-<?php\r
-/************************************************************************\r
- * MXChange v0.2.1 Start: 08/31/2003 *\r
- * =============== Last change: 11/23/2004 *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * File : admin-inc.php *\r
- * -------------------------------------------------------------------- *\r
- * Short description : Administrative related functions *\r
- * -------------------------------------------------------------------- *\r
- * Kurzbeschreibung : F�r die Administration ben�tigte Funktionen *\r
- * -------------------------------------------------------------------- *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * Copyright (c) 2003 - 2008 by Roland Haeder *\r
- * For more information visit: http://www.mxchange.org *\r
- * *\r
- * This program is free software; you can redistribute it and/or modify *\r
- * it under the terms of the GNU General Public License as published by *\r
- * the Free Software Foundation; either version 2 of the License, or *\r
- * (at your option) any later version. *\r
- * *\r
- * This program is distributed in the hope that it will be useful, *\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *\r
- * GNU General Public License for more details. *\r
- * *\r
- * You should have received a copy of the GNU General Public License *\r
- * along with this program; if not, write to the Free Software *\r
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *\r
- * MA 02110-1301 USA *\r
- ************************************************************************/\r
-\r
-// Some security stuff...\r
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))\r
-{\r
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";\r
- require($INC);\r
-}\r
-\r
-//\r
-function REGISTER_ADMIN ($user, $md5)\r
-{\r
- $ret = "failed";\r
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",\r
- array($user), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 0)\r
- {\r
- // Ok, let's create the admin login\r
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')",\r
- array($user, $md5), __FILE__, __LINE__);\r
- $ret = "done";\r
- }\r
- else\r
- {\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-\r
- // Login does already exist\r
- $ret = "already";\r
- }\r
- return $ret;\r
-}\r
-// Only be executed on login procedure!\r
-function CHECK_ADMIN_LOGIN ($admin_login, $password)\r
-{\r
- global $ADMINS, $CONFIG, $CACHE;\r
- $ret = "404"; $pass = "";\r
- if (!empty($ADMINS['aid'][$admin_login]))\r
- {\r
- // Get password from cache\r
- $pass = $ADMINS['password'][$admin_login];\r
- $ret = "pass";\r
- $CONFIG['cache_hits']++;\r
- }\r
- else\r
- {\r
- // Get password from DB\r
- $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",\r
- array($admin_login), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- $ret = "pass";\r
- list($pass) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
- }\r
- }\r
-\r
- //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."<BR>";\r
- if ((strlen($pass) == 32) && ($pass == md5($password)))\r
- {\r
- // Generate new hash\r
- $pass = generateHash($password);\r
- if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done";\r
- }\r
- elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))\r
- {\r
- // Old hashing way\r
- return $ret;\r
- }\r
-\r
- // Generate salt of password\r
- define('__SALT', substr($pass, 0, -40));\r
- $salt = __SALT;\r
-\r
- // Check if password is same\r
- if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt)))\r
- {\r
- // Update password\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",\r
- array($pass, $admin_login), __FILE__, __LINE__);\r
-\r
- // Shall I remove the cache file?\r
- if ((EXT_IS_ACTIVE("cache")) && ($CACHE != false))\r
- {\r
- if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();\r
- }\r
-\r
- // Password matches!\r
- $ret = "done";\r
- }\r
- elseif ((empty($salt)) && ($ret == "pass"))\r
- {\r
- // Something bad went wrong\r
- $ret = "failed";\r
- }\r
- return $ret;\r
-}\r
-// Only be executed on cookie checking\r
-function CHECK_ADMIN_COOKIES ($admin_login, $password)\r
-{\r
- global $ADMINS, $CONFIG;\r
- $ret = "404"; $pass = "";\r
- if (!empty($ADMINS['aid'][$admin_login]))\r
- {\r
- // Get password from cache\r
- $pass = $ADMINS['password'][$admin_login];\r
- $ret = "pass";\r
- $CONFIG['cache_hits']++;\r
- }\r
- else\r
- {\r
- // Get password from DB\r
- $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",\r
- array($admin_login), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- $ret = "pass";\r
- list($pass) = SQL_FETCHROW($result);\r
- SQL_FREERESULT($result);\r
- }\r
- }\r
-\r
- //* DEBUG: */ echo "*".$pass."/".$password."<BR>";\r
-\r
- // Check if password matches\r
- if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password)))\r
- {\r
- // Passwords matches!\r
- $ret = "done";\r
- }\r
- return $ret;\r
-}\r
-//\r
-function admin_WriteData ($FILE, $COMMENT, $PREFIX, $SUFFIX, $DATA, $SEEK=0)\r
-{\r
- $DONE = false; $SEEK++; $found = false;\r
- if (file_exists($FILE))\r
- {\r
- $SEARCH = "CFG: ".$COMMENT;\r
- $TMP = $FILE.".tmp";\r
- $fp = fopen($FILE, 'r') or OUTPUT_HTML ("<STRONG>READ:</STRONG> ".$FILE."<BR>");\r
- if ($fp)\r
- {\r
- $fp_tmp = fopen($TMP, 'w') or OUTPUT_HTML ("<STRONG>WRITE:</STRONG> ".$TMP."<BR>");\r
- if ($fp_tmp)\r
- {\r
- while (! feof($fp))\r
- {\r
- $line = fgets ($fp, 1024);\r
- if (strpos($line, $SEARCH) > -1) { $next = 0; $found = true; }\r
- if ($next > -1)\r
- {\r
- if ($next == $SEEK)\r
- {\r
- $next = -1;\r
- $line = $PREFIX.$DATA.$SUFFIX."\n";\r
- }\r
- else\r
- {\r
- $next++;\r
- }\r
- }\r
- fputs($fp_tmp, $line);\r
- }\r
- fclose($fp_tmp);\r
- // Finished writing tmp file\r
- $DONE = true;\r
- }\r
- fclose($fp);\r
- if (($DONE) && ($found))\r
- {\r
- // Copy back tmp file and delete tmp :-)\r
- @copy($TMP, $FILE);\r
- @unlink($TMP);\r
- define ('_FATAL', false);\r
- }\r
- elseif (!$found)\r
- {\r
- OUTPUT_HTML ("<STRONG>CHANGE:</STRONG> 404!");\r
