X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Flibs%2Fadmins_functions.php;h=1c43c5ec22a8f2581c2b3a19e67569784850cde4;hb=ab5ff5126ef56b08f5130a9e110b53c00d0a2761;hp=5f5075a574ff7e8f131933632b448db9ea4fd8cf;hpb=63f159414369b5ea19a8ca75d8cd8033c45d8341;p=mailer.git diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index 5f5075a574..1c43c5ec22 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -16,7 +16,7 @@ * $Author:: $ * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009 - 2012 by Mailer Developer Team * + * Copyright (c) 2009 - 2013 by Mailer Developer Team * * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -38,7 +38,7 @@ // Some security stuff... if (!defined('__SECURITY')) { die(); -} +} // END - if // Check ACL for menu combination function isAdminsAllowedByAcl ($action, $what) { @@ -47,15 +47,12 @@ function isAdminsAllowedByAcl ($action, $what) { if (($action == 'login') || ($action == 'logout')) { // If action is login or logout allow allways! - return true; + return TRUE; } elseif (isset($GLOBALS[__FUNCTION__][$adminId][$action][$what])) { // If we have cache, use it return $GLOBALS[__FUNCTION__][$adminId][$action][$what]; } - // But default result is failed - $GLOBALS[__FUNCTION__][$action][$what] = false; - // Get admin's defult access right $default = getAdminDefaultAcl($adminId); @@ -68,7 +65,7 @@ function isAdminsAllowedByAcl ($action, $what) { $parent = isAdminsAllowedByAcl($parent_action, ''); } else { // Anything else is true! - $parent = false; + $parent = FALSE; } // Shall I test for a main or sub menu? (action or what?) @@ -102,32 +99,35 @@ function isAdminsAllowedByAcl ($action, $what) { } } elseif (!isExtensionActive('cache')) { // Extension ext-cache is absent, so load it from database - $result = false; + $result = FALSE; if (!empty($action)) { // Main menu - $result = SQL_QUERY_ESC("SELECT `access_mode` FROM `{?_MYSQL_PREFIX?}_admins_acls` WHERE `admin_id`=%s AND `action_menu`='%s' LIMIT 1", + $result = sqlQueryEscaped("SELECT `access_mode` FROM `{?_MYSQL_PREFIX?}_admins_acls` WHERE `admin_id`=%s AND `action_menu`='%s' LIMIT 1", array(bigintval($adminId), $action), __FUNCTION__, __LINE__); } elseif (!empty($what)) { // Sub menu - $result = SQL_QUERY_ESC("SELECT `access_mode` FROM `{?_MYSQL_PREFIX?}_admins_acls` WHERE `admin_id`=%s AND `what_menu`='%s' LIMIT 1", + $result = sqlQueryEscaped("SELECT `access_mode` FROM `{?_MYSQL_PREFIX?}_admins_acls` WHERE `admin_id`=%s AND `what_menu`='%s' LIMIT 1", array(bigintval($adminId), $what), __FUNCTION__, __LINE__); } // Is an entry found? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Load ACL - list($aclMode) = SQL_FETCHROW($result); + list($aclMode) = sqlFetchRow($result); } // END - if // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); } + // But default result is failed + $GLOBALS[__FUNCTION__][$adminId][$action][$what] = FALSE; + // Check ACL and (maybe) allow //* DEBUG: */ debugOutput('default='.$default.',acl_mode='.$aclMode.',parent='.intval($parent)); - if ((($default == 'allow') && ($aclMode != 'deny')) || (($default == 'deny') && ($aclMode == 'allow')) || ($parent === true) || (($default == 'NO-ACL') && ($aclMode == 'failed') && ($parent === false))) { + if ((($default == 'allow') && ($aclMode != 'deny')) || (($default == 'deny') && ($aclMode == 'allow')) || ($parent === TRUE) || (($default == 'NO-ACL') && ($aclMode == 'failed') && ($parent === FALSE))) { // Access is granted - $GLOBALS[__FUNCTION__][$adminId][$action][$what] = true; + $GLOBALS[__FUNCTION__][$adminId][$action][$what] = TRUE; } // END - if // Return value @@ -140,7 +140,7 @@ function generateAdminEmailLink ($email, $mod = 'admin') { // Is it an email? if (isInString('@', $email)) { // Create email link - $result = SQL_QUERY_ESC("SELECT `id` + $result = sqlQueryEscaped("SELECT `id` FROM `{?_MYSQL_PREFIX?}_admins` WHERE @@ -149,17 +149,17 @@ LIMIT 1", array($email), __FUNCTION__, __LINE__); // Is there an entry? