, __LINE__);
189 if (SQL_NUMROWS($result) == 1)
192 $content = SQL_FETCHARRAY($result);
193 SQL_FREERESULT($result);
194 $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
196 $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
199 // Prepare some more data
200 $content['sw'] = $SW;
201 $content['id'] = $id;
203 // Load row template and switch color
204 $OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);
208 define('__ADMINS_ROWS', $OUT);
211 LOAD_TEMPLATE("admin_del_admins");
215 // Cannot delete last account!
216 LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);
221 if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0))
223 // Remove accounts now
225 foreach ($_POST['sel'] as $id=>$del)
227 // Delete only when it's not your own account!
228 if (($del == 1) && (GET_ADMIN_ID($_COOKIE['admin_login']) != $id))
230 // Rewrite his tasks to all admins
231 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",
232 array(bigintval($id)), __FILE__, __LINE__);
235 $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
236 array(bigintval($id)), __FILE__, __LINE__);
242 // Remove cache if cache system is activated
243 if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
245 if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
249 // List all admin accounts
250 $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login", __FILE__, __LINE__);
252 while ($content = SQL_FETCHARRAY($result))
254 // Compile some variables
255 $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
257 $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
260 // Prepare some more data
261 $content['sw'] = $SW;
262 $content['email_link'] = CREATE_EMAIL_LINK($content['id']);
264 // Load row template and switch color
265 $OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);
270 SQL_FREERESULT($result);
271 define('__ADMINS_ROWS', $OUT);
274 LOAD_TEMPLATE("admin_list_admins");