X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=inc%2Fmodules%2Fadmin%2Fwhat-config_admins.php;h=4f459c95d108f8ba2d9ab41ceeb4884b0b4e7e16;hb=5deec33be1baf2135eefc2bbb0d1b63c6cbd2f9a;hp=c20a8c4f8fab4db9d9068871539a5b83c2534c28;hpb=52e8a0635bd0b7c653845685c55e4e5f251375fe;p=mailer.git

diff --git a/inc/modules/admin/what-config_admins.php b/inc/modules/admin/what-config_admins.php
index c20a8c4f8f..4f459c95d1 100644
--- a/inc/modules/admin/what-config_admins.php
+++ b/inc/modules/admin/what-config_admins.php
@@ -32,25 +32,23 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
+
 // Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
 
 $SEL = 0;
-if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
+if (REQUEST_ISSET_POST(('sel'))) $SEL = SELECTION_COUNT(REQUEST_POST('sel'));
 
-if ((isset($_POST['edit'])) && ($SEL > 0))
-{
+if ((REQUEST_ISSET_POST(('edit'))) && ($SEL > 0)) {
 	// Edit ACLs
 	$SW = 2; $OUT = "";
-	foreach ($_POST['sel'] as $id=>$sel)
-	{
+	foreach (REQUEST_POST('sel') as $id => $selected) {
 		// Load data for the ID
-		$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
 		 array(bigintval($id)), __FILE__, __LINE__);
 		list($aid, $act, $wht, $mode) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
@@ -65,7 +63,7 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
 			'mode_options'     => ADD_OPTION_LINES(
 				"/ARRAY/",
 				array("allow", "deny"),
-				array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE),
+				array(constant('ADMINS_ALLOW_MODE'), constant('ADMINS_DENY_MODE')),
 				$mode
 			),
 		);
@@ -78,59 +76,52 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
 
 	// Load main template
 	LOAD_TEMPLATE("admin_config_admins_edit");
-}
- elseif ((isset($_POST['change'])) && ($SEL > 0))
-{
+} elseif ((REQUEST_ISSET_POST(('change'))) && ($SEL > 0)) {
 	// Change entries
-	foreach ($_POST['sel'] as $id=>$sel)
-	{
+	foreach (REQUEST_POST('sel') as $id => $selected) {
 		// Secure ID
 		$id = bigintval($id);
 
 		// Update entries
-		$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%d, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%d LIMIT 1",
-		 array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
+		SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins_acls` SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
+			array(
+				REQUEST_POST('admin', $id),
+				REQUEST_POST('action_menu', $id),
+				REQUEST_POST('what_menu', $id),
+				REQUEST_POST('mode', $id),
+				$id
+			),__FILE__, __LINE__);
 	}
 
 	// Update cache when installed
-	if (EXT_IS_ACTIVE("cache"))
-	{
-		if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
+	if (EXT_IS_ACTIVE("cache")) {
+		if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile();
+
+		// Purge menu cache
+		CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin', $id));
 	}
 
 	// Entries changed
-	LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_ENTRIES_CHANGED);
-}
- elseif ((isset($_POST['del'])) && ($SEL > 0))
-{
+	LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_CHANGED'));
+} elseif ((REQUEST_ISSET_POST(('del'))) && ($SEL > 0)) {
 	// Delete ACLs
 	$SW = 2; $OUT = "";
-	foreach ($_POST['sel'] as $id=>$sel)
-	{
+	foreach (REQUEST_POST('sel') as $id => $selected) {
 		// Load data for the ID
-		$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
-		 array(bigintval($id)), __FILE__, __LINE__);
+		$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
+			array(bigintval($id)), __FILE__, __LINE__);
 		list($admin, $act, $wht, $mode) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
 
 		// Prepare variables
 		if (empty($act)) $act = "---";
-		if (empty($wht))   $wht   = "---";
-		$eval = "\$mode = ADMINS_".strtoupper($mode)."_MODE;";
-		eval($eval);
+		if (empty($wht)) $wht = "---";
 