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Load userid - list($adminId) = SQL_FETCHROW($result); + list($adminId) = sqlFetchRow($result); // Call this function again $email = generateAdminEmailLink($adminId, $mod); } // END - if // Free memory - SQL_FREERESULT($result); - } elseif (isValidUserId($email)) { + sqlFreeResult($result); + } elseif (isValidId($email)) { // Direct id given $email = '{%url=modules.php?module=' . $mod . '&what=admins_contct&id=' . bigintval($email) . '%}'; } else { @@ -172,7 +172,7 @@ LIMIT 1", } // Change a lot admin account -function adminsChangeAdminAccount ($postData, $element = '', $displayMessage = true) { +function adminsChangeAdminAccount ($postData, $element = '', $displayMessage = TRUE) { // Begin the update $cache_update = '0'; $message = ''; @@ -180,28 +180,32 @@ function adminsChangeAdminAccount ($postData, $element = '', $displayMessage = t foreach ($postData['login'] as $id => $login) { // Secure id number $id = bigintval($id); - /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'id=' . $id . ',login=' . $login); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'id=' . $id . ',login=' . $login); // When both passwords match update admin account if ((!empty($element)) && (isset($postData[$element]))) { // Save this setting - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `%s`='%s' WHERE `id`=%s LIMIT 1", - array($element, $postData[$element][$id], $id), __FUNCTION__, __LINE__); + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `%s`='%s' WHERE `id`=%s LIMIT 1", + array( + $element, + $postData[$element][$id], + $id + ), __FUNCTION__, __LINE__); // Admin account saved $message = '{--ADMIN_ACCOUNT_SAVED--}'; - } elseif ((!empty($postData['pass1'])) && (!empty($postData['pass2']))) { + } elseif ((!empty($postData['password1'])) && (!empty($postData['password2']))) { // Update only if both passwords match - if (($postData['pass1'][$id] == $postData['pass2'][$id])) { + if (($postData['password1'][$id] == $postData['password2'][$id])) { // Save only when both passwords are the same (also when they are empty) $add = ''; $cache_update = 1; // Generate hash - $hash = generateHash($postData['pass1'][$id]); + $hash = generateHash($postData['password1'][$id]); // Save password when set - if (!empty($postData['pass1'][$id])) { - $add = sprintf(",`password`='%s'", SQL_ESCAPE($hash)); + if (!empty($postData['password1'][$id])) { + $add = sprintf(",`password`='%s'", sqlEscapeString($hash)); } // END - if // Get admin's id @@ -221,7 +225,7 @@ function adminsChangeAdminAccount ($postData, $element = '', $displayMessage = t if (!empty($add)) { setAdminMd5($hash); } // END - if - } elseif (generateHash($postData['pass1'][$id], $salt) != getAdminMd5()) { + } elseif (generateHash($postData['password1'][$id], $salt) != getAdminMd5()) { // Update password cookie setAdminMd5($hash); } @@ -233,7 +237,7 @@ function adminsChangeAdminAccount ($postData, $element = '', $displayMessage = t // Update admin account if ($default == 'allow') { // Allow changing default ACL - SQL_QUERY_ESC("UPDATE + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login`='%s'" . $add . ", @@ -252,7 +256,7 @@ LIMIT 1", ), __FUNCTION__, __LINE__); } else { // Do not allow it here - SQL_QUERY_ESC("UPDATE + sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login`='%s'" . $add . ", @@ -280,10 +284,10 @@ LIMIT 1", $SQL = getUpdateSqlFromArray($postData, 'admins', 'id', '%s', array('login', 'id'), $id); // Run it - SQL_QUERY_ESC($SQL, array(bigintval($id)), __FUNCTION__, __LINE__); + sqlQueryEscaped($SQL, array(bigintval($id)), __FUNCTION__, __LINE__); // Was it updated? - if (SQL_AFFECTEDROWS() == 1) { + if (sqlAffectedRows() == 1) { // Admin account saved $message = '{--ADMIN_ACCOUNT_SAVED--}'; } else { @@ -294,7 +298,7 @@ LIMIT 1", } // END - foreach // Display message if not empty and allowed - if ((!empty($message)) && ($displayMessage === true)) { + if ((!empty($message)) && ($displayMessage === TRUE)) { // Display it displayMessage($message); } // END - if @@ -318,11 +322,11 @@ function adminsEditAdminAccount ($postData) { $id = bigintval($id); // Get the admin's data - $result = SQL_QUERY_ESC("SELECT `login`,`email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", + $result = sqlQueryEscaped('SELECT `login`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1', array($id), __FUNCTION__, __LINE__); - if ((SQL_NUMROWS($result) == 1) && ($selected == 1)) { + if ((sqlNumRows($result) == 1) && ($selected == 1)) { // Entry found - $content = SQL_FETCHARRAY($result); + $content = sqlFetchArray($result); // Prepare some more data for the template $content['id'] = $id; @@ -337,15 +341,15 @@ function adminsEditAdminAccount ($postData) { } // Load row template and switch color - $OUT .= loadTemplate('admin_edit_admins_row', true, $content); + $OUT .= loadTemplate('admin_edit_admins_row', TRUE, $content); } // END - if // Free result - SQL_FREERESULT($result); + sqlFreeResult($result); } // END - foreach // Load template - loadTemplate('admin_edit_admins', false, $OUT); + loadTemplate('admin_edit_admins', FALSE, $OUT); } // Generate access mode selection box for given admin id @@ -403,7 +407,7 @@ function generateAdminMenuModeSelectionBox ($adminId = NULL) { // Delete given admin accounts function adminsDeleteAdminAccount ($postData) { // Check if this account is the last one which cannot be deleted... - if (countSumTotalData('', 'admins', 'id', '', true) > 1) { + if (countSumTotalData('', 'admins', 'id', '', TRUE) > 1) { // Delete accounts $OUT = ''; foreach ($postData['sel'] as $id => $selected) { @@ -411,13 +415,22 @@ function adminsDeleteAdminAccount ($postData) { $id = bigintval($id); // Get the admin's data - $result = SQL_QUERY_ESC("SELECT `login`,`email`,`default_acl` AS `access_mode`,`la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", + $result = sqlQueryEscaped('SELECT + `login`, + `email`, + `default_acl` AS `access_mode`, + `la_mode` +FROM + `{?_MYSQL_PREFIX?}_admins` +WHERE + `id`=%s +LIMIT 1', array($id), __FUNCTION__, __LINE__); - // Do we have an entry? - if (SQL_NUMROWS($result) == 1) { + // Is there an entry? + if (sqlNumRows($result) == 1) { // Entry found, so load data - $content = SQL_FETCHARRAY($result); + $content = sqlFetchArray($result); $content['access_mode'] = '{--ADMIN_ADMINS_ACCESS_MODE_' . strtoupper($content['access_mode']) . '--}'; $content['la_mode'] = '{--ADMIN_ADMINS_LA_MODE_' . strtoupper($content['la_mode']) . '--}'; @@ -425,15 +438,15 @@ function adminsDeleteAdminAccount ($postData) { $content['id'] = $id; // Load row template and switch color - $OUT .= loadTemplate('admin_delete_admins_row', true, $content); + $OUT .= loadTemplate('admin_delete_admins_row', TRUE, $content); } // END - if // Free result - SQL_FREERESULT($result); + sqlFreeResult($result); } // END - foreach // Load template - loadTemplate('admin_delete_admins', false, $OUT); + loadTemplate('admin_delete_admins', FALSE, $OUT); } else { // Cannot delete last account! displayMessage('{--ADMIN_ADMINS_CANNOT_DELETE_LAST--}'); @@ -451,11 +464,11 @@ function adminsRemoveAdminAccount ($postData) { // Delete only when it's not your own account! if (($del == 1) && (getCurrentAdminId() != $id)) { // Rewrite his tasks to all admins - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_task_system` SET `assigned_admin`=NULL WHERE `assigned_admin`=%s", + sqlQueryEscaped('UPDATE `{?_MYSQL_PREFIX?