X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Ffilters.php;h=bd4fd26d0644170312c57881c7ef8a282ec50535;hb=49ffe0a4fb551d0965e97db1ad4ff12f13f4b9ad;hp=fe843fb8f0a74f9ad1c1835985e69490ba1bea1d;hpb=3e67aa21428cb9bc5b8d7552d2dd0770fc46dfb3;p=mailer.git
diff --git a/inc/filters.php b/inc/filters.php
index fe843fb8f0..bd4fd26d06 100644
--- a/inc/filters.php
+++ b/inc/filters.php
@@ -38,13 +38,13 @@ if (!defined('__SECURITY')) {
}
// Init "generic filter system"
-function INIT_FILTER_SYSTEM() {
+function INIT_FILTER_SYSTEM () {
global $filters, $loadedFilters, $counter;
// Is the filter already initialized?
if ((isset($filters)) && (is_array($filters))) {
// Then abort here
- ADD_FATAL(FILTER_FAILED_ALREADY_INIT);
+ addFatalMessage(FILTER_FAILED_ALREADY_INIT);
return false;
} // END - if
@@ -125,6 +125,9 @@ ORDER BY `filter_id` ASC", __FILE__, __LINE__);
// Run SQLs
REGISTER_FILTER('run_sqls', 'RUN_SQLS');
+ // Admin ACL check
+ REGISTER_FILTER('check_admin_acl', 'CHECK_ADMIN_ACL');
+
// Register shutdown filters
REGISTER_FILTER('shutdown', 'FLUSH_FILTERS');
}
@@ -140,7 +143,7 @@ function REGISTER_FILTER ($filterName, $filterFunction, $silentAbort = true, $fo
if ((isset($filters[$filterName][$filterFunction])) && (!$force)) {
// Then abort here
if (!$silentAbort) {
- ADD_FATAL(sprintf(FILTER_FAILED_ALREADY_ADDED, $filterFunction, $filterName));
+ addFatalMessage(sprintf(FILTER_FAILED_ALREADY_ADDED, $filterFunction, $filterName));
} // END - if
// Abort here
@@ -150,7 +153,7 @@ function REGISTER_FILTER ($filterName, $filterFunction, $silentAbort = true, $fo
// Is the function there?
if (!function_exists($filterFunction)) {
// Then abort here
- ADD_FATAL(sprintf(FILTER_FAILED_NOT_FOUND, $filterFunction, $filterName));
+ addFatalMessage(sprintf(FILTER_FAILED_NOT_FOUND, $filterFunction, $filterName));
return false;
} // END - if
@@ -174,7 +177,7 @@ function UNREGISTER_FILTER ($filterName, $filterFunction, $force = false, $dry_r
// Is that filter there?
if ((!isset($filters[$filterName][$filterFunction])) && (!$force)) {
// Not found, so abort here
- ADD_FATAL(sprintf(FILTER_FAILED_NOT_REMOVED, $filterFunction, $filterName));
+ addFatalMessage(sprintf(FILTER_FAILED_NOT_REMOVED, $filterFunction, $filterName));
return false;
} // END - if
@@ -195,7 +198,7 @@ function RUN_FILTER ($filterName, $data = null, $silentAbort = true) {
// Then abort here (quick'N'dirty hack)
if ((!$silentAbort) && (defined('FILTER_FAILED_NO_FILTER_FOUND'))) {
// Add fatal message
- ADD_FATAL(sprintf(FILTER_FAILED_NO_FILTER_FOUND, $filterName));
+ addFatalMessage(sprintf(FILTER_FAILED_NO_FILTER_FOUND, $filterName));
} // END - if
// Abort here
@@ -208,7 +211,7 @@ function RUN_FILTER ($filterName, $data = null, $silentAbort = true) {
// Then run all filters
foreach ($filters[$filterName] as $filterFunction=>$active) {
// Debug message
- //* DEBUG: */ echo __FUNCTION__."(".__LINE__."): name={$filterName}, func={$filterFunction}, active={$active}
\n";
+ //* DEBUG: */ echo __FUNCTION__."(".__LINE__."): name={$filterName},func={$filterFunction},active={$active}
\n";
// Is the filter active?
if ($active == "Y") {
@@ -247,7 +250,7 @@ function FILTER_FLUSH_FILTERS () {
// Is a database link here and not in installation mode?
if ((!is_resource($link)) && (!isBooleanConstantAndTrue('mxchange_installing'))) {
// Abort here
- ADD_FATAL(sprintf(FILTER_FLUSH_FAILED_NO_DATABASE, $filterFunction, $filterName));
+ addFatalMessage(sprintf(FILTER_FLUSH_FAILED_NO_DATABASE, $filterFunction, $filterName));
return false;
} // END - if
@@ -316,7 +319,7 @@ function FILTER_FLUSH_FILTERS () {
} // END - if
// Run the run_sqls filter in non-dry mode
- RUN_FILTER('run_sqls', false);
+ RUN_FILTER('run_sqls', array('dry_run' => false, 'sqls' => $SQLs));
}
// Filter for calling the handler for login failtures
@@ -385,38 +388,42 @@ function FILTER_SOLVE_TASK ($data) {
// Filter to load include files
function FILTER_LOAD_INCLUDES ($data) {
- global $INC_POOL;
+ global $CSS;
+
+ // Default is $data as inclusion list
+ $INC_POOL = $data;
// Is it an array?
