-<?php\r
-/************************************************************************\r
- * MXChange v0.2.1 Start: 04/18/2004 *\r
- * ================ Last change: 04/18/2004 *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * File : what-admins_edit.php *\r
- * -------------------------------------------------------------------- *\r
- * Short description : Edit admin accounts *\r
- * -------------------------------------------------------------------- *\r
- * Kurzbeschreibung : Admin-Account editieren *\r
- * -------------------------------------------------------------------- *\r
- * *\r
- * -------------------------------------------------------------------- *\r
- * Copyright (c) 2003 - 2007 by Roland Haeder *\r
- * For more information visit: http://www.mxchange.org *\r
- * *\r
- * This program is free software; you can redistribute it and/or modify *\r
- * it under the terms of the GNU General Public License as published by *\r
- * the Free Software Foundation; either version 2 of the License, or *\r
- * (at your option) any later version. *\r
- * *\r
- * This program is distributed in the hope that it will be useful, *\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of *\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *\r
- * GNU General Public License for more details. *\r
- * *\r
- * You should have received a copy of the GNU General Public License *\r
- * along with this program; if not, write to the Free Software *\r
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *\r
- * MA 02110-1301 USA *\r
- ************************************************************************/\r
-\r
-// Some security stuff...\r
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))\r
-{\r
- $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";\r
- require($INC);\r
-}\r
-// Add description as navigation point\r
-ADD_DESCR("admin", basename(__FILE__));\r
-\r
-// Instance for the cache extension\r
-global $CACHE;\r
-\r
-// Set selection data to empty array when it is empty\r
-if (empty($_POST['sel'])) $_POST['sel'] = array();\r
-\r
-// Check if direct admin account was selected\r
-if (!empty($_GET['admin']))\r
-{\r
- // Secure ID number\r
- $aid = bigintval($_GET['admin']);\r
- $_POST['edit'] = "1";\r
- $_POST['sel'][$aid] = array("1");\r
-}\r
-\r
-if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))\r
-{\r
- // Edit account(s)\r
- $SW = 2; $OUT = "";\r
- foreach ($_POST['sel'] as $id=>$sel)\r
- {\r
- $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",\r
- array(bigintval($id)), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- // Entry found\r
- $content = SQL_FETCHARRAY($result);\r
- SQL_FREERESULT($result);\r
- $content['mode'] = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);\r
- $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);\r
-\r
- // Prepare some more data for the template\r
- $content['sw'] = $SW;\r
- $content['id'] = $id;\r
-\r
- // Load row template and switch color\r
- $OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);\r
- $SW = 3 - $SW;\r
- }\r
- }\r
- define('__ADMINS_ROWS', $OUT);\r
-\r
- // Load template\r
- LOAD_TEMPLATE("admin_edit_admins");\r
-}\r
- elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0))\r
-{\r
- // Change admin accounts\r
- $CACHE_UPDATE = "0";\r
- foreach ($_POST['login'] as $id=>$login)\r
- {\r
- // Secure ID number\r
- $id = bigintval($id);\r
-\r
- // When both passwords match update admin account\r
- if ($_POST['pass1'][$id] == $_POST['pass2'][$id])\r
- {\r
- // Save only when both passwords are the same (also when they are empty)\r
- $ADD = ""; $CACHE_UPDATE = "1";\r
-\r
- // Generate hash\r
- $hash = generateHash($_POST['pass1'][$id]);\r
-\r
- // Save password when set\r
- if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";\r
-\r
- // Get admin's ID\r
- $salt = substr(GET_ADMIN_HASH($_COOKIE['admin_login']), 0, -40);\r
- $aid = GET_ADMIN_ID($_COOKIE['admin_login']);\r
-\r
- // Rewrite cookie when it's own account\r
- if ($aid == $id)\r
- {\r
- // Timeout\r
- $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);\r
-\r
- // Set timeout cookie\r
- @setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH);\r
-\r
- if ($login != $_COOKIE['admin_login'])\r
- {\r
- // Update login cookie\r
- @setcookie("admin_login", $login, $TIMEOUT, COOKIE_PATH);\r
-\r
- // Update password cookie as well?\r
- if (!empty($ADD)) @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);\r
- }\r
- elseif (generateHash($_POST['pass1'][$id], $salt) != $_COOKIE['admin_md5'])\r
- {\r
- // Update password cookie\r
- @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);\r
- }\r
-\r
- }\r
-\r