- define ('_FATAL', true);\r
- }\r
- else\r
- {\r
- OUTPUT_HTML ("<STRONG>TMP:</STRONG> UNDONE!");\r
- define ('_FATAL', true);\r
- }\r
- }\r
- }\r
- else\r
- {\r
- OUTPUT_HTML ("<STRONG>404:</STRONG> ".$FILE."<BR>");\r
- }\r
-}\r
-//\r
-function ADMIN_DO_ACTION($wht)\r
-{\r
- global $menuDesription, $MTITLE, $CONFIG, $EXTENSIONS, $link, $DATA;\r
- //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*<br />\n";\r
- if (EXT_IS_ACTIVE("cache"))\r
- {\r
- // Include cache instance\r
- global $CACHE;\r
- }\r
-\r
- // Remove any spaces from variable\r
- if (empty($wht))\r
- {\r
- // Default admin action is the overview page\r
- $wht = "overview";\r
- }\r
- else\r
- {\r
- // Compile out some chars\r
- $wht = COMPILE_CODE($wht, false, false, false);\r
- }\r
-\r
- // Get action value\r
- $act = GET_ACTION($GLOBALS['module'], $wht);\r
-\r
- // Define admin login name and ID number\r
- define('__ADMIN_LOGIN', SQL_ESCAPE($_COOKIE['admin_login']));\r
- define('__ADMIN_ID' , GET_ADMIN_ID($_COOKIE['admin_login']));\r
-\r
- // Preload templates\r
- if (EXT_IS_ACTIVE("admins")) {\r
- define('__ADMIN_WELCOME', LOAD_TEMPLATE("admin_welcome_admins", true));\r
- } else {\r
- define('__ADMIN_WELCOME', LOAD_TEMPLATE("admin_welcome", true));\r
- }\r
- define('__ADMIN_FOOTER' , LOAD_TEMPLATE("admin_footer" , true));\r
- define('__ADMIN_MENU' , ADD_ADMIN_MENU($act, $wht, true));\r
-\r
- // Tableset header\r
- LOAD_TEMPLATE("admin_main_header");\r
-\r
- // Check if action/what pair is valid\r
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu\r
-WHERE action='%s' AND ((what='%s' AND what != 'overview') OR (what='' AND '%s'='overview'))\r
-LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-\r
- // Is valid but does the inlcude file exists?\r
- $INC = sprintf(PATH."inc/modules/admin/action-%s.php", $act);\r
- if ((file_exists($INC)) && (is_readable($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true))\r
- {\r
- // Ok, we finally load the admin action module\r
- include($INC);\r
- }\r
- elseif (__ACL_ALLOW == false)\r
- {\r
- // Access denied\r
- LOAD_TEMPLATE("admin_menu_failed", false, ADMINS_ACCESS_DENIED);\r
- ADD_FATAL(ADMINS_ACCESS_DENIED);\r
- }\r
- else\r
- {\r
- // Include file not found! :-(\r
- LOAD_TEMPLATE("admin_menu_failed", false, ADMIN_404_ACTION);\r
- ADD_FATAL(ADMIN_404_ACTION_1.$act.ADMIN_404_ACTION_2);\r
- }\r
- } else {\r
- // Invalid action/what pair found!\r
- LOAD_TEMPLATE("admin_menu_failed", false, ADMIN_INVALID_ACTION);\r
- ADD_FATAL(ADMIN_INVALID_ACTION_1.$act."/".$wht.ADMIN_INVALID_ACTION_2);\r
- }\r
-\r
- // Tableset footer\r
- LOAD_TEMPLATE("admin_main_footer");\r
-}\r
-//\r
-function ADD_ADMIN_MENU($act, $wht,$return=false)\r
-{\r
- global $_GET, $menuDesription, $MTITLE, $link;\r
- $SUB = false;\r
-\r
- // Menu descriptions\r
- $menuDesription = array();\r
- $MTITLE = array();\r
-\r
- // Build main menu\r
- $result_main = SQL_QUERY("SELECT action, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE what='' ORDER BY sort, id DESC", __FILE__, __LINE__);\r
- $OUT = "";\r
- if (SQL_NUMROWS($result_main) > 0)\r
- {\r
- $OUT = "<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"admin_menu_main\">\r
-<TR><TD colspan=\"2\" height=\"7\" class=\"seperator\"> </TD></TR>\n";\r
- while (list($menu, $title, $descr) = SQL_FETCHROW($result_main))\r
- {\r
- if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))\r
- {\r
- $ACL = ADMINS_CHECK_ACL($menu, "");\r
- }\r
- else\r
- {\r
- // ACL is "allow"... hmmm\r
- $ACL = true;\r
- }\r
- if ($ACL)\r
- {\r
- if (!$SUB)\r
- {\r
- // Insert compiled menu title and description\r
- $MTITLE[$menu] = $title;\r
- $menuDesription[$menu] = $descr;\r
- }\r
- $OUT .= "<TR>\r
- <TD class=\"admin_menu\" colspan=\"2\">\r
- <NOBR> <STRONG>·</STRONG> ";\r
- if (($menu == $act) && (empty($wht)))\r
- {\r
- $OUT .= "<STRONG>";\r
- }\r
- else\r
- {\r
- $OUT .= "[ <A href=\"".URL."/modules.php?module=admin&action=".$menu."\">";\r
- }\r
- $OUT .= $title;\r
- if (($menu == $act) && (empty($wht)))\r
- {\r
- $OUT .= "</STRONG>";\r
- }\r
- else\r
- {\r
- $OUT .= "</A> ]";\r
- }\r
- $OUT .= "</NOBR></TD>\r
-</TR>\n";\r
- $result_what = SQL_QUERY_ESC("SELECT what, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' ORDER BY sort, id DESC",\r
- array($menu), __FILE__, __LINE__);\r
- if ((SQL_NUMROWS($result_what) > 0) && ($act == $menu))\r
- {\r
- $menuDesription = array();\r
- $MTITLE = array(); $SUB = true;\r
- $OUT .= "<TR>\r
- <TD width=\"10\" class=\"seperator\"> </TD>\r
- <TD class=\"admin_menu\">\r
- <TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"admin_menu_sub\">\n";\r
- while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what))\r
- {\r
- // Filename\r
- $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $wht_sub);\r
- if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))\r
- {\r
- $ACL = ADMINS_CHECK_ACL("", $wht_sub);\r
- }\r
- else\r
- {\r
- // ACL is "allow"... hmmm\r
- $ACL = true;\r
- }\r
- $readable = ((file_exists($INC)) && (is_readable($INC)));\r
- if ($ACL)\r
- {\r
- // Insert compiled title and description\r
- $MTITLE[$wht_sub] = $title_what;\r
- $menuDesription[$wht_sub] = $desc_what;\r
- $OUT .= "<TR>\r
- <TD class=\"admin_menu\" colspan=\"2\">\r
- <NOBR> <STRONG>--></STRONG> ";\r
- if ($readable)\r
- {\r
- if ($wht == $wht_sub)\r
- {\r
- $OUT .= "<STRONG>";\r
- }\r
- else\r
- {\r
- $OUT .= "[ <A href=\"".URL."/modules.php?module=admin&what=".$wht_sub."\">";\r
- }\r
- }\r
- else\r
- {\r
- $OUT .= "<I class=\"admin_note\">";\r
- }\r
- $OUT .= $title_what;\r
- if ($readable)\r
- {\r
- if ($wht == $wht_sub)\r
- {\r
- $OUT .= "</STRONG>";\r
- }\r
- else\r
- {\r
- $OUT .= "</A> ]";\r
- }\r
- }\r
- else\r
- {\r
- $OUT .= "</I>";\r
- }\r
- $OUT .= "</NOBR></TD>\r
-</TR>\n";\r
- }\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result_what);\r
- $OUT .= " </TABLE>\r
- </TD>\r
-</TR>\n";\r
- }\r
- $OUT .= "<TR><TD height=\"7\" colspan=\"2\"></TD></TR>\n";\r
