X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=078d9027d8fdddb6b14cd1019fbe6bc08d949eb4;hb=80e2def8ef2125fd4d7d1312ee3993ab613f0846;hp=385f7375d9e220eae2883a071cf78b17ec2886e1;hpb=0e899620c7a065952d6787c236fb2b33ae337d6a;p=mailer.git diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 385f7375d9..078d9027d8 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -39,20 +39,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // -function REGISTER_ADMIN ($user, $md5) +function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER) { $ret = "failed"; $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($user), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 0) - { + if (SQL_NUMROWS($result) == 0) { // Ok, let's create the admin login - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')", - array($user, $md5), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')", + array($user, $md5, $email), __FILE__, __LINE__); $ret = "done"; - } - else - { + } else { // Free memory SQL_FREERESULT($result); @@ -66,35 +63,30 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { global $cacheArray, $_CONFIG, $cacheInstance; $ret = "404"; $pass = ""; - if (!empty($cacheArray['admins']['aid'][$admin_login])) - { + if (!empty($cacheArray['admins']['aid'][$admin_login])) { // Get password from cache $pass = $cacheArray['admins']['password'][$admin_login]; $ret = "pass"; $_CONFIG['cache_hits']++; - } - else - { + } else { // Get password from DB $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { $ret = "pass"; list($pass) = SQL_FETCHROW($result); SQL_FREERESULT($result); } } - //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."
"; - if ((strlen($pass) == 32) && ($pass == md5($password))) - { + //* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."
"; + if ((strlen($pass) == 32) && ($pass == md5($password))) { // Generate new hash $pass = generateHash($password); - if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done"; - } - elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) - { + + // Is the sql_patches not installed, than we cannot have a valid hashed password here! + if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done"; + } elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) { // Old hashing way return $ret; } @@ -104,28 +96,60 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) $salt = __SALT; // Check if password is same - if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) - { + //* DEBUG: */ echo "*".$ret.",".$pass.",".$password.",".$salt."*
\n"; + if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) { + // Change the passord hash here + $pass = generateHash($password); + // Update password $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", array($pass, $admin_login), __FILE__, __LINE__); // Shall I remove the cache file? - if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) - { + if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) { if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy(); } - // Password matches! - $ret = "done"; - } - elseif ((empty($salt)) && ($ret == "pass")) - { + // Login has failed by default... ;-) + $ret = "failed"; + + // Password matches so login here + if (LOGIN_ADMIN($admin_login, $pass)) { + // All done now + $ret = "done"; + } + } elseif ((empty($salt)) && ($ret == "pass")) { // Something bad went wrong $ret = "failed"; + } elseif ($ret == "done") { + // Try to login here if we have the old hashing way (sql_patches not installed?) + if (!LOGIN_ADMIN($admin_login, $pass)) { + // Something went wrong + $ret = "failed"; + } } + + // Return the result + //* DEBUG: */ die("RETURN=".$ret); return $ret; } + +// Try to login the admin by setting some session/cookie variables +function LOGIN_ADMIN ($adminLogin, $passHash) { + // Now set all session variables and return the result + return ( + ( + set_session("admin_md5", generatePassString($passHash)) + ) && ( + set_session("admin_login", $adminLogin) + ) && ( + set_session("admin_last", time()) + ) && ( + set_session("admin_to", $_POST['timeout']) + ) + ); +} + // Only be executed on cookie checking function CHECK_ADMIN_COOKIES ($admin_login, $password) { global $cacheArray, $_CONFIG; @@ -140,16 +164,21 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { + // Entry found $ret = "pass"; + + // Fetch password list($pass) = SQL_FETCHROW($result); - SQL_FREERESULT($result); } + + // Free result + SQL_FREERESULT($result); } - //* DEBUG: */ echo "*".$pass."/".$password."
"; + //* DEBUG: */ echo __FUNCTION__.":".$pass."(".strlen($pass).")/".$password."(".strlen($password).")