}_task_system` SET `assigned_admin`=NULL WHERE `assigned_admin`=%s', array($id), __FUNCTION__, __LINE__); // Remove account - SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", + sqlQueryEscaped('DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1', array($id), __FUNCTION__, __LINE__); } } @@ -467,7 +480,7 @@ function adminsRemoveAdminAccount ($postData) { // List all admin accounts function adminsListAdminAccounts() { // Select all admin accounts - $result = SQL_QUERY('SELECT + $result = sqlQuery('SELECT `id`, `login`, `email`, @@ -478,20 +491,20 @@ FROM ORDER BY `login` ASC', __FUNCTION__, __LINE__); $OUT = ''; - while ($content = SQL_FETCHARRAY($result)) { + while ($content = sqlFetchArray($result)) { // Compile some variables $content['access_mode'] = '{--ADMIN_ADMINS_ACCESS_MODE_' . strtoupper($content['access_mode']) . '--}'; $content['la_mode'] = '{--ADMIN_ADMINS_LA_MODE_' . strtoupper($content['la_mode']) . '--}'; // Load row template and switch color - $OUT .= loadTemplate('admin_list_admins_row', true, $content); + $OUT .= loadTemplate('admin_list_admins_row', TRUE, $content); } // END - while // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); // Load template - loadTemplate('admin_list_admins', false, $OUT); + loadTemplate('admin_list_admins', FALSE, $OUT); } // Sends out mail to all administrators @@ -504,31 +517,34 @@ function sendAdminsEmails ($subject, $template, $content, $userid) { $message = loadEmailTemplate($template, $content, $userid); // Check which admin shall receive this mail - $result = SQL_QUERY_ESC("SELECT `admin_id` FROM `{?_MYSQL_PREFIX?}_admins_mails` WHERE `mail_template`='%s' ORDER BY `admin_id` ASC", + $result = sqlQueryEscaped("SELECT `admin_id` FROM `{?_MYSQL_PREFIX?}_admins_mails` WHERE `mail_template`='%s' ORDER BY `admin_id` ASC", array($template), __FUNCTION__, __LINE__); // No entries found? - if (SQL_HASZERONUMS($result)) { - // Create new entry (to all admins) - SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins_mails` (`admin_id`,`mail_template`) VALUES (0, '%s')", - array($template), __FUNCTION__, __LINE__); + if (ifSqlHasZeroNums($result)) { + // Is ext-admins' version at least 0.7.9? + if (isExtensionInstalledAndNewer('admins', '0.7.9')) { + // Create new entry (to all admins) + sqlQueryEscaped("INSERT INTO `{?_MYSQL_PREFIX?}_admins_mails` (`admin_id`, `mail_template`) VALUES (NULL, '%s')", + array($template), __FUNCTION__, __LINE__); + } // END - if // Select all email adresses (default) - $result = SQL_QUERY('SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` ORDER BY `id` ASC', + $result = sqlQuery('SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` ORDER BY `id` ASC', __FUNCTION__, __LINE__); } else { // Load admin ids... // @TODO This can be, somehow, rewritten $adminIds = array(); - while ($content = SQL_FETCHARRAY($result)) { + while ($content = sqlFetchArray($result)) { array_push($adminIds, $content['admin_id']); } // END - while // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); // Init result - $result = false; + $result = FALSE; // "implode" ids and query string $adminId = implode(',', $adminIds); @@ -541,19 +557,22 @@ function sendAdminsEmails ($subject, $template, $content, $userid) { EVENTS_ADD_LINE($subject, $message, $userid); } else { // Log error for debug - logDebugMessage(__FUNCTION__, __LINE__, sprintf("Extension 'ext-events' missing: template=%s,subj=%s,userid=%s", + logDebugMessage(__FUNCTION__, __LINE__, sprintf('Extension ext-events missing: template=%s,subj=%s,userid=%s', $template, $subject, $userid )); } + + // Abort here as below while() loop will cause problems + return; } elseif (($adminId == '0') || (empty($adminId))) { // Select all email adresses - $result = SQL_QUERY('SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` ORDER BY `id` ASC', + $result = sqlQuery('SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` ORDER BY `id` ASC', __FUNCTION__, __LINE__); } else { // If Admin-Id is not "to-all" select - $result = SQL_QUERY_ESC("SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id` IN (%s) ORDER BY `id` ASC", + $result = sqlQueryEscaped('SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id` IN (%s) ORDER BY `id` ASC', array($adminId), __FUNCTION__, __LINE__); } } @@ -564,16 +583,16 @@ function sendAdminsEmails ($subject, $template, $content, $userid) { // Is