- }\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result_main);\r
- $OUT .= "</TABLE>\n";\r
- }\r
-\r
- // Compile and run the code here. This inserts all constants into the\r
- // HTML output. Costs me some time to figure this out... *sigh* Quix0r\r
- $eval = "\$OUT = \"".COMPILE_CODE(addslashes($OUT))."\";";\r
- eval($eval);\r
-\r
- // Return or output content?\r
- if ($return) {\r
- return $OUT;\r
- } else {\r
- OUTPUT_HTML ($OUT);\r
- }\r
-}\r
-//\r
-function ADD_MEMBER_SELECTION_BOX($add_all = false, $return = false, $none = false, $def = "0")\r
-{\r
- global $_GET;\r
- // Output selection form with all confirmed user accounts listed\r
- $result = SQL_QUERY("SELECT userid, surname, family FROM "._MYSQL_PREFIX."_user_data ORDER BY userid", __FILE__, __LINE__);\r
- $OUT = "";\r
-\r
- // USe this only for adding points (e.g. adding refs really makes no sence ;-) )\r
- if ($add_all) $OUT = " <OPTION value=\"all\">".ALL_MEMBERS."</OPTION>\n";\r
- elseif ($none) $OUT = " <OPTION value=\"0\">".SELECT_NONE."</OPTION>\n";\r
- while (list($id, $sname, $fname) = SQL_FETCHROW($result))\r
- {\r
- $OUT .= " <OPTION value=\"".$id."\"";\r
- if ($def == $id) $OUT .= " selected=\"selected\"";\r
- $OUT .= ">".$sname." ".$fname." (".$id.")</OPTION>\n";\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-\r
- // Remeber options in constant\r
- define('_MEMBER_SELECTION', $OUT);\r
-\r
- if (!$return)\r
- {\r
- // Display selection box\r
- define('__LANG_VALUE', GET_LANGUAGE());\r
-\r
- // Load template\r
- LOAD_TEMPLATE("admin_member_selection_box", false, $GLOBALS['what']);\r
- }\r
-}\r
-//\r
-function ADMIN_MENU_SELECTION($MODE, $default="", $defid="")\r
-{\r
- $wht = "what != ''";\r
- if ($MODE == "action") $wht = "what='' AND action !='login'";\r
- $result = SQL_QUERY_ESC("SELECT %s, title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$wht." ORDER BY sort",\r
- array($MODE), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) > 0)\r
- {\r
- // Load menu as selection\r
- $OUT = "<SELECT name=\"".$MODE."_menu";\r
- if ((!empty($defid)) || ($defid == "0")) $OUT .= "[".$defid."]";\r
- $OUT .= "\" size=\"1\" class=\"admin_select\">\r
- <OPTION value=\"\">".SELECT_NONE."</OPTION>\n";\r
- while (list($menu, $title) = SQL_FETCHROW($result))\r
- {\r
- $OUT .= " <OPTION value=\"".$menu."\"";\r
- if ((!empty($default)) && ($default == $menu)) $OUT .= " selected=\"selected\"";\r
- $OUT .= ">".$title."</OPTION>\n";\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
- $OUT .= "</SELECT>\n";\r
- }\r
- else\r
- {\r
- // No menus???\r
- $OUT = ADMIN_PROBLEM_NO_MENU;\r
- }\r
-\r
- // Return output\r
- return $OUT;\r
-}\r
-//\r
-function ADMIN_SAVE_SETTINGS (&$POST, $TABLE, $WHERE="config='1'", $translateComma = array(), $alwaysAdd=false)\r
-{\r
- global $CONFIG, $CFG_CACHE, $CACHE;\r
- $DATA = array();\r
- $skip = false; $TEST2 = "";\r
- foreach ($POST as $id=>$val) {\r
- // Process only formular field but not submit buttons ;)\r
- if ($id != "ok") {\r
- // Do not save the ok value\r
- $TEST = substr($id, -3);\r
- if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (isset($val))) {\r
- // Found a multi-selection for timings?\r
- $TEST = substr($id, 0, -3);\r
- if ((isset($POST[$TEST."_ye"])) && (isset($POST[$TEST."_mo"])) && (isset($POST[$TEST."_we"])) && (isset($POST[$TEST."_da"])) && (isset($POST[$TEST."_ho"])) && (isset($POST[$TEST."_mi"])) && (isset($POST[$TEST."_se"])) && ($TEST != $TEST2)) {\r
- // Generate timestamp\r
- $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);\r
- $DATA[] = "$TEST='".$POST[$TEST]."'";\r
-\r
- // Remove data from array\r
- unset($POST[$TEST."_ye"]);\r
- unset($POST[$TEST."_mo"]);\r
- unset($POST[$TEST."_we"]);\r
- unset($POST[$TEST."_da"]);\r
- unset($POST[$TEST."_ho"]);\r
- unset($POST[$TEST."_mi"]);\r
- unset($POST[$TEST."_se"]);\r
-\r
- // Skip adding\r
- unset($id); $skip = true; $TEST2 = $TEST;\r
- }\r
- } else {\r
- // Process this entry\r
- $skip = false; $TEST2 = "";\r
- }\r
-\r
- // Shall we process this ID? It muss not be empty, of course\r
- if ((!$skip) && (!empty($id))) {\r
- // Save this entry\r
- $val = COMPILE_CODE($val);\r
-\r
- // Translate the value? (comma to dot!)\r
- if ((is_array($translateComma)) && (in_array($id, $translateComma))) {\r
- // Then do it here... :)\r
- $val = str_replace(",", ".", $val);\r
- }\r
-\r
- // Shall we add numbers or strings?\r
- $test = (float)$val;\r
- if ("".$val."" == "".$test."") {\r
- // Add numbers\r
- $DATA[] = $id."=".$val."";\r
- } else {\r
- // Add strings\r
- $DATA[] = $id."='".trim($val)."'";\r
- }\r
-\r
- // Update current configuration\r
- $CONFIG[$id] = $val;\r
- }\r
- }\r
- }\r
-\r
- // Check if entry does exist\r
- $result = false;\r
- if (!$alwaysAdd) {\r
- if (!empty($WHERE)) {\r
- $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$TABLE." WHERE ".$WHERE." LIMIT 1", __FILE__, __LINE__);\r
- } else {\r
- $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$TABLE." LIMIT 1", __FILE__, __LINE__);\r
- }\r
- }\r
-\r
- if (SQL_NUMROWS($result) == 1) {\r
- // "Implode" all data to single string\r
- $DATA_UPDATE = implode(", ", $DATA);\r
-\r
- // Generate SQL string\r
- $SQL = "UPDATE "._MYSQL_PREFIX.$TABLE." SET ".$DATA_UPDATE." WHERE ".$WHERE." LIMIT 1";\r
- } else {\r
- // Add Line (does only work with auto_increment!\r
- $KEYs = array(); $VALUEs = array();\r
- foreach ($DATA as $entry) {\r
- // Split up\r
- $line = explode("=", $entry);\r
- $KEYs[] = $line[0]; $VALUEs[] = $line[1];\r
- }\r
-\r
- // Add both in one line\r
- $KEYs = implode(", ", $KEYs);\r
- $VALUEs = implode(", ", $VALUEs);\r
-\r
- // Generate SQL string\r
- $SQL = "INSERT INTO "._MYSQL_PREFIX.$TABLE." (".$KEYs.") VALUES(".$VALUEs.")";\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
-\r
- // Simply run generated SQL string\r
- $result = SQL_QUERY($SQL, __FILE__, __LINE__);\r
-\r
- // Is the config table updated and the cache extension installed?\r