-		// Load admin's data
-		$login = GET_ADMIN_LOGIN($admin);
-		if ($login != "***")
-		{
-			// Admin found
-			$admin = "<A href=\"".URL."/modules.php?module=admin&amp;what=admins_contct&amp;admin=".$admin."\">".$login."</A>";
-		}
-		 else
-		{
-			// Maybe deleted?
-			$admin = "<FONT class=\"admin_note\">".ADMIN_ID_404_1.$admin.ADMIN_ID_404_2."</FONT>";
-		}
+		// Get admin mode
+		$mode = constant('ADMINS_'.strtoupper($mode).'_MODE');
+
+		// Generate link
+		$admin = GENERATE_AID_LINK($admin);
 
 		// Prepare data for the row template
 		$content = array(
@@ -150,127 +141,99 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
 
 	// Load main template
 	LOAD_TEMPLATE("admin_config_admins_del");
-}
- elseif ((isset($_POST['remove'])) && ($SEL > 0))
-{
+} elseif ((REQUEST_ISSET_POST(('remove'))) && ($SEL > 0)) {
 	// Remove entries
-	foreach ($_POST['sel'] as $id=>$sel)
-	{
-		$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
-		 array(bigintval($id)),__FILE__, __LINE__);
+	foreach (REQUEST_POST('sel') as $id => $selected) {
+		SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE id=%s LIMIT 1",
+			array(bigintval($id)),__FILE__, __LINE__);
 	}
 
 	// Update cache when installed
-	if (EXT_IS_ACTIVE("cache"))
-	{
-		if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
+	if (EXT_IS_ACTIVE("cache")) {
+		if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile();
+
+		// @TODO This causes the whole (!) menu cache being rebuild
+		CACHE_PURGE_ADMIN_MENU();
 	}
 
 	// Entries deleted
-	LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_ENTRIES_DELETED);
-}
- elseif (isset($_POST['add']))
-{
+	LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_ENTRIES_DELETED'));
+} elseif (REQUEST_ISSET_POST(('add'))) {
 	// Check if everything is fine...
-	$result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
-	 array(bigintval($_POST['admin_id'])), __FILE__, __LINE__);
-	list($mode) = SQL_FETCHROW($result);
-	SQL_FREERESULT($result);
+	$mode = GET_ADMIN_DEFAULT_ACL(bigintval(REQUEST_POST('admin_id')));
 
 	// Default ACL is false
 	$ACL = false;
-	if (!empty($_POST['what_menu']))
-	{
+	if (REQUEST_ISSET_POST(('what_menu'))) {
 		// Check parent ACL
-		$ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", $_POST['what_menu']), "");
+		$ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", REQUEST_POST('what_menu')), "");
 	}
 
-	if ($mode != $_POST['mode'] || ($ACL))
-	{
+	if ($mode != REQUEST_POST('mode') || ($ACL)) {
 		// Mode is fine
-		$BOTH = ((!empty($_POST['action_menu'])) && (!empty($_POST['what_menu'])));
-		if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH))
-		{
+		$BOTH = ((REQUEST_ISSET_POST(('action_menu'))) && (REQUEST_ISSET_POST(('what_menu'))));
+		if (((REQUEST_ISSET_POST(('action_menu'))) || (REQUEST_ISSET_POST(('what_menu')))) && (!$BOTH)) {
 			// Main or sub menu selected
-			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' AND what_menu='%s' LIMIT 1",
-			 array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
-			if (SQL_NUMROWS($result) == 0)
-			{
+			$result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
+			 array(bigintval(REQUEST_POST('admin_id')), REQUEST_POST('action_menu'), REQUEST_POST('what_menu')), __FILE__, __LINE__);
+			if (SQL_NUMROWS($result) == 0) {
 				// Finally add the new ACL
-				$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins_acls (admin_id, action_menu, what_menu, access_mode)
-VALUES ('%s', '%s', '%s', '%s')",
+				SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins_acls` (admin_id, action_menu, what_menu, access_mode)
+VALUES ('%s','%s','%s','%s')",
  array(
-	$_POST['admin_id'],
-	$_POST['action_menu'],
-	$_POST['what_menu'],
-	$_POST['mode']
+	bigintval(REQUEST_POST('admin_id')),
+	REQUEST_POST('action_menu'),
+	REQUEST_POST('what_menu'),
+	REQUEST_POST('mode')
 ), __FILE__, __LINE__);
 				$content = ADMIN_ADMINS_ACL_SAVED;
 