- if ((!isset($INC_POOL)) || (!is_array($INC_POOL))) {
+ if ((!isset($data)) || (!is_array($data))) {
// Then abort here
DEBUG_LOG(__FILE__, __LINE__, "INC_POOL is no array!");
return $data;
- } // END - if
+ } elseif (isset($data['inc_pool'])) {
+ // Use this as new inclusion pool!
+ $INC_POOL = $data['inc_pool'];
+ }
// Check for added include files
if (count($INC_POOL) > 0) {
// Loads every include file
- foreach ($INC_POOL as $fqfn) {
- require_once($fqfn);
+ foreach ($INC_POOL as $FQFN) {
+ require_once($FQFN);
} // END - foreach
- // Remove array
- unset($INC_POOL);
+ // Reset array
+ if (isset($data['inc_pool'])) $data['inc_pool'] = array();
} // END - if
- // Return $data
+ // Continue with processing
return $data;
}
// Filter for running SQL commands
-function FILTER_RUN_SQLS ($dry_run) {
- global $SQLs;
-
+function FILTER_RUN_SQLS ($data) {
// Is the array there?
- if ((is_array($SQLs)) && (!$dry_run)) {
+ if ((isset($data['sqls'])) && ((!isset($data['dry_run'])) || ($data['dry_run'] == false))) {
// Run SQL commands
- foreach ($SQLs as $sql) {
+ foreach ($data['sqls'] as $sql) {
$sql = trim($sql);
if (!empty($sql)) {
// Do we have an "ALTER TABLE" command?
@@ -429,10 +436,7 @@ function FILTER_RUN_SQLS ($dry_run) {
}
} // END - if
} // END - foreach
- } elseif (GET_EXT_VERSION("sql_patches") == "") {
- // Remove SQLs if extension is not installed
- $SQLs = array();
- }
+ } // END - if
}
// Filter for updating/validating login data
@@ -446,40 +450,62 @@ function FILTER_UPDATE_LOGIN_DATA () {
// Secure user ID
$GLOBALS['userid'] = bigintval(get_session('userid'));
- // Extract last online time (life) and how long is auto-login valid (time)
- $newl = time() + bigintval(get_session('lifetime'));
-
// Load last module and last online time
- $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1",
+ array($GLOBALS['userid']), __FILE__, __LINE__);
+
+ // Entry found?
if (SQL_NUMROWS($result) == 1) {
// Load last module and online time
list($mod, $onl) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
// Maybe first login time?
if (empty($mod)) $mod = "login";
- if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", get_session('u_hash'), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) {
- // This will be displayed on welcome page! :-)
- if (empty($LAST['module'])) {
- $LAST['module'] = $mod; $LAST['online'] = $onl;
- } // END - if
+ // This will be displayed on welcome page! :-)
+ if (empty($LAST['module'])) {
+ $LAST['module'] = $mod; $LAST['online'] = $onl;
+ } // END - if
- // "what" not set?
- if (empty($GLOBALS['what'])) {
- // Fix it to default
- $GLOBALS['what'] = "welcome";
- if (getConfig('index_home') != "") $GLOBALS['what'] = getConfig('index_home');
- } // END - if
+ // "what" not set?
+ if (empty($GLOBALS['what'])) {
+ // Fix it to default
+ $GLOBALS['what'] = "welcome";
+ if (getConfig('index_home') != "") $GLOBALS['what'] = getConfig('index_home');
+ } // END - if
- // Update last module / online time
- $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",
- array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);
- }
+ // Update last module / online time
+ SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",
+ array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);
} else {
// Destroy session, we cannot update!
destroy_user_session();
}
+
+ // Free the result
+ SQL_FREERESULT($result);
+}
+
+// Filter for checking admin ACL
+function FILTER_CHECK_ADMIN_ACL () {
+ // Extension not installed so it's always allowed to access everywhere!
+ $ret = true;
+
+ // Ok, Cookie-Update done
+ if (GET_EXT_VERSION("admins") >= "0.3") {
+ // Check if action GET variable was set
+ $action = SQL_ESCAPE($GLOBALS['action']);
+ if (!empty($GLOBALS['what'])) {
+ // Get action value by what-value
+ $action = GET_ACTION("admin", $GLOBALS['what']);
+ } // END - if
+
+ // Check for access control line of current menu entry
+ $ret = ADMINS_CHECK_ACL($action, $GLOBALS['what']);
+ } // END - if
+
+ // Return result
+ return $ret;
}
//