- if ((GET_EXT_VERSION("cache") >= "0.1.2") && ($TABLE == "_config")) {\r
- // Remove it here...\r
- if ($CACHE->cache_file("config", true)) $CACHE->cache_destroy();\r
- unset($CFG_CACHE);\r
- }\r
-\r
- // Settings saved\r
- LOAD_TEMPLATE("admin_settings_saved", false, "<STRONG class=\"admin_done\">".SETTINGS_SAVED."</STRONG>");\r
-}\r
-//\r
-function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") {\r
- // Init the selection box\r
- $OUT = "<SELECT name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <OPTION value=\"\">".IS_TOP_MENU."</OPTION>\n";\r
-\r
- // Open the requested menu directory\r
- $handle = opendir(PATH."inc/modules/".$menu."/") or mxchange_die("Cannot load menu ".$menu."!");\r
- while ($file = readdir($handle)) {\r
- // Is this a PHP script?\r
- if (($file != ".") && ($file != "..") && ($file != "lost+found") && (strpos($file, "".$type."-") > -1) && (strpos($file, ".php") > 0)) {\r
- // Then test if the file is readable\r
- $test = PATH."inc/modules/".$menu."/".$file;\r
- if (is_readable($test)) {\r
- // Extract the value for what=xxx\r
- $part = substr($file, (strlen($type) + 1)); $part = substr($part, 0, strpos($part, ".php"));\r
-\r
- // Is that part different from the overview?\r
- if ($part != "overview") {\r
- $OUT .= " <OPTION value=\"".$part."\"";\r
- if ($part == $default) $OUT .= "selected";\r
- $OUT .= ">".$part."</OPTION>\n";\r
- }\r
- }\r
- }\r
- }\r
- closedir($handle);\r
- $OUT .= "</SELECT>\n";\r
- return $OUT;\r
-}\r
-//\r
-function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user")\r
-{\r
- if (($title == "") && ($title != "0")) { $title = $uid; }\r
- if (($title == "0") && ($wht == "list_refs"))\r
- {\r
- // Return title again\r
- return $title;\r
- }\r
-\r
- //* DEBUG: */ echo "A:".$title."<BR>";\r
- // Return link\r
- return "<A href=\"".URL."/modules.php?module=admin&what=".$wht."&u_id=".$uid."\" title=\"".ADMIN_USER_PROFILE_TITLE."\">".$title."</A>";\r
-}\r
-//\r
-function ADMIN_CHECK_MENU_MODE()\r
-{\r
- global $CONFIG, $ADMINS, $_COOKIE;\r
-\r
- // Set the global mode as the mode for all admins\r
- $MODE = $CONFIG['admin_menu']; $ADMIN = $MODE;\r
-\r
- // Check individual settings of current admin\r
- if (isset($ADMINS['la_mode'][$_COOKIE['admin_login']]))\r
- {\r
- // Load from cache\r
- $ADMIN = $ADMINS['la_mode'][$_COOKIE['admin_login']];\r
- $CONFIG['cache_hits']++;\r
- }\r
- elseif (GET_EXT_VERSION("admins") >= "0.6.7")\r
- {\r
- // Load from database when version of "admins" is enough\r
- $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",\r
- array($_COOKIE['admin_login']), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- // Load data\r
- list($ADMIN) = SQL_FETCHROW($result);\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
- }\r
-\r
- // Check what the admin wants and set it when it's not the global mode\r
- if ($ADMIN != "global") $MODE = $ADMIN;\r
-\r
- // Return admin-menu's mode\r
- return $MODE;\r
-}\r
-// Change activation status\r
-function ADMIN_CHANGE_ACTIVATION_STATUS (array $IDs, $table, $row, $idRow = "id") {\r
- global $CONFIG;\r
- $cnt = 0; $newStatus = "Y";\r
- if (count($IDs) > 0) {\r
- // "Walk" all through and count them\r
- foreach ($IDs as $id=>$selected) {\r
- // Secure the ID number\r
- $id = bigintval($id);\r
-\r
- // Should always be 1 ;-)\r
- if ($selected == 1) {\r
- // Determine new status\r
- $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%d LIMIT 1",\r
- array($row, $table, $idRow, $id), __FILE__, __LINE__);\r
-\r
- // Row found?\r
- if (SQL_NUMROWS($result) == 1) {\r
- // Load the status\r
- list($currStatus) = SQL_FETCHROW($result);\r
- if ($currStatus == "Y") $newStatus="N"; else $newStatus = "Y";\r
-\r
- // Change this status\r
- SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%d LIMIT 1",\r
- array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__);\r
-\r
- // Count up affected rows\r
- $cnt += SQL_AFFECTEDROWS();\r
- }\r
-\r
- // Free the result\r
- SQL_FREERESULT($result);\r
- }\r
- }\r
-\r
- // Output status\r
- LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_STATUS_CHANGED_1.$cnt.ADMIN_STATUS_CHANGED_2.count($IDs).ADMIN_STATUS_CHANGED_3);\r
- } else {\r
- // Nothing selected!\r
- LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NOTHING_SELECTED_CHANGE);\r
- }\r
-}\r
-// Delete rows by given ID numbers\r
-function ADMIN_DELETE_ENTRIES_CONFIRM (array $IDs, $table, $row, array $columns = array(), array $filterFunctions = array(), $deleteNow=false, $idRow="id") {\r
- global $CONFIG;\r
- $OUT = ""; $SW = 2;\r
- if (count($IDs) > 0) {\r
- // "Walk" through all entries and count them\r
- if ($deleteNow) {\r
- // Delete them\r
- } else {\r
- // List for confirmation\r
- foreach ($IDs as $id=>$selected) {\r
- // Secure ID number\r
- $id = bigintval($id);\r
-\r
- // Will always be 1 ;-)\r
- if ($selected == 1) {\r
- // Get result from a given column array and table name\r
- $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idRow, $id);\r
-\r
- // Is there one entry?\r
- if (SQL_NUMROWS($result) == 1) {\r
- // Load all data\r
- $content = SQL_FETCHARRAY($result);\r
-\r
- // Filter all data\r
- foreach ($content as $key=>$value) {\r
- // Is a filter function set?\r
- $idx = array_search($key, $columns, true);\r
- if (!empty($filterFunctions[$idx])) {\r
- // Then call it!\r
- $content[$key] = call_user_func($filterFunctions[$idx], $value);\r
- }\r
- }\r
-\r
- // Add color switching\r
- $content['sw'] = $SW;\r
-\r
- // Then list it again...\r
- $OUT .= LOAD_TEMPLATE("admin_del_".$table."_row", true, $content);\r
- $SW = 3 - $SW;\r
- }\r
-\r
- // Free the result\r
- SQL_FREERESULT($result);\r
- }\r
- }\r
-\r
- // Load master template\r
- LOAD_TEMPLATE("admin_del_".$table."", false, $OUT);\r
- }\r
- }\r
-}\r
-//\r
-?>\r
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 08/31/2003 *