\n"; // Check if password matches - if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password))) { + if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) { // Passwords matches! $ret = "done"; } @@ -158,70 +187,79 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { return $ret; } // -function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) -{ - $done = false; $seek++; $found = false; - if (file_exists($file)) - { +function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) { + // Initialize some variables + $done = false; + $seek++; + $found = false; + + // Is the file there and read-/write-able? + if ((FILE_READABLE($file)) && (is_writeable($file))) { $search = "CFG: ".$comment; $tmp = $file.".tmp"; - $fp = fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); - if ($fp) - { - $fp_tmp = fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); - if ($fp_tmp) - { - while (! feof($fp)) - { + + // Open the source file + $fp = @fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); + + // Is the resource valid? + if (is_resource($fp)) { + // Open temporary file + $fp_tmp = @fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); + + // Is the resource again valid? + if (is_resource($fp_tmp)) { + while (!feof($fp)) { + // Read from source file $line = fgets ($fp, 1024); + if (strpos($line, $search) > -1) { $next = 0; $found = true; } - if ($next > -1) - { - if ($next == $seek) - { + + if ($next > -1) { + if ($next == $seek) { $next = -1; $line = $prefix . $DATA . $suffix."\n"; - } - else - { + } else { $next++; } } + + // Write to temp file fputs($fp_tmp, $line); } + + // Close temp file fclose($fp_tmp); + // Finished writing tmp file $done = true; } + + // Close source file fclose($fp); - if (($done) && ($found)) - { + + if (($done) && ($found)) { // Copy back tmp file and delete tmp :-) @copy($tmp, $file); @unlink($tmp); - define ('_FATAL', false); - } - elseif (!$found) - { + define('_FATAL', false); + } elseif (!$found) { OUTPUT_HTML("CHANGE: 404!"); - define ('_FATAL', true); - } - else - { + define('_FATAL', true); + } else { OUTPUT_HTML("TMP: UNDONE!"); - define ('_FATAL', true); + define('_FATAL', true); } } - } - else - { + } else { + // File not found, not readable or writeable OUTPUT_HTML("404: ".$file."
"); } } + // function ADMIN_DO_ACTION($wht) { - global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $link, $DATA; + global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $DATA, $DEPTH; //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*
\n"; if (EXT_IS_ACTIVE("cache")) { @@ -245,7 +283,7 @@ function ADMIN_DO_ACTION($wht) $act = GET_ACTION($GLOBALS['module'], $wht); // Define admin login name and ID number - define('__ADMIN_LOGIN', SQL_ESCAPE(get_session('admin_login'))); + define('__ADMIN_LOGIN', get_session('admin_login')); define('__ADMIN_ID' , GET_ADMIN_ID(get_session('admin_login'))); // Preload templates @@ -262,7 +300,7 @@ function ADMIN_DO_ACTION($wht) // Check if action/what pair is valid $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu -WHERE action='%s' AND ((what='%s' AND what != 'overview') OR (what='' AND '%s'='overview')) +WHERE action='%s' AND ((what='%s' AND what != 'overview') OR ((what='' OR what IS NULL) AND '%s'='overview')) LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -270,8 +308,8 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); SQL_FREERESULT($result); // Is valid but does the inlcude file exists? - $INC = sprintf(PATH."inc/modules/admin/action-%s.php", $act); - if ((file_exists($INC)) && (is_readable($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) + $INC = sprintf("%sinc/modules/admin/action-%s.php", PATH, $act); + if ((FILE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) { // Ok, we finally load the admin action module include($INC); @@ -300,7 +338,7 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); // function ADD_ADMIN_MENU($act, $wht,$return=false) { - global $menuDesription, $menuTitle, $link; + global $menuDesription, $menuTitle; $SUB = false; // Menu descriptions @@ -308,7 +346,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $menuTitle = array(); // Build main menu - $result_main = SQL_QUERY("SELECT action, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE what='' ORDER BY sort, id DESC", __FILE__, __LINE__); + $result_main = SQL_QUERY("SELECT action, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) ORDER BY sort, id DESC", __FILE__, __LINE__); $OUT = ""; if (SQL_NUMROWS($result_main) > 0) { @@ -334,24 +372,24 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $menuDesription[$menu] = $descr; } $OUT .