X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=inline;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=39e47d68e661ffa96d9a37ff29fc3a358f3b0ee1;hb=cca98f57dff720b174d21d071cee8303462485d7;hp=34338993123827143000009b2b31d20ed231ee78;hpb=3608f72d51e8126720024704398cf738e61f890b;p=mailer.git diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 3433899312..39e47d68e6 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -43,13 +43,13 @@ function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER) { $ret = "already"; // Lookup the user - $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id FROM `{!MYSQL_PREFIX!}_admins` WHERE login='%s' LIMIT 1", array($user), __FILE__, __LINE__); // Is the entry there? if (SQL_NUMROWS($result) == 0) { // Ok, let's create the admin login - SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES ('%s', '%s', '%s')", + SQL_QUERY_ESC("INSERT INTO `{!MYSQL_PREFIX!}_admins` (login, password, email) VALUES ('%s', '%s', '%s')", array($user, $md5, $email), __FILE__, __LINE__); $ret = "done"; } // END - if @@ -91,7 +91,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { $ADD = RUN_FILTER('sql_admin_extra_data'); // Get password from DB - $result = SQL_QUERY_ESC("SELECT password".$ADD." FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT password".$ADD." FROM `{!MYSQL_PREFIX!}_admins` WHERE id=%s LIMIT 1", array($aid), __FILE__, __LINE__); // Entry found? @@ -140,11 +140,11 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { set_session('mxchange_admin_last_fail', $data['last_failure']); // Update password and reset login failures - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s',login_failures=0,last_failure='0000-00-00 00:00:00' WHERE id=%s LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_admins` SET password='%s',login_failures=0,last_failure='0000-00-00 00:00:00' WHERE id=%s LIMIT 1", array($data['password'], $aid), __FILE__, __LINE__); } else { // Update password - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE id=%s LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_admins` SET password='%s' WHERE id=%s LIMIT 1", array($data['password'], $aid), __FILE__, __LINE__); } @@ -173,7 +173,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { // Count login failure if admins extension version is 0.7.0+ if (($ret == "pass") && (GET_EXT_VERSION("admins") >= "0.7.0")) { // Update counter - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failures=login_failures+1,last_failure=NOW() WHERE id=%s LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_admins` SET login_failures=login_failures+1,last_failure=NOW() WHERE id=%s LIMIT 1", array($aid), __FILE__, __LINE__); // Rebuild cache @@ -192,7 +192,7 @@ function LOGIN_ADMIN ($adminLogin, $passHash) { // Reset failure counter on matching admins version if ((GET_EXT_VERSION("admins") >= "0.7.0") && ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == ""))) { // Reset counter on out-dated sql_patches version - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failures=0,last_failure='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_admins` SET login_failures=0,last_failure='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1", array($adminLogin), __FILE__, __LINE__); // Rebuild cache @@ -343,7 +343,7 @@ function ADMIN_DO_ACTION($wht) { LOAD_TEMPLATE("admin_main_header"); // Check if action/what pair is valid - $result_action = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu + $result_action = SQL_QUERY_ESC("SELECT id FROM `{!MYSQL_PREFIX!}_admin_menu` WHERE action='%s' AND ((what='%s' AND what != 'overview') OR ((what='' OR what IS NULL) AND '%s'='overview')) LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); if (SQL_NUMROWS($result_action) == 1) { @@ -411,11 +411,11 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { } // END - if // Build main menu - $result_main = SQL_QUERY("SELECT action, title, descr FROM `"._MYSQL_PREFIX."_admin_menu` WHERE (what='' OR what IS NULL) ORDER BY sort, id DESC", __FILE__, __LINE__); + $result_main = SQL_QUERY("SELECT action, title, descr FROM `{!MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR what IS NULL) ORDER BY sort, id DESC", __FILE__, __LINE__); if (SQL_NUMROWS($result_main) > 0) { - $OUT = " -\n"; + $OUT = "
 
+\n"; while (list($menu, $title, $descr) = SQL_FETCHROW($result_main)) { if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) @@ -435,8 +435,8 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { $menuTitle[$menu] = $title; $menuDesription[$menu] = $descr; } - $OUT .= " - + -\n"; - $result_what = SQL_QUERY_ESC("SELECT what, title, descr FROM `"._MYSQL_PREFIX."_admin_menu` WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort, id DESC", + $OUT .= " +\n"; + $result_what = SQL_QUERY_ESC("SELECT what, title, descr FROM `{!MYSQL_PREFIX!}_admin_menu` WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort, id DESC", array($menu), __FILE__, __LINE__); if ((SQL_NUMROWS($result_what) > 0) && ($act == $menu)) { $menuDesription = array(); $menuTitle = array(); $SUB = true; - $OUT .= " - - +\n"; } - $OUT .= "\n"; + $OUT .= "\n"; } } // Free memory SQL_FREERESULT($result_main); - $OUT .= "
 
+ $OUT .= "
 · "; if (($menu == $act) && (empty($wht))) { @@ -455,18 +455,18 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { { $OUT .= "]"; } - $OUT .= "
  - \n"; + $OUT .= " + + -\n"; + $OUT .= "
  + \n"; while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) { // Filename $INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $wht_sub); @@ -481,8 +481,8 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { // Insert compiled title and description $menuTitle[$wht_sub] = $title_what; $menuDesription[$wht_sub] = $desc_what; - $OUT .= " - + -\n"; + $OUT .= " +\n"; } } // Free memory SQL_FREERESULT($result_what); - $OUT .= "
+ $OUT .= "