+ * =============== Last change: 11/23/2004 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : admin-inc.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Administrative related functions *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Fuer die Administration benoetigte Funktionen *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
+{
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ require($INC);
+}
+
+//
+function REGISTER_ADMIN ($user, $md5)
+{
+ $ret = "failed";
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
+ array($user), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 0)
+ {
+ // Ok, let's create the admin login
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')",
+ array($user, $md5), __FILE__, __LINE__);
+ $ret = "done";
+ }
+ else
+ {
+ // Free memory
+ SQL_FREERESULT($result);
+
+ // Login does already exist
+ $ret = "already";
+ }
+ return $ret;
+}
+// Only be executed on login procedure!
+function CHECK_ADMIN_LOGIN ($admin_login, $password)
+{
+ global $ADMINS, $CONFIG, $CACHE;
+ $ret = "404"; $pass = "";
+ if (!empty($ADMINS['aid'][$admin_login]))
+ {
+ // Get password from cache
+ $pass = $ADMINS['password'][$admin_login];
+ $ret = "pass";
+ $CONFIG['cache_hits']++;
+ }
+ else
+ {
+ // Get password from DB
+ $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
+ array($admin_login), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1)
+ {
+ $ret = "pass";
+ list($pass) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+ }
+ }
+
+ //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."<BR>";
+ if ((strlen($pass) == 32) && ($pass == md5($password)))
+ {
+ // Generate new hash
+ $pass = generateHash($password);
+ if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done";
+ }
+ elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))
+ {
+ // Old hashing way
+ return $ret;
+ }
+
+ // Generate salt of password
+ define('__SALT', substr($pass, 0, -40));
+ $salt = __SALT;
+
+ // Check if password is same
+ if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt)))
+ {
+ // Update password
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
+ array($pass, $admin_login), __FILE__, __LINE__);
+
+ // Shall I remove the cache file?
+ if ((EXT_IS_ACTIVE("cache")) && ($CACHE != false))
+ {
+ if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
+ }
+
+ // Password matches!
+ $ret = "done";
+ }
+ elseif ((empty($salt)) && ($ret == "pass"))
+ {
+ // Something bad went wrong
+ $ret = "failed";
+ }
+ return $ret;
+}
+// Only be executed on cookie checking
+function CHECK_ADMIN_COOKIES ($admin_login, $password)
+{
+ global $ADMINS, $CONFIG;
+ $ret = "404"; $pass = "";
+ if (!empty($ADMINS['aid'][$admin_login]))
+ {
+ // Get password from cache
+ $pass = $ADMINS['password'][$admin_login];
+ $ret = "pass";
+ $CONFIG['cache_hits']++;
+ }
+ else
+ {
+ // Get password from DB
+ $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
+ array($admin_login), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1)
+ {
+ $ret = "pass";
+ list($pass) = SQL_FETCHROW($result);
+ SQL_FREERESULT($result);
+ }
+ }
+
+ //* DEBUG: */ echo "*".$pass."/".$password."<BR>";
+
+ // Check if password matches
+ if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password)))
+ {
+ // Passwords matches!
+ $ret = "done";
+ }
+ return $ret;
+}
+//
+function admin_WriteData ($FILE, $COMMENT, $PREFIX, $SUFFIX, $DATA, $SEEK=0)
+{
+ $DONE = false; $SEEK++; $found = false;
+ if (file_exists($FILE))
+ {
+ $SEARCH = "CFG: ".$COMMENT;
+ $TMP = $FILE.".tmp";
+ $fp = fopen($FILE, 'r') or OUTPUT_HTML ("<STRONG>READ:</STRONG> ".$FILE."<BR>");
+ if ($fp)
+ {
+ $fp_tmp = fopen($TMP, 'w') or OUTPUT_HTML ("<STRONG>WRITE:</STRONG> ".$TMP."<BR>");
+ if ($fp_tmp)
+ {
+ while (! feof($fp))
+ {
+ $line = fgets ($fp, 1024);
+ if (strpos($line, $SEARCH) > -1) { $next = 0; $found = true; }
+ if ($next > -1)
+ {
+ if ($next == $SEEK)
+ {
+ $next = -1;
+ $line = $PREFIX.$DATA.$SUFFIX."\n";
+ }
+ else
+ {
+ $next++;
+ }
+ }
+ fputs($fp_tmp, $line);
+ }
+ fclose($fp_tmp);
+ // Finished writing tmp file
+ $DONE = true;
+ }
+ fclose($fp);
+ if (($DONE) && ($found))
+ {
+ // Copy back tmp file and delete tmp :-)
+ @copy($TMP, $FILE);
+ @unlink($TMP);
+ define ('_FATAL', false);
+ }
+ elseif (!$found)
+ {
+ OUTPUT_HTML ("<STRONG>CHANGE:</STRONG> 404!");
+ define ('_FATAL', true);
+ }
+ else
+ {
+ OUTPUT_HTML ("<STRONG>TMP:</STRONG> UNDONE!");
+ define ('_FATAL', true);
+ }
+ }
+ }
+ else
+ {
+ OUTPUT_HTML ("<STRONG>404:</STRONG> ".$FILE."<BR>");
+ }
+}
+//
+function ADMIN_DO_ACTION($wht)
+{
+ global $menuDesription, $MTITLE, $CONFIG, $EXTENSIONS, $link, $DATA;
+ //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*<br />\n";
+ if (EXT_IS_ACTIVE("cache"))
+ {
+ // Include cache instance
+ global $CACHE;
+ }
+
+ // Remove any spaces from variable
+ if (empty($wht))
+ {
+ // Default admin action is the overview page
+ $wht = "overview";
+ }
+ else
+ {
+ // Compile out some chars
+ $wht = COMPILE_CODE($wht, false, false, false);
+ }
+
+ // Get action value
+ $act = GET_ACTION($GLOBALS['module'], $wht);
+
+ // Define admin login name and ID number
+ define('__ADMIN_LOGIN', SQL_ESCAPE($_COOKIE['admin_login']));
+ define('__ADMIN_ID' , GET_ADMIN_ID($_COOKIE['admin_login']));
+
+ // Preload templates
+ if (EXT_IS_ACTIVE("admins")) {
+ define('__ADMIN_WELCOME', LOAD_TEMPLATE("admin_welcome_admins", true));
+ } else {
+ define('__ADMIN_WELCOME', LOAD_TEMPLATE("admin_welcome", true));
+ }
+ define('__ADMIN_FOOTER' , LOAD_TEMPLATE("admin_footer" , true));
+ define('__ADMIN_MENU' , ADD_ADMIN_MENU($act, $wht, true));
+
+ // Tableset header
+ LOAD_TEMPLATE("admin_main_header");
+
+ // Check if action/what pair is valid
+ $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu
+WHERE action='%s' AND ((what='%s' AND what != 'overview') OR (what='' AND '%s'='overview'))
+LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Free memory
+ SQL_FREERESULT($result);
+
+ // Is valid but does the inlcude file exists?