= " - -  · "; - if (($menu == $act) && (empty($wht))) + +  · "; + if (($menu == $act) && (empty($wht))) { $OUT .= ""; } else { - $OUT .= "[ "; + $OUT .= "["; } $OUT .= $title; - if (($menu == $act) && (empty($wht))) + if (($menu == $act) && (empty($wht))) { $OUT .= ""; } else { - $OUT .= " ]"; + $OUT .= "]"; } $OUT .= " \n"; @@ -362,13 +400,13 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $menuDesription = array(); $menuTitle = array(); $SUB = true; $OUT .= " -   - - \n"; - while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) + + + \n"; } $OUT .= "\n"; @@ -451,7 +489,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) } } // -function ADD_MEMBER_SELECTION_BOX($add_all = false, $return = false, $none = false, $def = "0") +function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $none=false) { // Output selection form with all confirmed user accounts listed $result = SQL_QUERY("SELECT userid, surname, family FROM "._MYSQL_PREFIX."_user_data ORDER BY userid", __FILE__, __LINE__); @@ -470,45 +508,42 @@ function ADD_MEMBER_SELECTION_BOX($add_all = false, $return = false, $none = fal // Free memory SQL_FREERESULT($result); - // Remeber options in constant - define('_MEMBER_SELECTION', $OUT); + if (!$return) { + // Remeber options in constant + define('_MEMBER_SELECTION', $OUT); - if (!$return) - { // Display selection box define('__LANG_VALUE', GET_LANGUAGE()); // Load template LOAD_TEMPLATE("admin_member_selection_box", false, $GLOBALS['what']); + } else { + // Return content + return "\n"; } } // -function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") -{ +function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") { $wht = "what != ''"; - if ($MODE == "action") $wht = "what='' AND action !='login'"; + if ($MODE == "action") $wht = "(what='' OR what IS NULL) AND action !='login'"; $result = SQL_QUERY_ESC("SELECT %s, title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$wht." ORDER BY sort", array($MODE), __FILE__, __LINE__); - if (SQL_NUMROWS($result) > 0) - { + if (SQL_NUMROWS($result) > 0) { // Load menu as selection $OUT = "\n"; - } - else - { + } else { // No menus??? $OUT = ADMIN_PROBLEM_NO_MENU; } @@ -516,41 +551,20 @@ function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") // Return output return $OUT; } -// -function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="config=0", $translateComma = array(), $alwaysAdd=false) -{ +// Save settings to the database +function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="config=0", $translateComma=array(), $alwaysAdd=false) { global $_CONFIG, $cacheArray, $cacheInstance; + + // Prepare all arrays, variables $DATA = array(); - $skip = false; $TEST2 = ""; - foreach ($POST as $id=>$val) { + $skip = false; + + // Now, walk through all entries and prepare them for saving + foreach ($POST as $id => $val) { // Process only formular field but not submit buttons ;) if ($id != "ok") { // Do not save the ok value - $TEST = substr($id, -3); - if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (isset($val))) { - // Found a multi-selection for timings? - $TEST = substr($id, 0, -3); - if ((isset($POST[$TEST."_ye"])) && (isset($POST[$TEST."_mo"])) && (isset($POST[$TEST."_we"])) && (isset($POST[$TEST."_da"])) && (isset($POST[$TEST."_ho"])) && (isset($POST[$TEST."_mi"])) && (isset($POST[$TEST."_se"])) && ($TEST != $TEST2)) { - // Generate timestamp - $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST); - $DATA[] = "$TEST='".$POST[$TEST]."'"; - - // Remove data from array - unset($POST[$TEST."_ye"]); - unset($POST[$TEST."_mo"]); - unset($POST[$TEST."_we"]); - unset($POST[$TEST."_da"]); - unset($POST[$TEST."_ho"]); - unset($POST[$TEST."_mi"]); - unset($POST[$TEST."_se"]); - - // Skip adding - unset($id); $skip = true; $TEST2 = $TEST; - } - } else { - // Process this entry - $skip = false; $TEST2 = ""; - } + CONVERT_SELECTIONS_TO_TIMESTAMP($POST, $DATA, $id, $skip); // Shall we process this ID? It muss not be empty, of course if ((!