- // Update admin account\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET\r
-login='%s'".$ADD.",\r
-email='%s',\r
-default_acl='%s',\r
-la_mode='%s'\r
-WHERE id=%d LIMIT 1",\r
- array(\r
- $login,\r
- $_POST['email'][$id],\r
- $_POST['mode'][$id],\r
- $_POST['la_mode'][$id],\r
- $id\r
-), __FILE__, __LINE__);\r
-\r
- // Admin account saved\r
- $MSG = ADMIN_ACCOUNT_SAVED;\r
- }\r
- else\r
- {\r
- // Passwords did not match\r
- $MSG = ADMINS_ERROR_PASS_MISMATCH;\r
- }\r
- }\r
-\r
- // Remove cache file\r
- if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))\r
- {\r
- if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();\r
- }\r
-\r
- // Display message\r
- if (!empty($MSG))\r
- {\r
- LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");\r
- }\r
-}\r
- elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0))\r
-{\r
- // Check if this account is the last one which cannot be deleted...\r
- $result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);\r
- $accounts = SQL_NUMROWS($result_main);\r
- SQL_FREERESULT($result_main);\r
- if ($accounts > 1)\r
- {\r
- // Delete accounts\r
- $SW = 2; $OUT = "";\r
- foreach ($_POST['sel'] as $id=>$sel)\r
- {\r
- $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",\r
- array(bigintval($id)), __FILE__, __LINE__);\r
- if (SQL_NUMROWS($result) == 1)\r
- {\r
- // Entry found\r
- $content = SQL_FETCHARRAY($result);\r
- SQL_FREERESULT($result);\r
- $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";\r
- eval($eval);\r
- $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";\r
- eval($eval);\r
-\r
- // Prepare some more data\r
- $content['sw'] = $SW;\r
- $content['id'] = $id;\r
-\r
- // Load row template and switch color\r
- $OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);\r
- $SW = 3 - $SW;\r
- }\r
- }\r
- define('__ADMINS_ROWS', $OUT);\r
-\r
- // Load template\r
- LOAD_TEMPLATE("admin_del_admins");\r
- }\r
- else\r
- {\r
- // Cannot delete last account!\r
- LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);\r
- }\r
-}\r
- else\r
-{\r
- if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0))\r
- {\r
- // Remove accounts now\r
- $CACHE_UPDATE = "0";\r
- foreach ($_POST['sel'] as $id=>$del)\r
- {\r
- // Delete only when it's not your own account!\r
- if (($del == 1) && (GET_ADMIN_ID($_COOKIE['admin_login']) != $id))\r
- {\r
- // Rewrite his tasks to all admins\r
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",\r
- array(bigintval($id)), __FILE__, __LINE__);\r
-\r
- // Remove account\r
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",\r
- array(bigintval($id)), __FILE__, __LINE__);\r
-\r
- $CACHE_UPDATE = "1";\r
- }\r
- }\r
-\r
- // Remove cache if cache system is activated\r
- if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))\r
- {\r
- if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();\r
- }\r
- }\r
-\r
- // List all admin accounts\r
- $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login", __FILE__, __LINE__);\r
- $SW = 2; $OUT = "";\r
- while ($content = SQL_FETCHARRAY($result))\r
- {\r
- // Compile some variables\r
- $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";\r
- eval($eval);\r
- $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";\r
- eval($eval);\r
-\r
- // Prepare some more data\r
- $content['sw'] = $SW;\r
- $content['email_link'] = CREATE_EMAIL_LINK($content['id']);\r
-\r
- // Load row template and switch color\r
- $OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);\r
- $SW = 3 - $SW;\r
- }\r
-\r
- // Free memory\r
- SQL_FREERESULT($result);\r
- define('__ADMINS_ROWS', $OUT);\r
-\r
- // Load template\r
- LOAD_TEMPLATE("admin_list_admins");\r
-}\r
-//\r
-?>\r
+<?php
+/************************************************************************
+ * MXChange v0.2.1 Start: 04/18/2004 *
+ * ================ Last change: 04/18/2004 *
+ * *
+ * -------------------------------------------------------------------- *
+ * File : what-admins_edit.php *
+ * -------------------------------------------------------------------- *
+ * Short description : Edit admin accounts *
+ * -------------------------------------------------------------------- *
+ * Kurzbeschreibung : Admin-Account editieren *
+ * -------------------------------------------------------------------- *
+ * *
+ * -------------------------------------------------------------------- *
+ * Copyright (c) 2003 - 2008 by Roland Haeder *
+ * For more information visit: http://www.mxchange.org *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the Free Software *
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
+ * MA 02110-1301 USA *
+ ************************************************************************/
+
+// Some security stuff...