+ $INC = sprintf(PATH."inc/modules/admin/action-%s.php", $act);
+ if ((file_exists($INC)) && (is_readable($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true))
+ {
+ // Ok, we finally load the admin action module
+ include($INC);
+ }
+ elseif (__ACL_ALLOW == false)
+ {
+ // Access denied
+ LOAD_TEMPLATE("admin_menu_failed", false, ADMINS_ACCESS_DENIED);
+ ADD_FATAL(ADMINS_ACCESS_DENIED);
+ }
+ else
+ {
+ // Include file not found! :-(
+ LOAD_TEMPLATE("admin_menu_failed", false, ADMIN_404_ACTION);
+ ADD_FATAL(ADMIN_404_ACTION_1.$act.ADMIN_404_ACTION_2);
+ }
+ } else {
+ // Invalid action/what pair found!
+ LOAD_TEMPLATE("admin_menu_failed", false, ADMIN_INVALID_ACTION);
+ ADD_FATAL(ADMIN_INVALID_ACTION_1.$act."/".$wht.ADMIN_INVALID_ACTION_2);
+ }
+
+ // Tableset footer
+ LOAD_TEMPLATE("admin_main_footer");
+}
+//
+function ADD_ADMIN_MENU($act, $wht,$return=false)
+{
+ global $_GET, $menuDesription, $MTITLE, $link;
+ $SUB = false;
+
+ // Menu descriptions
+ $menuDesription = array();
+ $MTITLE = array();
+
+ // Build main menu
+ $result_main = SQL_QUERY("SELECT action, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE what='' ORDER BY sort, id DESC", __FILE__, __LINE__);
+ $OUT = "";
+ if (SQL_NUMROWS($result_main) > 0)
+ {
+ $OUT = "<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"admin_menu_main\">
+<TR><TD colspan=\"2\" height=\"7\" class=\"seperator\"> </TD></TR>\n";
+ while (list($menu, $title, $descr) = SQL_FETCHROW($result_main))
+ {
+ if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))
+ {
+ $ACL = ADMINS_CHECK_ACL($menu, "");
+ }
+ else
+ {
+ // ACL is "allow"... hmmm
+ $ACL = true;
+ }
+ if ($ACL)
+ {
+ if (!$SUB)
+ {
+ // Insert compiled menu title and description
+ $MTITLE[$menu] = $title;
+ $menuDesription[$menu] = $descr;
+ }
+ $OUT .= "<TR>
+ <TD class=\"admin_menu\" colspan=\"2\">
+ <NOBR> <STRONG>·</STRONG> ";
+ if (($menu == $act) && (empty($wht)))
+ {
+ $OUT .= "<STRONG>";
+ }
+ else
+ {
+ $OUT .= "[ <A href=\"".URL."/modules.php?module=admin&action=".$menu."\">";
+ }
+ $OUT .= $title;
+ if (($menu == $act) && (empty($wht)))
+ {
+ $OUT .= "</STRONG>";
+ }
+ else
+ {
+ $OUT .= "</A> ]";
+ }
+ $OUT .= "</NOBR></TD>
+</TR>\n";
+ $result_what = SQL_QUERY_ESC("SELECT what, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' ORDER BY sort, id DESC",
+ array($menu), __FILE__, __LINE__);
+ if ((SQL_NUMROWS($result_what) > 0) && ($act == $menu))
+ {
+ $menuDesription = array();
+ $MTITLE = array(); $SUB = true;
+ $OUT .= "<TR>
+ <TD width=\"10\" class=\"seperator\"> </TD>
+ <TD class=\"admin_menu\">
+ <TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"admin_menu_sub\">\n";
+ while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what))
+ {
+ // Filename
+ $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $wht_sub);
+ if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))
+ {
+ $ACL = ADMINS_CHECK_ACL("", $wht_sub);
+ }
+ else
+ {
+ // ACL is "allow"... hmmm
+ $ACL = true;
+ }
+ $readable = ((file_exists($INC)) && (is_readable($INC)));
+ if ($ACL)
+ {
+ // Insert compiled title and description
+ $MTITLE[$wht_sub] = $title_what;
+ $menuDesription[$wht_sub] = $desc_what;
+ $OUT .= "<TR>
+ <TD class=\"admin_menu\" colspan=\"2\">
+ <NOBR> <STRONG>--></STRONG> ";
+ if ($readable)
+ {
+ if ($wht == $wht_sub)
+ {
+ $OUT .= "<STRONG>";
+ }
+ else
+ {
+ $OUT .= "[ <A href=\"".URL."/modules.php?module=admin&what=".$wht_sub."\">";
+ }
+ }
+ else
+ {
+ $OUT .= "<I class=\"admin_note\">";
+ }
+ $OUT .= $title_what;
+ if ($readable)
+ {
+ if ($wht == $wht_sub)
+ {
+ $OUT .= "</STRONG>";
+ }
+ else
+ {
+ $OUT .= "</A> ]";
+ }
+ }
+ else
+ {
+ $OUT .= "</I>";
+ }
+ $OUT .= "</NOBR></TD>
+</TR>\n";
+ }
+ }
+
+ // Free memory
+ SQL_FREERESULT($result_what);
+ $OUT .= " </TABLE>
+ </TD>
+</TR>\n";
+ }
+ $OUT .= "<TR><TD height=\"7\" colspan=\"2\"></TD></TR>\n";
+ }
+ }
+
+ // Free memory
+ SQL_FREERESULT($result_main);
+ $OUT .= "</TABLE>\n";
+ }
+
+ // Compile and run the code here. This inserts all constants into the
+ // HTML output. Costs me some time to figure this out... *sigh* Quix0r
+ $eval = "\$OUT = \"".COMPILE_CODE(addslashes($OUT))."\";";
+ eval($eval);
+
+ // Return or output content?