the template a bug report? if ($template == 'admin_report_bug') { // Then set 'Reply-To:' again - $mailHeader = 'Reply-To: webmaster@mxchange.org' . chr(10); + $mailHeader = 'Reply-To: webmaster@mxchange.org' . PHP_EOL; } // END - if // Load email addresses and send away - while ($content = SQL_FETCHARRAY($result)) { + while ($content = sqlFetchArray($result)) { sendEmail($content['email'], $subject, $message, 'N', $mailHeader); } // END - while // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); } // "Getter" for current admin's expert settings @@ -593,20 +612,20 @@ function getAminsExpertSettings () { incrementStatsEntry('cache_hits'); } elseif (!isExtensionInstalled('cache')) { // Load from database - $result = SQL_QUERY_ESC("SELECT `expert_settings` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", + $result = sqlQueryEscaped('SELECT `expert_settings` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1', array($adminId), __FUNCTION__, __LINE__); // Entry found? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Fetch data - $data = SQL_FETCHARRAY($result); + $data = sqlFetchArray($result); // Set cache $GLOBALS['cache_array']['admin']['expert_settings'][$adminId] = $data['expert_settings']; } // END - if // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); } // Return the result @@ -630,20 +649,20 @@ function getAminsExpertWarning () { incrementStatsEntry('cache_hits'); } elseif (!isExtensionInstalled('cache')) { // Load from database - $result = SQL_QUERY_ESC("SELECT `expert_warning` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", + $result = sqlQueryEscaped('SELECT `expert_warning` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1', array($adminId), __FUNCTION__, __LINE__); // Entry found? - if (SQL_NUMROWS($result) == 1) { + if (sqlNumRows($result) == 1) { // Fetch data - $data = SQL_FETCHARRAY($result); + $data = sqlFetchArray($result); // Set cache $GLOBALS['cache_array']['admin']['expert_warning'][$adminId] = $data['expert_warning']; } // END - if // Free memory - SQL_FREERESULT($result); + sqlFreeResult($result); } // Return the result @@ -669,17 +688,17 @@ function getAdminLoginFailures ($adminId) { incrementStatsEntry('cache_hits'); } elseif (!isExtensionActive('cache')) { // Load from database - $result = SQL_QUERY_ESC("SELECT `login_failures` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", + $result = sqlQueryEscaped('SELECT `login_failures` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1', array($adminId), __FUNCTION__, __LINE__); - // Do we have an entry? - if (SQL_NUMROWS($result) == 1) { + // Is there an entry? + if (sqlNumRows($result) == 1) { // Get it - $data = SQL_FETCHARRAY($result); + $data = sqlFetchArray($result); } // END - if // Free result - SQL_FREERESULT($result); + sqlFreeResult($result); } // Return the login_failures @@ -705,17 +724,17 @@ function getAdminLastFailure ($adminId) { incrementStatsEntry('cache_hits'); } elseif (!isExtensionActive('cache')) { // Load from database - $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`last_failure`) AS `last_failure` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", + $result = sqlQueryEscaped('SELECT UNIX_TIMESTAMP(`last_failure`) AS `last_failure` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1', array($adminId), __FUNCTION__, __LINE__); - // Do we have an entry? - if (SQL_NUMROWS($result) == 1) { + // Is there an entry? + if (sqlNumRows($result) == 1) { // Get it - $data = SQL_FETCHARRAY($result); + $data = sqlFetchArray($result); } // END - if // Free result - SQL_FREERESULT($result); + sqlFreeResult($result); } // Return the last_failure @@ -731,5 +750,10 @@ function isAdminsExpertWarningEnabled () { return (getAminsExpertWarning() == 'Y'); } +// Wrapper function to check whether expert setting is enabled +function isAdminsExpertSettingEnabled () { + return (getAminsExpertSettings() == 'Y'); +} + // [EOF] ?>