$skip) && (!empty($id))) { @@ -561,7 +575,7 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con if ((is_array($translateComma)) && (in_array($id, $translateComma))) { // Then do it here... :) $val = str_replace(",", ".", $val); - } + } // END - if // Shall we add numbers or strings? $test = (float)$val; @@ -575,9 +589,9 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con // Update current configuration $_CONFIG[$id] = $val; - } - } - } + } // END - if + } // END - if + } // END - foreach // Check if entry does exist $result = false; @@ -587,7 +601,7 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con } else { $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$tableName." LIMIT 1", __FILE__, __LINE__); } - } + } // END - if if (SQL_NUMROWS($result) == 1) { // "Implode" all data to single string @@ -602,7 +616,7 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con // Split up $line = explode("=", $entry); $KEYs[] = $line[0]; $VALUEs[] = $line[1]; - } + } // END - foreach // Add both in one line $KEYs = implode(", ", $KEYs); @@ -623,76 +637,78 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con // Remove it here... if ($cacheInstance->cache_file("config", true)) $cacheInstance->cache_destroy(); unset($cacheArray); - } + } // END - if // Settings saved LOAD_TEMPLATE("admin_settings_saved", false, "".SETTINGS_SAVED.""); } // function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") { + // Open the requested menu directory + $handle = opendir(sprintf("%sinc/modules/%s/", PATH, $menu)) or mxchange_die("Cannot load menu ".$menu."!"); + // Init the selection box $OUT = "\n"; return $OUT; } // -function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user") -{ - if (($title == "") && ($title != "0")) { $title = $uid; } - if (($title == "0") && ($wht == "list_refs")) - { +function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user") { + if (($title == "") && ($title != "0")) { + // Set userid as title + $title = $uid; + } // END - if + + if (($title == "0") && ($wht == "list_refs")) { // Return title again return $title; - } + } // END - if //* DEBUG: */ echo "A:".$title."
"; // Return link return "".$title.""; } // -function ADMIN_CHECK_MENU_MODE() -{ +function ADMIN_CHECK_MENU_MODE() { global $_CONFIG, $cacheArray; // Set the global mode as the mode for all admins $MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE; // Check individual settings of current admin - if (isset($cacheArray['admins']['la_mode'][get_session('admin_login')])) - { + if (isset($cacheArray['admins']['la_mode'][get_session('admin_login')])) { // Load from cache $ADMIN = $cacheArray['admins']['la_mode'][get_session('admin_login')]; $_CONFIG['cache_hits']++; - } - elseif (GET_EXT_VERSION("admins") >= "0.6.7") - { + } elseif (GET_EXT_VERSION("admins") >= "0.6.7") { // Load from database when version of "admins" is enough $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array(get_session('admin_login')), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { // Load data list($ADMIN) = SQL_FETCHROW($result); } @@ -710,27 +726,27 @@ function ADMIN_CHECK_MENU_MODE() // Change activation status function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { global $_CONFIG; - $cnt = 0; $newStatus = 'Y'; + $cnt = 0; $newStatus = "Y"; if ((is_array($IDs)) && (count($IDs) > 0)) { // "Walk" all through and count them - foreach ($IDs as $id=>$selected) { + foreach ($IDs as $id => $selected) { // Secure the ID number $id = bigintval($id); // Should always be 1 ;-) if ($selected == 1) { // Determine new status - $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1", array($row, $table, $idRow, $id), __FILE__, __LINE__); // Row found? if (SQL_NUMROWS($result) == 1) { // Load the status list($currStatus) = SQL_FETCHROW($result); - if ($currStatus == 'Y') $newStatus='N'; else $newStatus = 'Y'; + if ($currStatus == "Y") $newStatus='N'; else $newStatus = "Y"; // Change this status - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%d LIMIT 1", + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%s LIMIT 