X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Flibs%2Fadmins_functions.php;h=8b017261f81a614e696687ec01c20875ac24683b;hb=700bc24c3ab00d51273e93cdc816e177bac34aa5;hp=d4ced65b01a0e87bb6b2b575251a1fec9b6dc33f;hpb=ab6e23979a94ee3f68efca58da90137e88a95236;p=mailer.git diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index d4ced65b01..8b017261f8 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -49,22 +49,22 @@ function ADMINS_CHECK_ACL($act, $wht) { $ret = false; // Get admin's defult access right - if (!empty($cacheArray['admins']['def_acl'][$_SESSION['admin_login']])) { + if (!empty($cacheArray['admins']['def_acl'][get_session('admin_login')])) { // Load from cache - $default = $cacheArray['admins']['def_acl'][$_SESSION['admin_login']]; + $default = $cacheArray['admins']['def_acl'][get_session('admin_login')]; // Count cache hits $_CONFIG['cache_hits']++; } elseif (!is_object($cacheInstance)) { // Load from database $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array($_SESSION['admin_login']), __FILE__, __LINE__); + array(get_session('admin_login')), __FILE__, __LINE__); list($default) = SQL_FETCHROW($result); SQL_FREERESULT($result); } // Get admin's ID - $aid = GET_ADMIN_ID($_SESSION['admin_login']); + $aid = GET_ADMIN_ID(get_session('admin_login')); if (!empty($wht)) { // Check for parent menu: @@ -119,11 +119,11 @@ function ADMINS_CHECK_ACL($act, $wht) { if (!empty($act)) { // Main menu - $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' LIMIT 1", array(bigintval($aid), $act), __FILE__, __LINE__); } elseif (!empty($wht)) { // Sub menu - $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND what_menu='%s' LIMIT 1", array(bigintval($aid), $wht), __FILE__, __LINE__); } @@ -195,21 +195,21 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) { if (!empty($POST['pass1'][$id])) $ADD = sprintf(", password='%s'", SQL_ESCAPE($hash)); // Get admin's ID - $salt = substr(GET_ADMIN_HASH($_SESSION['admin_login']), 0, -40); - $aid = GET_ADMIN_ID($_SESSION['admin_login']); + $salt = substr(GET_ADMIN_HASH(get_session('admin_login')), 0, -40); + $aid = GET_ADMIN_ID(get_session('admin_login')); // Rewrite cookie when it's own account if ($aid == $id) { // Set timeout cookie set_session("admin_last", time()); - if ($login != $_SESSION['admin_login']) { + if ($login != get_session('admin_login')) { // Update login cookie set_session("admin_login", $login); // Update password cookie as well? if (!empty($ADD)) set_session("admin_md5", $hash); - } elseif (generateHash($POST['pass1'][$id], $salt) != $_SESSION['admin_md5']) { + } elseif (generateHash($POST['pass1'][$id], $salt) != get_session('admin_md5')) { // Update password cookie set_session("admin_md5", $hash); } @@ -218,7 +218,7 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) { // Get default ACL from admin to check if we can allow him to change the default ACL $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array($_SESSION['admin_login']), __FILE__, __LINE__); + array(get_session('admin_login')), __FILE__, __LINE__); list($default) = SQL_FETCHROW($result); // Free result @@ -232,7 +232,7 @@ login='%s'".$ADD.", email='%s', default_acl='%s', la_mode='%s' -WHERE id=%d LIMIT 1", +WHERE id=%s LIMIT 1", array( $login, $POST['email'][$id], @@ -246,7 +246,7 @@ WHERE id=%d LIMIT 1", login='%s'".$ADD.", email='%s', la_mode='%s' -WHERE id=%d LIMIT 1", +WHERE id=%s LIMIT 1", array( $login, $POST['email'][$id], @@ -283,7 +283,7 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) { $id = bigintval($id); // Get the admin's data - $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); if ((SQL_NUMROWS($result) == 1) && ($sel == 1)) { // Entry found @@ -329,7 +329,7 @@ function ADMINS_DELETE_ADMIN_ACCOUNTS ($POST) { $id = bigintval($id); // Get the admin's data - $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Entry found @@ -368,13 +368,13 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) { $id = bigintval($id); // Delete only when it's not your own account! - if (($del == 1) && (GET_ADMIN_ID($_SESSION['admin_login']) != $id)) { + if (($del == 1) && (GET_ADMIN_ID(get_session('admin_login')) != $id)) { // Rewrite his tasks to all admins $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'", array($id), __FILE__, __LINE__); // Remove account - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1", + $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", array($id), __FILE__, __LINE__); $cacheInstance_UPDATE = "1";