+if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
+{
+ $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
+ require($INC);
+}
+// Add description as navigation point
+ADD_DESCR("admin", basename(__FILE__));
+
+// Instance for the cache extension
+global $CACHE;
+
+// Set selection data to empty array when it is empty
+if (empty($_POST['sel'])) $_POST['sel'] = array();
+
+// Check if direct admin account was selected
+if (!empty($_GET['admin']))
+{
+ // Secure ID number
+ $aid = bigintval($_GET['admin']);
+ $_POST['edit'] = "1";
+ $_POST['sel'][$aid] = array("1");
+}
+
+if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
+{
+ // Edit account(s)
+ $SW = 2; $OUT = "";
+ foreach ($_POST['sel'] as $id=>$sel)
+ {
+ $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+ array(bigintval($id)), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Entry found
+ $content = SQL_FETCHARRAY($result);
+ SQL_FREERESULT($result);
+ $content['mode'] = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
+ $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
+
+ // Prepare some more data for the template
+ $content['sw'] = $SW;
+ $content['id'] = $id;
+
+ // Load row template and switch color
+ $OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);
+ $SW = 3 - $SW;
+ }
+ }
+ define('__ADMINS_ROWS', $OUT);
+
+ // Load template
+ LOAD_TEMPLATE("admin_edit_admins");
+}
+ elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0))
+{
+ // Change admin accounts
+ $CACHE_UPDATE = "0";
+ foreach ($_POST['login'] as $id=>$login)
+ {
+ // Secure ID number
+ $id = bigintval($id);
+
+ // When both passwords match update admin account
+ if ($_POST['pass1'][$id] == $_POST['pass2'][$id])
+ {
+ // Save only when both passwords are the same (also when they are empty)
+ $ADD = ""; $CACHE_UPDATE = "1";
+
+ // Generate hash
+ $hash = generateHash($_POST['pass1'][$id]);
+
+ // Save password when set
+ if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";
+
+ // Get admin's ID
+ $salt = substr(GET_ADMIN_HASH($_COOKIE['admin_login']), 0, -40);
+ $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
+
+ // Rewrite cookie when it's own account
+ if ($aid == $id)
+ {
+ // Timeout
+ $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);
+
+ // Set timeout cookie
+ @setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH);
+
+ if ($login != $_COOKIE['admin_login'])
+ {
+ // Update login cookie
+ @setcookie("admin_login", $login, $TIMEOUT, COOKIE_PATH);
+
+ // Update password cookie as well?
+ if (!empty($ADD)) @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
+ }
+ elseif (generateHash($_POST['pass1'][$id], $salt) != $_COOKIE['admin_md5'])
+ {
+ // Update password cookie
+ @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
+ }
+
+ }
+
+ // Update admin account
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
+login='%s'".$ADD.",
+email='%s',
+default_acl='%s',
+la_mode='%s'
+WHERE id=%d LIMIT 1",
+ array(
+ $login,
+ $_POST['email'][$id],
+ $_POST['mode'][$id],
+ $_POST['la_mode'][$id],
+ $id
+), __FILE__, __LINE__);
+
+ // Admin account saved
+ $MSG = ADMIN_ACCOUNT_SAVED;
+ }
+ else
+ {
+ // Passwords did not match
+ $MSG = ADMINS_ERROR_PASS_MISMATCH;
+ }
+ }
+
+ // Remove cache file
+ if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
+ {
+ if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
+ }
+
+ // Display message
+ if (!empty($MSG))
+ {
+ LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");
+ }
+}
+ elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0))
+{
+ // Check if this account is the last one which cannot be deleted...
+ $result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);
+ $accounts = SQL_NUMROWS($result_main);
+ SQL_FREERESULT($result_main);
+ if ($accounts > 1)
+ {
+ // Delete accounts
+ $SW = 2; $OUT = "";
+ foreach ($_POST['sel'] as $id=>$sel)
+ {
+ $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+ array(bigintval($id)), __FILE__, __LINE__);
+ if (SQL_NUMROWS($result) == 1)
+ {
+ // Entry found
+ $content = SQL_FETCHARRAY($result);
+ SQL_FREERESULT($result);
+ $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
+ eval($eval);
+ $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
+ eval($eval);
+
+ // Prepare some more data
+ $content['sw'] = $SW;
+ $content['id'] = $id;
+
+ // Load row template and switch color
+ $OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);
+ $SW = 3 - $SW;
+ }
+ }
+ define('__ADMINS_ROWS', $OUT);
+
+ // Load template
+ LOAD_TEMPLATE("admin_del_admins");
+ }
+ else
+ {
+ // Cannot delete last account!
+ LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);
+ }
+}
+ else
+{
+ if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0))
+ {
+ // Remove accounts now
+ $CACHE_UPDATE = "0";
+ foreach ($_POST['sel'] as $id=>$del)
+ {
+ // Delete only when it's not your own account!
+ if (($del == 1) && (GET_ADMIN_ID($_COOKIE['admin_login']) != $id))
+ {
+ // Rewrite his tasks to all admins
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",
+ array(bigintval($id)), __FILE__, __LINE__);
+
+ // Remove account
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+ array(bigintval($id)), __FILE__, __LINE__);
+
+ $CACHE_UPDATE = "1";
+ }
+ }
+
+ // Remove cache if cache system is activated
+ if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
+ {
+ if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
+ }
+ }
+
+ // List all admin accounts
+ $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login", __FILE__, __LINE__);
+ $SW = 2; $OUT = "";
+ while ($content = SQL_FETCHARRAY($result))
+ {
+ // Compile some variables
+ $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
+ eval($eval);
+ $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
+ eval($eval);
+
+ // Prepare some more data
+ $content['sw'] = $SW;
+ $content['email_link'] = CREATE_EMAIL_LINK($content['id']);
+
+ // Load row template and switch color
+ $OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);
+ $SW = 3 - $SW;
+ }
+
+ // Free memory
+ SQL_FREERESULT($result);
+ define('__ADMINS_ROWS', $OUT);
+
+ // Load template
+ LOAD_TEMPLATE("admin_list_admins");
+}
+//
+?>