1", array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__); // Count up affected rows @@ -749,57 +765,351 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NOTHING_SELECTED_CHANGE); } } -// Delete rows by given ID numbers -function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $row, $columns = array(), $filterFunctions = array(), $deleteNow=false, $idRow="id") { +// Build a special template list +function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn) { global $_CONFIG; $OUT = ""; $SW = 2; - if ((is_array($IDs)) && (count($IDs) > 0)) { - // "Walk" through all entries and count them + + // "Walk" through all entries + foreach ($IDs as $id => $selected) { + // Secure ID number + $id = bigintval($id); + + // Will always be 1 ;-) + if ($selected == 1) { + // Get result from a given column array and table name + $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id); + + // Is there one entry? + if (SQL_NUMROWS($result) == 1) { + // Load all data + $content = SQL_FETCHARRAY($result); + + // Filter all data + foreach ($content as $key => $value) { + // Search index + $idx = array_search($key, $columns, true); + + // Do we have a userid? + if ($key == "userid") { + // Add it again as raw id + $content['uid'] = bigintval($value); + } // END - if + + // Handle the call in external function + $content[$key] = HANDLE_EXTRA_VALUES($filterFunctions[$idx], $value, $extraValues[$idx]); + } // END - foreach + + // Add color switching + $content['sw'] = $SW; + + // Then list it + $OUT .= LOAD_TEMPLATE("admin_".$listType."_".$table."_row", true, $content); + + // Switch color + $SW = 3 - $SW; + } // END - if + + // Free the result + SQL_FREERESULT($result); + } // END - if + } // END - foreach + + // Load master template + LOAD_TEMPLATE("admin_".$listType."_".$table."", false, $OUT); +} +// Delete rows by given ID numbers +function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $deleteNow=false, $idColumn="id", $userIdColumn="userid") { + // All valid entries? (We hope so here!) + if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + // Shall we delete here or list for deletion? if ($deleteNow) { // Delete them - } else { - // List for confirmation - foreach ($IDs as $id=>$selected) { - // Secure ID number - $id = bigintval($id); - - // Will always be 1 ;-) - if ($selected == 1) { - // Get result from a given column array and table name - $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idRow, $id); - - // Is there one entry? - if (SQL_NUMROWS($result) == 1) { - // Load all data - $content = SQL_FETCHARRAY($result); - - // Filter all data - foreach ($content as $key=>$value) { - // Is a filter function set? - $idx = array_search($key, $columns, true); - if (!empty($filterFunctions[$idx])) { - // Then call it! - $content[$key] = call_user_func($filterFunctions[$idx], $value); - } - } + $SQL = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_%s WHERE %s IN (%s)"; + $idList = ""; + foreach ($IDs as $id => $sel) { + // Is there a userid? + if (isset($_POST['uid'][$id])) { + // Load all data from that id + $result = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1", + array($table, $idColumn, $id), __FILE__, __LINE__); + + // Fetch the data + $content = SQL_FETCHARRAY($result); + + // Free the result + SQL_FREERESULT($result); + + // Do we have a *real* userid? + if ($_POST['uid'][$id] > 0) { + // Generate subject + $eval = "\$subject = MEMBER_DEL_".strtoupper($table)."_SUBJECT;"; + eval($eval); + + // Load email template + $mail = LOAD_EMAIL_TEMPLATE("member_del_".$table, $content); - // Add color switching - $content['sw'] = $SW; + // Send email out + SEND_EMAIL($_POST['uid'][$id], $subject, $mail); + } // END - if - // Then list it again... - $OUT .= LOAD_TEMPLATE("admin_del_".$table."_row", true, $content); - $SW = 3 - $SW; + // Generate subject + $eval = "\$subject = ADMIN_DEL_".strtoupper($table)."_SUBJECT;"; + eval($eval); + + // Send admin notification out + SEND_ADMIN_NOTIFICATION($subject, "admin_del_".$table, $content, $_POST['uid'][$id]); + } // END - if + + // Add id number + $idList .