+ if ($return) {
+ return $OUT;
+ } else {
+ OUTPUT_HTML ($OUT);
+ }
+}
+//
+function ADD_MEMBER_SELECTION_BOX($add_all = false, $return = false, $none = false, $def = "0")
+{
+ global $_GET;
+ // Output selection form with all confirmed user accounts listed
+ $result = SQL_QUERY("SELECT userid, surname, family FROM "._MYSQL_PREFIX."_user_data ORDER BY userid", __FILE__, __LINE__);
+ $OUT = "";
+
+ // USe this only for adding points (e.g. adding refs really makes no sence ;-) )
+ if ($add_all) $OUT = " <OPTION value=\"all\">".ALL_MEMBERS."</OPTION>\n";
+ elseif ($none) $OUT = " <OPTION value=\"0\">".SELECT_NONE."</OPTION>\n";
+ while (list($id, $sname, $fname) = SQL_FETCHROW($result))
+ {
+ $OUT .= " <OPTION value=\"".$id."\"";
+ if ($def == $id) $OUT .= " selected=\"selected\"";
+ $OUT .= ">".$sname." ".$fname." (".$id.")</OPTION>\n";
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+
+ // Remeber options in constant
+ define('_MEMBER_SELECTION', $OUT);
+
+ if (!$return)
+ {
+ // Display selection box
+ define('__LANG_VALUE', GET_LANGUAGE());
+
+ // Load template
+ LOAD_TEMPLATE("admin_member_selection_box", false, $GLOBALS['what']);
+ }
+}
+//
+function ADMIN_MENU_SELECTION($MODE, $default="", $defid="")
+{
+ $wht = "what != ''";
+ if ($MODE == "action") $wht = "what='' AND action !='login'";
+ $result = SQL_QUERY_ESC("SELECT %s, title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$wht." ORDER BY sort",
+ array($MODE), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) > 0)
+ {
+ // Load menu as selection
+ $OUT = "<SELECT name=\"".$MODE."_menu";
+ if ((!empty($defid)) || ($defid == "0")) $OUT .= "[".$defid."]";
+ $OUT .= "\" size=\"1\" class=\"admin_select\">
+ <OPTION value=\"\">".SELECT_NONE."</OPTION>\n";
+ while (list($menu, $title) = SQL_FETCHROW($result))
+ {
+ $OUT .= " <OPTION value=\"".$menu."\"";
+ if ((!empty($default)) && ($default == $menu)) $OUT .= " selected=\"selected\"";
+ $OUT .= ">".$title."</OPTION>\n";
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+ $OUT .= "</SELECT>\n";
+ }
+ else
+ {
+ // No menus???
+ $OUT = ADMIN_PROBLEM_NO_MENU;
+ }
+
+ // Return output
+ return $OUT;
+}
+//
+function ADMIN_SAVE_SETTINGS (&$POST, $TABLE, $WHERE="config='1'", $translateComma = array(), $alwaysAdd=false)
+{
+ global $CONFIG, $CFG_CACHE, $CACHE;
+ $DATA = array();
+ $skip = false; $TEST2 = "";
+ foreach ($POST as $id=>$val) {
+ // Process only formular field but not submit buttons ;)
+ if ($id != "ok") {
+ // Do not save the ok value
+ $TEST = substr($id, -3);
+ if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (isset($val))) {
+ // Found a multi-selection for timings?
+ $TEST = substr($id, 0, -3);
+ if ((isset($POST[$TEST."_ye"])) && (isset($POST[$TEST."_mo"])) && (isset($POST[$TEST."_we"])) && (isset($POST[$TEST."_da"])) && (isset($POST[$TEST."_ho"])) && (isset($POST[$TEST."_mi"])) && (isset($POST[$TEST."_se"])) && ($TEST != $TEST2)) {
+ // Generate timestamp
+ $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST);
+ $DATA[] = "$TEST='".$POST[$TEST]."'";
+
+ // Remove data from array
+ unset($POST[$TEST."_ye"]);
+ unset($POST[$TEST."_mo"]);
+ unset($POST[$TEST."_we"]);
+ unset($POST[$TEST."_da"]);
+ unset($POST[$TEST."_ho"]);
+ unset($POST[$TEST."_mi"]);
+ unset($POST[$TEST."_se"]);
+
+ // Skip adding
+ unset($id); $skip = true; $TEST2 = $TEST;
+ }
+ } else {
+ // Process this entry
+ $skip = false; $TEST2 = "";
+ }
+
+ // Shall we process this ID? It muss not be empty, of course
+ if ((!$skip) && (!empty($id))) {
+ // Save this entry
+ $val = COMPILE_CODE($val);
+
+ // Translate the value? (comma to dot!)
+ if ((is_array($translateComma)) && (in_array($id, $translateComma))) {
+ // Then do it here... :)
+ $val = str_replace(",", ".", $val);
+ }
+
+ // Shall we add numbers or strings?
+ $test = (float)$val;
+ if ("".$val."" == "".$test."") {
+ // Add numbers
+ $DATA[] = $id."=".$val."";
+ } else {
+ // Add strings
+ $DATA[] = $id."='".trim($val)."'";
+ }
+
+ // Update current configuration
+ $CONFIG[$id] = $val;
+ }
+ }
+ }
+
+ // Check if entry does exist
+ $result = false;
+ if (!$alwaysAdd) {
+ if (!empty($WHERE)) {
+ $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$TABLE." WHERE ".$WHERE." LIMIT 1", __FILE__, __LINE__);
+ } else {
+ $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$TABLE." LIMIT 1", __FILE__, __LINE__);
+ }
+ }
+
+ if (SQL_NUMROWS($result) == 1) {
+ // "Implode" all data to single string
+ $DATA_UPDATE = implode(", ", $DATA);
+
+ // Generate SQL string
+ $SQL = "UPDATE "._MYSQL_PREFIX.$TABLE." SET ".$DATA_UPDATE." WHERE ".$WHERE." LIMIT 1";
+ } else {
+ // Add Line (does only work with auto_increment!
