inc/modules/admin/what-config_admins.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 06/30/2004 *
   4  * ================                             Last change: 07/02/2004 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File: what-config_admins.php                                         *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Configure admin ACLs                             *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Admin-ACLs einstellen                            *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software; you can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License, or    *
  21  * (at your option) any later version.                                  *
  22  *                                                                      *
  23  * This program is distributed in the hope that it will be useful,      *
  24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  26  * GNU General Public License for more details.                         *
  27  *                                                                      *
  28  * You should have received a copy of the GNU General Public License    *
  29  * along with this program; if not, write to the Free Software          *
  30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  31  * MA  02110-1301  USA                                                  *
  32  ************************************************************************/
  33
  34 // Some security stuff...
  35 if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
  36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
  37         require($INC);
  38 }
  39
  40 // Add description as navigation point
  41 ADD_DESCR("admin", __FILE__);
  42
  43 $SEL = 0;
  44 if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
  45
  46 if ((isset($_POST['edit'])) && ($SEL > 0)) {
  47         // Edit ACLs
  48         $SW = 2; $OUT = "";
  49         foreach ($_POST['sel'] as $id => $sel) {
  50                 // Load data for the ID
  51                 $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
  52                  array(bigintval($id)), __FILE__, __LINE__);
  53                 list($aid, $act, $wht, $mode) = SQL_FETCHROW($result);
  54                 SQL_FREERESULT($result);
  55
  56                 // Prepare data for the row template
  57                 $content = array(
  58                         'sw'               => $SW,
  59                         'id'               => $id,
  60                         'admins_selection' => ADD_OPTION_LINES("admins", "id", "login", $aid, "default_acl"),
  61                         'action_selection' => ADMIN_MENU_SELECTION("action", $act, $id),
  62                         'what_selection'   => ADMIN_MENU_SELECTION("what", $wht, $id),
  63                         'mode_options'     => ADD_OPTION_LINES(
  64                                 "/ARRAY/",
  65                                 array("allow", "deny"),
  66                                 array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE),
  67                                 $mode
  68                         ),
  69                 );
  70
  71                 // Load row template
  72                 $OUT .= LOAD_TEMPLATE("admin_config_admins_edit_row", true, $content);
  73                 $SW = 3 - $SW;
  74         }
  75         define('__ACL_ROWS', $OUT);
  76
  77         // Load main template
  78         LOAD_TEMPLATE("admin_config_admins_edit");
  79 } elseif ((isset($_POST['change'])) && ($SEL > 0)) {
  80         // Change entries
  81         foreach ($_POST['sel'] as $id => $sel) {
  82                 // Secure ID
  83                 $id = bigintval($id);
  84
  85                 // Update entries
  86                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
  87                  array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
  88         }
  89
  90         // Update cache when installed
  91         if (EXT_IS_ACTIVE("cache")) {
  92                 if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
  93
  94                 // Purge menu cache
  95                 CACHE_PURGE_ADMIN_MENU($_POST['admin'][$id]);
  96         }
  97
  98         // Entries changed
  99         LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_ENTRIES_CHANGED);
 100 } elseif ((isset($_POST['del'])) && ($SEL > 0)) {
 101         // Delete ACLs
 102         $SW = 2; $OUT = "";
 103         foreach ($_POST['sel'] as $id => $sel) {
 104                 // Load data for the ID
 105                 $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
 106                  array(bigintval($id)), __FILE__, __LINE__);
 107                 list($admin, $act, $wht, $mode) = SQL_FETCHROW($result);
 108                 SQL_FREERESULT($result);
 109
 110                 // Prepare variables
 111                 if (empty($act)) $act = "---";
 112                 if (empty($wht)) $wht   = "---";
 113
 114                 // Get admin mode
 115                 $mode = constant('ADMINS_'.strtoupper($mode).'_MODE');
 116
 117                 // Load admin's data
 118                 $login = GET_ADMIN_LOGIN($admin);
 119                 if ($login != "***") {
 120                         // Admin found
 121                         $admin = "<A href=\"".URL."/modules.php?module=admin&amp;what=admins_contct&amp;admin=".$admin."\">".$login."</A>";
 122                 } else {
 123                         // Maybe deleted?
 124                         $admin = "<FONT class=\"admin_note\">".ADMIN_ID_404_1.$admin.ADMIN_ID_404_2."</FONT>";
 125                 }
 126
 127                 // Prepare data for the row template
 128                 $content = array(
 129                         'sw'     => $SW,
 130                         'id'     => $id,
 131                         'admin'  => $admin,
 132                         'action' => $act,
 133                         'what'   => $wht,
 134                         'mode'   => $mode,
 135                 );
 136
 137                 // Load row template and switch colors
 138                 $OUT .= LOAD_TEMPLATE("admin_config_admins_del_row", true, $content);
 139                 $SW = 3 - $SW;
 140         }
 141         define('__ACL_ROWS', $OUT);
 142
 143         // Load main template
 144         LOAD_TEMPLATE("admin_config_admins_del");
 145 } elseif ((isset($_POST['remove'])) && ($SEL > 0)) {
 146         // Remove entries
 147         foreach ($_POST['sel'] as $id => $sel) {
 148                 $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
 149                  array(bigintval($id)),__FILE__, __LINE__);
 150         }
 151
 152         // Update cache when installed
 153         if (EXT_IS_ACTIVE("cache")) {
 154                 if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
 155
 156                 // @TODO This causes the whole (!) menu cache being rebuild
 157                 CACHE_PURGE_ADMIN_MENU();
 158         }
 159
 160         // Entries deleted
 161         LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_ENTRIES_DELETED);
 162 } elseif (isset($_POST['add'])) {
 163         // Check if everything is fine...