= $id.","; + } // END - if + + // Run the query + SQL_QUERY($SQL, array($table, $idColumn, substr($idList, 0, -1)), __FILE__, __LINE__); + + // Was this fine? + if (SQL_AFFECTEDROWS() == count($IDs)) { + // All deleted + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ALL_ENTRIES_REMOVED); + } else { + // Some are still there :( + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(ADMIN_SOME_ENTRIES_NOT_DELETED, SQL_AFFECTEDROWS(), count($IDs))); + } + } else { + // List for deletion confirmation + ADMIN_BUILD_LIST("del", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + } + } // END - if +} +// Edit rows by given ID numbers +function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $editNow=false, $idColumn="id", $userIdColumn="userid") { + // All valid entries? (We hope so here!) + if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + // Shall we change here or list for editing? + if ($editNow) { + // Change them all + $affected = 0; + foreach ($IDs as $id => $sel) { + // Prepare content array (new values) + $content = array(); + + // Prepare SQL for this row + $SQL = "UPDATE "._MYSQL_PREFIX."_".$table." SET"; + foreach ($_POST as $key => $entries) { + // Skip raw userid which is always invalid + if ($key == "uid_raw") { + // Continue with next field + continue; + } // END - if + + // Is entries an array? + if (($key != $idColumn) && (is_array($entries)) && (isset($entries[$id]))) { + // Add this entry to content + $content[$key] = $entries[$id]; + + // Send data through the filter function if found + if ((isset($filterFunctions[$key])) && (isset($extraValues[$key]))) { + // Filter function set! + $entries[$id] = HANDLE_EXTRA_VALUES($filterFunctions[$key], $entries[$id], $extraValues[$key]); + } // END - if + + // Then add this value + $SQL .= sprintf(" %s='%s',", + SQL_ESCAPE($key), + SQL_ESCAPE($entries[$id]) + ); + } elseif (($key != $idColumn) && (!is_array($entries))) { + // Add normal entries as well! + $content[$key] = $entries; } - // Free the result - SQL_FREERESULT($result); + // Do we have an URL? + if ($key == "url") { + // Then add a framekiller test as well + $content['frametester'] = FRAMETESTER($content[$key]); + } // END - if } - } + $SQL = substr($SQL, 0, -1) . " WHERE ".$idColumn."=".$id." LIMIT 1"; - // Load master template - LOAD_TEMPLATE("admin_del_".$table."", false, $OUT); + // Run this query + SQL_QUERY($SQL, __FILE__, __LINE__); + + // Add affected rows + $affected += SQL_AFFECTEDROWS(); + + // Load all data from that id + $result = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1", + array($table, $idColumn, $id), __FILE__, __LINE__); + + // Fetch the data + global $DATA; + $DATA = SQL_FETCHARRAY($result); + + // Free the result + SQL_FREERESULT($result); + + // Is a raw user id set? + if ((isset($_POST['uid_raw'][$id])) && ($_POST['uid_raw'][$id] > 0)) { + // Generate subject + $eval = "\$subject = MEMBER_EDIT_".strtoupper($table)."_SUBJECT;"; + eval($eval); + + // Load email template + $mail = LOAD_EMAIL_TEMPLATE("member_edit_".$table, $content); + + // Send email out + SEND_EMAIL($_POST['uid_raw'][$id], $subject, $mail); + } // END - if + + // Generate subject + $eval = "\$subject = ADMIN_EDIT_".strtoupper($table)."_SUBJECT;"; + eval($eval); + + // Send admin notification out + SEND_ADMIN_NOTIFICATION($subject, "admin_edit_".$table, $content, $_POST['uid_raw'][$id]); + } // END - foreach + + // Was this fine? + if ($affected == count($IDs)) { + // All deleted + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ALL_ENTRIES_EDITED); + } else { + // Some are still there :( + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(ADMIN_SOME_ENTRIES_NOT_EDITED, $affected, count($IDs))); + } + } else { + // List for editing + ADMIN_BUILD_LIST("edit", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } + } // END - if +} +// Checks proxy settins by fetching check-updates3.php from www.mxchange.org +function ADMIN_TEST_PROXY_SETTINGS ($settingsArray) { + global $_CONFIG; + + // By default they are invalid + $valid = false; + + // Set temporary the new settings + $_CONFIG = array_merge($_CONFIG, $settingsArray); + + // Now get the test URL + $content = GET_URL("check-updates3.php"); + + // Is the first line with "200 OK"? + $valid = eregi("200 OK", $content[0]); + + // Return result + return $valid; +} +// Sends out a link to the given email adress so the admin can reset his/her password +function ADMIN_SEND_PASSWORD_RESET_LINK ($email) { + global $_CONFIG; + // Init output + $OUT = ""; + + // Compile out security characters (must be for looking up!) + $email = COMPILE_CODE($email); + + // Look up administator login + $result = SQL_QUERY_ESC("SELECT id, login, password FROM "._MYSQL_PREFIX."