+ $KEYs = array(); $VALUEs = array();
+ foreach ($DATA as $entry) {
+ // Split up
+ $line = explode("=", $entry);
+ $KEYs[] = $line[0]; $VALUEs[] = $line[1];
+ }
+
+ // Add both in one line
+ $KEYs = implode(", ", $KEYs);
+ $VALUEs = implode(", ", $VALUEs);
+
+ // Generate SQL string
+ $SQL = "INSERT INTO "._MYSQL_PREFIX.$TABLE." (".$KEYs.") VALUES(".$VALUEs.")";
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+
+ // Simply run generated SQL string
+ $result = SQL_QUERY($SQL, __FILE__, __LINE__);
+
+ // Is the config table updated and the cache extension installed?
+ if ((GET_EXT_VERSION("cache") >= "0.1.2") && ($TABLE == "_config")) {
+ // Remove it here...
+ if ($CACHE->cache_file("config", true)) $CACHE->cache_destroy();
+ unset($CFG_CACHE);
+ }
+
+ // Settings saved
+ LOAD_TEMPLATE("admin_settings_saved", false, "<STRONG class=\"admin_done\">".SETTINGS_SAVED."</STRONG>");
+}
+//
+function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") {
+ // Init the selection box
+ $OUT = "<SELECT name=\"".$name."\" class=\"admin_select\" size=\"1\">\n <OPTION value=\"\">".IS_TOP_MENU."</OPTION>\n";
+
+ // Open the requested menu directory
+ $handle = opendir(PATH."inc/modules/".$menu."/") or mxchange_die("Cannot load menu ".$menu."!");
+ while ($file = readdir($handle)) {
+ // Is this a PHP script?
+ if (($file != ".") && ($file != "..") && ($file != "lost+found") && (strpos($file, "".$type."-") > -1) && (strpos($file, ".php") > 0)) {
+ // Then test if the file is readable
+ $test = PATH."inc/modules/".$menu."/".$file;
+ if (is_readable($test)) {
+ // Extract the value for what=xxx
+ $part = substr($file, (strlen($type) + 1)); $part = substr($part, 0, strpos($part, ".php"));
+
+ // Is that part different from the overview?
+ if ($part != "overview") {
+ $OUT .= " <OPTION value=\"".$part."\"";
+ if ($part == $default) $OUT .= "selected";
+ $OUT .= ">".$part."</OPTION>\n";
+ }
+ }
+ }
+ }
+ closedir($handle);
+ $OUT .= "</SELECT>\n";
+ return $OUT;
+}
+//
+function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user")
+{
+ if (($title == "") && ($title != "0")) { $title = $uid; }
+ if (($title == "0") && ($wht == "list_refs"))
+ {
+ // Return title again
+ return $title;
+ }
+
+ //* DEBUG: */ echo "A:".$title."<BR>";
+ // Return link
+ return "<A href=\"".URL."/modules.php?module=admin&what=".$wht."&u_id=".$uid."\" title=\"".ADMIN_USER_PROFILE_TITLE."\">".$title."</A>";
+}
+//
+function ADMIN_CHECK_MENU_MODE()
+{
+ global $CONFIG, $ADMINS, $_COOKIE;
+
+ // Set the global mode as the mode for all admins
+ $MODE = $CONFIG['admin_menu']; $ADMIN = $MODE;
+
+ // Check individual settings of current admin
+ if (isset($ADMINS['la_mode'][$_COOKIE['admin_login']]))
+ {
+ // Load from cache
+ $ADMIN = $ADMINS['la_mode'][$_COOKIE['admin_login']];
+ $CONFIG['cache_hits']++;
+ }
+ elseif (GET_EXT_VERSION("admins") >= "0.6.7")
+ {
+ // Load from database when version of "admins" is enough
+ $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
+ array($_COOKIE['admin_login']), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Load data
+ list($ADMIN) = SQL_FETCHROW($result);
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+ }
+
+ // Check what the admin wants and set it when it's not the global mode
+ if ($ADMIN != "global") $MODE = $ADMIN;
+
+ // Return admin-menu's mode
+ return $MODE;
+}
+// Change activation status
+function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") {
+ global $CONFIG;
+ $cnt = 0; $newStatus = "Y";
+ if ((is_array($IDs)) && (count($IDs) > 0)) {
+ // "Walk" all through and count them
+ foreach ($IDs as $id=>$selected) {
+ // Secure the ID number
+ $id = bigintval($id);
+
+ // Should always be 1 ;-)
+ if ($selected == 1) {
+ // Determine new status
+ $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%d LIMIT 1",
+ array($row, $table, $idRow, $id), __FILE__, __LINE__);
+
+ // Row found?
+ if (SQL_NUMROWS($result) == 1) {
+ // Load the status
+ list($currStatus) = SQL_FETCHROW($result);
+ if ($currStatus == "Y") $newStatus="N"; else $newStatus = "Y";
+
+ // Change this status
+ SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%d LIMIT 1",
+ array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__);
+
+ // Count up affected rows
+ $cnt += SQL_AFFECTEDROWS();
+ }
+
+ // Free the result
+ SQL_FREERESULT($result);
+ }
+ }
+
+ // Output status
+ LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_STATUS_CHANGED_1.$cnt.ADMIN_STATUS_CHANGED_2.count($IDs).ADMIN_STATUS_CHANGED_3);
+ } else {
+ // Nothing selected!
+ LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NOTHING_SELECTED_CHANGE);
+ }
+}
+// Delete rows by given ID numbers
+function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $row, $columns = array(), $filterFunctions = array(), $deleteNow=false, $idRow="id") {
+ global $CONFIG;
+ $OUT = ""; $SW = 2;
+ if ((is_array($IDs)) && (count($IDs) > 0)) {
+ // "Walk" through all entries and count them
+ if ($deleteNow) {
+ // Delete them
+ } else {
+ // List for confirmation
+ foreach ($IDs as $id=>$selected) {
+ // Secure ID number
+ $id = bigintval($id);
+
+ // Will always be 1 ;-)
+ if ($selected == 1) {
+ // Get result from a given column array and table name
+ $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idRow, $id);
+
+ // Is there one entry?
+ if (SQL_NUMROWS($result) == 1) {
+ // Load all data
+ $content = SQL_FETCHARRAY($result);
+
+ // Filter all data
+ foreach ($content as $key=>$value) {
+ // Is a filter function set?
+ $idx = array_search($key, $columns, true);
+ if (!empty($filterFunctions[$idx])) {
+ // Then call it!
+ $content[$key] = call_user_func($filterFunctions[$idx], $value);
+ }
+ }
+
+ // Add color switching
+ $content['sw'] = $SW;
+
+ // Then list it again...
+ $OUT .= LOAD_TEMPLATE("admin_del_".$table."_row", true, $content);
+ $SW = 3 - $SW;
+ }
+
+ // Free the result
+ SQL_FREERESULT($result);
+ }
+ }
+
+ // Load master template
+ LOAD_TEMPLATE("admin_del_".$table."", false, $OUT);
+ }
+ }
+}
+//
+?>