X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=126e4dd5beff94265cf4f025fa1735d47e6d114d;hb=7831e749e7590c640837bda20512fd6dbc5bb966;hp=76d9c6666c1b3979292b222b13ea4f75786613b0;hpb=fd4bf800943a932696a2d2c25f702a771c2c3cf9;p=mailer.git
diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 76d9c6666c..126e4dd5be 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -14,11 +14,9 @@
* $Date:: $ *
* $Tag:: 0.2.1-FINAL $ *
* $Author:: $ *
- * Needs to be in all Files and every File needs "svn propset *
- * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009, 2010 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2011 by Mailer Developer Team *
* For more information visit: http://www.mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -52,7 +50,7 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
array($adminLogin), __FUNCTION__, __LINE__);
// Is the entry there?
- if (SQL_NUMROWS($result) == '0') {
+ if (SQL_HASZERONUMS($result)) {
// Ok, let's create the admin login
SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
array(
@@ -74,32 +72,40 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
// This function will be executed when the admin is not logged in and has submitted his login data
function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) {
- // First of all, no admin login is found
+ // First of all, no admin login is found, so the admin hash is null
$ret = '404';
+ $adminHash = null;
- // Then we need to lookup the login name by getting the admin hash
- $adminHash = getAdminHash($adminLogin);
+ // Get admin id from login
+ $adminId = getAdminId($adminLogin);
- // If this is fine, we can continue
- if ($adminHash != '-1') {
- // Get admin id and set it as current
- setCurrentAdminId(getAdminId($adminLogin));
+ // Continue only with found admin ids
+ if ($adminId > 0) {
+ // Then we need to lookup the login name by getting the admin hash
+ $adminHash = getAdminHash($adminId);
- // Now, we need to encode the password in the same way the one is encoded in database
- $testHash = generateHash($adminPassword, $adminHash);
+ // If this is fine, we can continue
+ if ($adminHash != '-1') {
+ // Get admin id and set it as current
+ setCurrentAdminId($adminId);
- // If they both match, the login data is valid
- if ($testHash == $adminHash) {
- // All fine
- $ret = 'done';
- } else {
- // Set status
- $ret = 'pass';
- }
+ // Now, we need to encode the password in the same way the one is encoded in database
+ $testHash = generateHash($adminPassword, $adminHash);
+
+ // If they both match, the login data is valid
+ if ($testHash == $adminHash) {
+ // All fine
+ $ret = 'done';
+ } else {
+ // Set status
+ $ret = 'password';
+ }
+ } // END - if
} // END - if
// Prepare data array
$data = array(
+ 'id' => $adminId,
'login' => $adminLogin,
'plain_pass' => $adminPassword,
'pass_hash' => $adminHash
@@ -124,7 +130,7 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) {
if ($adminHash != '-1') {
// Now, we need to encode the password in the same way the one is encoded in database
$testHash = encodeHashForCookie($adminHash);
- //* DEBUG: */ outputHtml('adminLogin='.$adminLogin.',
passHash='.$passHash.',
adminHash='.$adminHash.',
testHash='.$testHash.'
');
+ //* DEBUG: */ debugOutput('adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash);
// If they both match, the login data is valid
if ($testHash == $passHash) {
@@ -132,12 +138,12 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) {
$ret = 'done';
} else {
// Set status
- $ret = 'pass';
+ $ret = 'password';
}
} // END - if
// Return status
- //* DEBUG: */ outputHtml('ret='.$ret);
+ //* DEBUG: */ debugOutput('ret='.$ret);
return $ret;
}
@@ -146,7 +152,7 @@ function doAdminAction () {
// Get default what
$what = getWhat();
- //* DEBUG: */ outputHtml(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*
');
+ //* DEBUG: */ debugOutput(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*');
// Remove any spaces from variable
if (empty($what)) {
@@ -160,16 +166,16 @@ function doAdminAction () {
// Get action value
$action = getActionFromModuleWhat(getModule(), $what);
- // Define admin login name and id number
- $content['login'] = getSession('admin_login');
- $content['id'] = getCurrentAdminId();
-
- // Preload templates
+ // Load welcome template
if (isExtensionActive('admins')) {
- $content['welcome'] = loadTemplate('admin_welcome_admins', true, $content);
+ // @TODO This and the next getCurrentAdminId() call might be moved into the templates?
+ $content['welcome'] = loadTemplate('admin_welcome_admins', true, getCurrentAdminId());
} else {
- $content['welcome'] = loadTemplate('admin_welcome', true, $content);
+ $content['welcome'] = loadTemplate('admin_welcome', true, getCurrentAdminId());
}
+
+ // Load header, footer, render menu
+ $content['header'] = loadTemplate('admin_header' , true, $content);
$content['footer'] = loadTemplate('admin_footer' , true, $content);
$content['menu'] = addAdminMenu($action, $what, true);
@@ -212,11 +218,11 @@ LIMIT 1",
// Access denied
loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what));
} else {
- // Include file not found! :-(
+ // Include file not found :-(
loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action));
}
} else {
- // Invalid action/what pair found!
+ // Invalid action/what pair found
loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what));
}
@@ -227,8 +233,22 @@ LIMIT 1",
loadTemplate('admin_main_footer', false, $content);
}
+// Checks wether current admin is allowed to access given action/what combination
+// (only one is allowed to be null!)
+function isAdminAllowedAccessMenu ($action, $what = null) {
+ // Do we have cache?
+ if (!isset($GLOBALS[__FUNCTION__][$action][$what])) {
+ // ACL is always 'allow' when no ext-admins is installed
+ // @TODO This can be rewritten into a filter
+ $GLOBALS[__FUNCTION__][$action][$what] = ((!isExtensionInstalledAndNewer('admins', '0.2.0')) || (adminsCheckAdminAcl($action, $what)));
+ } // END - if
+
+ // Return the cached value
+ return $GLOBALS[__FUNCTION__][$action][$what];
+}
+
// Adds an admin menu
-function addAdminMenu ($action, $what, $return=false) {
+function addAdminMenu ($action, $what, $return = false) {
// Init variables
$SUB = false;
$OUT = '';
@@ -249,29 +269,23 @@ ORDER BY
`id` DESC", __FUNCTION__, __LINE__);
// Do we have entries?
- if (SQL_NUMROWS($result_main) > 0) {
+ if (!SQL_HASZERONUMS($result_main)) {
$OUT .= '