 				// Update cache when installed
-				if (EXT_IS_ACTIVE("cache"))
-				{
-					if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
-				}
-			}
-			 else
-			{
+				if (EXT_IS_ACTIVE("cache")) {
+					if ($GLOBALS['cache_instance']->loadCacheFile("admins_acls")) $GLOBALS['cache_instance']->destroyCacheFile();
+
+					// Purge cache
+					CACHE_PURGE_ADMIN_MENU(REQUEST_POST('admin_id'), REQUEST_POST('action_menu'), REQUEST_POST('what_menu'));
+				} // END - if
+			} else {
 				// ACL does already exist!
 				$content = ADMIN_ADMINS_ACL_ALREADY_ADDED;
 			}
 
 			// Free memory
 			SQL_FREERESULT($result);
-		}
-		 else
-		{
+		} else {
 			// No menu selected makes also no sence...
 			$content = ADMIN_ADMINS_SELECT_ACTION_WHAT;
 		}
-	}
-	 else
-	{
+	} else {
 		// Same mode makes no sence...
 		$content = ADMIN_ADMINS_SAME_MODE_SELECTED;
 	}
 
 	// Display message
 	LOAD_TEMPLATE("admin_settings_saved", false, $content);
-}
- else
-{
+} else {
 	// List all ACLs
-	$result_acls = SQL_QUERY("SELECT id, admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls ORDER BY admin_id, id", __FILE__, __LINE__);
+	$result_acls = SQL_QUERY("SELECT id, admin_id, action_menu, what_menu, access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` ORDER BY admin_id, id", __FILE__, __LINE__);
 	if (SQL_NUMROWS($result_acls) > 0)
 	{
 		// List ACLs
 		$SW = 2; $OUT = "";
-		while(list($id, $admin, $act, $wht, $mode) = SQL_FETCHROW($result_acls))
+		while (list($id, $admin, $act, $wht, $mode) = SQL_FETCHROW($result_acls))
 		{
 			// Prepare variables
 			if (empty($act)) $act = "---";
 			if (empty($wht))   $wht   = "---";
-			$eval = "\$mode = ADMINS_".strtoupper($mode)."_MODE;";
-			eval($eval);
-
-			// Load admin's data
-			$login = GET_ADMIN_LOGIN($admin);
-			if ($login != "***")
-			{
-				// Admin found
-				$admin = "<A href=\"".URL."/modules.php?module=admin&amp;what=admins_contct&amp;admin=".$admin."\">".$login."</A>";
-			}
-			 else
-			{
-				// Maybe deleted?
-				$admin = "<FONT class=\"admin_note\">".ADMIN_ID_404_1.$admin.ADMIN_ID_404_2."</FONT>";
-			}
+
+			// Get mode
+			$mode = constant('ADMINS_'.strtoupper($mode).'_MODE');
 
 			// Prepare data for the row template
 			$content = array(
 				'sw'     => $SW,
 				'id'     => $id,
-				'admin'  => $admin,
+				'admin'  => GENERATE_AID_LINK($admin),
 				'action' => $act,
 				'what'   => $wht,
 				'mode'   => $mode,
@@ -298,5 +261,6 @@ VALUES ('%s', '%s', '%s', '%s')",
 	// Load template for adding new ACL
 	LOAD_TEMPLATE("admin_admins_add_acl");
 }
+
 //
 ?>