 164         $mode = GET_ADMIN_DEFAULT_ACL(bigintval($_POST['admin_id']));
 165
 166         // Default ACL is false
 167         $ACL = false;
 168         if (!empty($_POST['what_menu'])) {
 169                 // Check parent ACL
 170                 $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", $_POST['what_menu']), "");
 171         }
 172
 173         if ($mode != $_POST['mode'] || ($ACL)) {
 174                 // Mode is fine
 175                 $BOTH = ((!empty($_POST['action_menu'])) && (!empty($_POST['what_menu'])));
 176                 if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH)) {
 177                         // Main or sub menu selected
 178                         $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
 179                          array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
 180                         if (SQL_NUMROWS($result) == 0) {
 181                                 // Finally add the new ACL
 182                                 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins_acls (admin_id, action_menu, what_menu, access_mode)
 183 VALUES ('%s','%s','%s','%s')",
 184  array(
 185         bigintval($_POST['admin_id']),
 186         $_POST['action_menu'],
 187         $_POST['what_menu'],
 188         $_POST['mode']
 189 ), __FILE__, __LINE__);
 190                                 $content = ADMIN_ADMINS_ACL_SAVED;
 191
 192                                 // Update cache when installed
 193                                 if (EXT_IS_ACTIVE("cache")) {
 194                                         if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
 195
 196                                         // Purge cache
 197                                         CACHE_PURGE_ADMIN_MENU($_POST['admin_id'], $_POST['action_menu'], $_POST['what_menu']);
 198                                 } // END - if
 199                         } else {
 200                                 // ACL does already exist!
 201                                 $content = ADMIN_ADMINS_ACL_ALREADY_ADDED;
 202                         }
 203
 204                         // Free memory
 205                         SQL_FREERESULT($result);
 206                 } else {
 207                         // No menu selected makes also no sence...
 208                         $content = ADMIN_ADMINS_SELECT_ACTION_WHAT;
 209                 }
 210         } else {
 211                 // Same mode makes no sence...
 212                 $content = ADMIN_ADMINS_SAME_MODE_SELECTED;
 213         }
 214
 215         // Display message
 216         LOAD_TEMPLATE("admin_settings_saved", false, $content);
 217 } else {
 218         // List all ACLs
 219         $result_acls = SQL_QUERY("SELECT id, admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls ORDER BY admin_id, id", __FILE__, __LINE__);
 220         if (SQL_NUMROWS($result_acls) > 0)
 221         {
 222                 // List ACLs
 223                 $SW = 2; $OUT = "";
 224                 while(list($id, $admin, $act, $wht, $mode) = SQL_FETCHROW($result_acls))
 225                 {
 226                         // Prepare variables
 227                         if (empty($act)) $act = "---";
 228                         if (empty($wht))   $wht   = "---";
 229
 230                         // Get mode
 231                         $mode = constant('ADMINS_'.strtoupper($mode).'_MODE');
 232
 233                         // Load admin's data
 234                         $login = GET_ADMIN_LOGIN($admin);
 235                         if ($login != "***")
 236                         {
 237                                 // Admin found
 238                                 $admin = "<A href=\"".URL."/modules.php?module=admin&amp;what=admins_contct&amp;admin=".$admin."\">".$login."</A>";
 239                         }
 240                          else
 241                         {
 242                                 // Maybe deleted?
 243                                 $admin = "<FONT class=\"admin_note\">".ADMIN_ID_404_1.$admin.ADMIN_ID_404_2."</FONT>";
 244                         }
 245
 246                         // Prepare data for the row template
 247                         $content = array(
 248                                 'sw'     => $SW,
 249                                 'id'     => $id,
 250                                 'admin'  => $admin,
 251                                 'action' => $act,
 252                                 'what'   => $wht,
 253                                 'mode'   => $mode,
 254                         );
 255
 256                         // Load row template and switch colors
 257                         $OUT .= LOAD_TEMPLATE("admin_config_admins_row", true, $content);
 258                         $SW = 3 - $SW;
 259                 }
 260
 261                 // Free memory
 262                 SQL_FREERESULT($result);
 263                 define('__ACL_ROWS', $OUT);
 264
 265                 // Load main template
 266                 LOAD_TEMPLATE("admin_config_admins");
 267         }
 268
 269         // Prepare some constants for the template
 270         define('_ADMINS_SELECTION', ADD_OPTION_LINES("admins", "id", "login", "", "default_acl"));
 271         define('_ACTION_SELECTION', ADMIN_MENU_SELECTION("action"));
 272         define('_WHAT_SELECTION'  , ADMIN_MENU_SELECTION("what"));
 273         define('_MODE_OPTIONS'    , ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE)));
 274
 275         // Load template for adding new ACL
 276         LOAD_TEMPLATE("admin_admins_add_acl");
 277 }
 278
 279 //
 280 ?>