 --> "; if ($readable) { @@ -497,7 +497,7 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { } else { - $OUT .= ""; + $OUT .= ""; } $OUT .= $title_what; if ($readable) @@ -515,24 +515,24 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { { $OUT .= ""; } - $OUT .= "
-
+
\n"; + $OUT .= "\n"; } // Compile and run the code here. This inserts all constants into the @@ -570,7 +570,7 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $none=false, $field="userid") { // Output selection form with all confirmed user accounts listed - $result = SQL_QUERY("SELECT userid, surname, family FROM `"._MYSQL_PREFIX."_user_data` ORDER BY userid", __FILE__, __LINE__); + $result = SQL_QUERY("SELECT userid, surname, family FROM `{!MYSQL_PREFIX!}_user_data` ORDER BY userid", __FILE__, __LINE__); $OUT = ""; // USe this only for adding points (e.g. adding refs really makes no sence ;-) ) @@ -604,7 +604,7 @@ function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $non function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") { $wht = "what != ''"; if ($MODE == "action") $wht = "(what='' OR what IS NULL) AND action !='login'"; - $result = SQL_QUERY_ESC("SELECT %s, title FROM `"._MYSQL_PREFIX."_admin_menu` WHERE ".$wht." ORDER BY sort", + $result = SQL_QUERY_ESC("SELECT %s, title FROM `{!MYSQL_PREFIX!}_admin_menu` WHERE ".$wht." ORDER BY sort", array($MODE), __FILE__, __LINE__); if (SQL_NUMROWS($result) > 0) { // Load menu as selection @@ -798,7 +798,7 @@ function ADMIN_CHECK_MENU_MODE() { incrementConfigEntry('cache_hits'); } elseif (GET_EXT_VERSION("admins") >= "0.6.7") { // Load from database when version of "admins" is enough - $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT la_mode FROM `{!MYSQL_PREFIX!}_admins` WHERE id=%s LIMIT 1", array($aid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load data @@ -828,7 +828,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { // Should always be set... ;-) if (!empty($selected)) { // Determine new status - $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT %s FROM `{!MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", array($row, $table, $idRow, $id), __FILE__, __LINE__); // Row found? @@ -840,7 +840,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { if ($currStatus == "Y") $newStatus = "N"; else $newStatus = "Y"; // Change this status - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%s LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_%s` SET %s='%s' WHERE %s=%s LIMIT 1", array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__); // Count up affected rows @@ -960,10 +960,12 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct // "Walk" through all entries foreach ($IDs as $id => $sel) { // Construct SQL query - $SQL = "UPDATE "._MYSQL_PREFIX."_".$table." SET"; + $SQL = sprintf("UPDATE `{!_MYSQL_PREFIX!}_%s` SET", + SQL_ESCAPE($table) + ); // Load data of entry - $result = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT * FROM `{!MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", array($table, $idColumn, $id), __FILE__, __LINE__); // Fetch the data @@ -1042,7 +1044,7 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu // Shall we delete here or list for deletion? if ($deleteNow) { // The base SQL command: - $SQL = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_%s WHERE %s IN (%s)"; + $SQL = "DELETE LOW_PRIORITY FROM `{!MYSQL_PREFIX!}_%s` WHERE %s IN (%s)"; // Delete them all $idList = ""; @@ -1050,7 +1052,7 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu // Is there a userid? if (isset($_POST['uid_raw'][$id])) { // Load all data from that id - $result = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT * FROM `{!MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", array($table, $idColumn, $id), __FILE__, __LINE__); // Fetch the data @@ -1097,7 +1099,9 @@ function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc $content = array(); // Prepare SQL for this row - $SQL = "UPDATE "._MYSQL_PREFIX."_".$table." SET"; + $SQL = sprintf("UPDATE `{!_MYSQL_PREFIX!}_ SET", + SQL_ESCAPE($table) + ); foreach ($_POST as $key => $entries) { // Skip raw userid which is always invalid if ($key == "uid_raw") { @@ -1143,7 +1147,7 @@ function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc $affected += SQL_AFFECTEDROWS(); // Load all data from that id - $result = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT * FROM `{!MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", array($table, $idColumn, $id), __FILE__, __LINE__); // Fetch the data @@ -1224,7 +1228,7 @@ function ADMIN_SEND_PASSWORD_RESET_LINK ($email) { $email = COMPILE_CODE($email); // Look up administator login - $result = SQL_QUERY_ESC("SELECT id, login, password FROM "._MYSQL_PREFIX."_admins WHERE email='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id, login, password FROM `{!MYSQL_PREFIX!}_admins` WHERE email='%s' LIMIT 1", array($email), __FILE__, __LINE__); // Is there an account? @@ -1264,7 +1268,7 @@ function ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN ($hash, $login) { $login = COMPILE_CODE($login); // Then try to find that user - $result = SQL_QUERY_ESC("SELECT id, password, email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT id, password, email FROM `{!MYSQL_PREFIX!}_admins` WHERE login='%s' LIMIT 1", array($login), __FILE__, __LINE__); // Is an account here? @@ -1300,7 +1304,7 @@ function ADMIN_RESET_PASSWORD ($login, $password) { } // Update database - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_admins` SET password='%s' WHERE login='%s' LIMIT 1", array($passHash, $login), __FILE__, __LINE__); // Run filters @@ -1322,7 +1326,7 @@ function ADMIN_DELETE_TASK ($id) { // Function to update task data function ADMIN_UPDATE_TASK_DATA ($id, $row, $data) { // Update the task - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET %s='%s' WHERE id=%s LIMIT 1", + SQL_QUERY_ESC("UPDATE `{!MYSQL_PREFIX!}_task_system` SET %s='%s' WHERE id=%s LIMIT 1", array($row, $data, bigintval($id)), __FILE__, __LINE__); } //