_admins WHERE email='%s' LIMIT 1", + array($email), __FILE__, __LINE__); + + // Is there an account? + if (SQL_NUMROWS($result) == 0) { + // No account found! + return ADMIN_NO_LOGIN_WITH_EMAIL; + } // END - if + + // Load all data + $content = SQL_FETCHARRAY($result); + + // Free result + SQL_FREERESULT($result); + + // Generate hash for reset link + $content['hash'] = generateHash(URL.":".$content['id'].":".$content['login'].":".$content['password'], substr($content['password'], 10)); + + // Remove some data + unset($content['id']); + unset($content['password']); + + // Prepare email + $mailText = LOAD_EMAIL_TEMPLATE("admin_reset_password", $content); + + // Send it out + SEND_EMAIL($email, ADMIN_RESET_PASS_LINK_SUBJ, $mailText); + + // Prepare output + return ADMIN_RESET_LINK_SENT; +} +// Validate hash and login for password reset +function ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN ($hash, $login) { + // By default nothing validates... ;) + $valid = false; + + // Compile the login for lookup + $login = COMPILE_CODE($login); + + // Then try to find that user + $result = SQL_QUERY_ESC("SELECT id, password, email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", + array($login), __FILE__, __LINE__); + + // Is an account here? + if (SQL_NUMROWS($result) == 1) { + // Load all data + $content = SQL_FETCHARRAY($result); + + // Generate hash again + $hashFromData = generateHash(URL.":".$content['id'].":".$login.":".$content['password'], substr($content['password'], 10)); + + // Does both match? + $valid = ($hash == $hashFromData); + } // END - if + + // Free result + SQL_FREERESULT($result); + + // Return result + return $valid; +} +// Reset the password for the login. Do NOT call this function without calling above function first! +function ADMIN_RESET_PASSWORD ($login, $password) { + // Init hash + $passHash = ""; + + // Now check if we have sql_patches installed + if (GET_EXT_VERSION("sql_patches") >= "0.3.6") { + // Use new way of hashing + $passHash = generateHash($password); + } else { + // Old MD5 method + $passHash = md5($password); } + + // Update database + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", + array($passHash, $login), __FILE__, __LINE__); + + // Return output + return ADMIN_PASSWORD_RESET_DONE; +} +// Solves a task by given id number +function ADMIN_SOLVE_TASK ($id) { + // Update the task data + ADMIN_UPDATE_TASK_DATA($id, "status", "SOLVED"); +} +// Marks a given task as deleted +function ADMIN_DELETE_TASK ($id) { + // Update the task data + ADMIN_UPDATE_TASK_DATA($id, "status", "DELETED"); +} +// Function to update task data +function ADMIN_UPDATE_TASK_DATA ($id, $row, $data) { + // Update the task + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET %s='%s' WHERE id=%s LIMIT 1", + array($row, $data, bigintval($id)), __FILE__, __LINE__); } // ?>
  + \n"; + while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) { // Filename - $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $wht_sub); + $INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $wht_sub); if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) { $ACL = ADMINS_CHECK_ACL("", $wht_sub); @@ -378,15 +416,15 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) // ACL is "allow"... hmmm $ACL = true; } - $readable = ((file_exists($INC)) && (is_readable($INC))); + $readable = FILE_READABLE($INC); if ($ACL) { // Insert compiled title and description $menuTitle[$wht_sub] = $title_what; $menuDesription[$wht_sub] = $desc_what; $OUT .= " -
-  --> "; + +  --> "; if ($readable) { if ($wht == $wht_sub) @@ -395,7 +433,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) } else { - $OUT .= "[ "; + $OUT .= "["; } } else @@ -411,7 +449,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) } else { - $OUT .= " ]"; + $OUT .= "]"; } } else @@ -426,7 +464,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) // Free memory SQL_FREERESULT($result_what); $OUT .= "
-