X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=12d20dcf4abdd854c4a16fe3898d5bc0daa4da70;hb=e5dde615db05fb62ebe91bd1c030f40c9b91fe17;hp=891d19cfec49742bc32b9a466ca7f9e91afa9f9c;hpb=29385a0483bbcbbe940a32a49d488b1d5add15c5;p=mailer.git

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 891d19cfec..12d20dcf4a 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -77,29 +77,36 @@ function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) {
 	// First of all, no admin login is found
 	$ret = '404';
 
-	// Then we need to lookup the login name by getting the admin hash
-	$adminHash = getAdminHash($adminLogin);
-
-	// If this is fine, we can continue
-	if ($adminHash != '-1') {
-		// Get admin id and set it as current
-		setCurrentAdminId(getAdminId($adminLogin));
-
-		// Now, we need to encode the password in the same way the one is encoded in database
-		$testHash = generateHash($adminPassword, $adminHash);
-
-		// If they both match, the login data is valid
-		if ($testHash == $adminHash) {
-			// All fine
-			$ret = 'done';
-		} else {
-			// Set status
-			$ret = 'pass';
-		}
+	// Get admin id from login
+	$adminId = getAdminId($adminLogin);
+
+	// Continue only with found admin ids
+	if ($adminId > 0) {
+		// Then we need to lookup the login name by getting the admin hash
+		$adminHash = getAdminHash($adminId);
+
+		// If this is fine, we can continue
+		if ($adminHash != '-1') {
+			// Get admin id and set it as current
+			setCurrentAdminId($adminId);
+
+			// Now, we need to encode the password in the same way the one is encoded in database
+			$testHash = generateHash($adminPassword, $adminHash);
+
+			// If they both match, the login data is valid
+			if ($testHash == $adminHash) {
+				// All fine
+				$ret = 'done';
+			} else {
+				// Set status
+				$ret = 'pass';
+			}
+		} // END - if
 	} // END - if
 
 	// Prepare data array
 	$data = array(
+		'id'         => $adminId,
 		'login'      => $adminLogin,
 		'plain_pass' => $adminPassword,
 		'pass_hash'  => $adminHash
@@ -161,7 +168,7 @@ function doAdminAction () {
 	$action = getActionFromModuleWhat(getModule(), $what);
 
 	// Define admin login name and id number
-	$content['login'] = getSession('admin_login');
+	$content['login'] = getAdminLogin(getSession('admin_id'));
 	$content['id']    = getCurrentAdminId();
 
 	// Preload templates
@@ -249,7 +256,7 @@ ORDER BY
 	`id` DESC", __FUNCTION__, __LINE__);
 
 	// Do we have entries?
-	if (SQL_NUMROWS($result_main) > 0) {
+	if (!SQL_HASZERONUMS($result_main)) {
 		$OUT .= '<ul class="admin_menu_main">';
 		// @TODO Rewrite this to $content = SQL_FETCHARRAY()
 		while (list($menu, $title, $descr) = SQL_FETCHROW($result_main)) {
@@ -282,7 +289,7 @@ ORDER BY
 						$OUT .= '[<a href="{%url=modules.php?module=admin&amp;action=' . $menu . '%}">';
 					}
 				} else {
-					$OUT .= '<em style="cursor:help" class="admin_note" title="{--MENU_ACTION_404--}">';
+					$OUT .= '<em style="cursor:help" class="admin_note" title="{%message,MENU_ACTION_404=' . $menu . '}">';
 				}
 
 				$OUT .= $title;
@@ -315,10 +322,10 @@ ORDER BY
 					array($menu), __FUNCTION__, __LINE__);
 
 				// Remember the count for later checks
-				setAdminMenuHasEntries($menu, ((SQL_NUMROWS($result_what) > 0) && ($action == $menu)));
+				setAdminMenuHasEntries($menu, ((!SQL_HASZERONUMS($result_what)) && ($action == $menu)));
 
 				// Do we have entries?
-				if ((ifAdminMenuHasEntries($menu)) && (SQL_NUMROWS($result_what) > 0)) {
+				if ((ifAdminMenuHasEntries($menu)) && (!SQL_HASZERONUMS($result_what))) {
 					$GLOBALS['menu']['description'] = array();
 					$GLOBALS['menu']['title'] = array(); $SUB = true;
 					$OUT .= '<li class="admin_menu_sub"><ul class="admin_menu_sub">';
@@ -352,7 +359,7 @@ ORDER BY
 									$OUT .= '[<a href="{%url=modules.php?module=admin&amp;what=' . $what_sub . '%}">';
 								}
 							} else {
-								$OUT .= '<em style="cursor:help" class="admin_note" title="{--MENU_WHAT_404--}">';
+								$OUT .= '<em style="cursor:help" class="admin_note" title="{%message,MENU_WHAT_404=' . $what_sub . '%}">';
 							}
 
 							$OUT .= $title_what;
@@ -436,7 +443,7 @@ function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') {
 
 	$result = SQL_QUERY_ESC("SELECT `%s` AS `menu`, `title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC",
 		array($mode), __FUNCTION__, __LINE__);
-	if (SQL_NUMROWS($result) > 0) {
+	if (!SQL_HASZERONUMS($result)) {
 		// Load menu as selection
 		$OUT = '<select name="' . $mode . '_menu';
 		if ((!empty($defid)) || ($defid == '0')) $OUT .= '[' . $defid . ']';
@@ -759,7 +766,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $
 
 // Build a special template list
 function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $userid = 'userid') {
-	$OUT = ''; $SW = 2;
+	$OUT = '';
 
 	// "Walk" through all entries
 	foreach ($IDs as $id => $selected) {
@@ -798,18 +805,12 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions,
 				$content[$key] = handleExtraValues($filterFunctions[$idx], $value, $extraValues[$idx]);
 			} // END - foreach
 
-			// Add color switching
-			$content['sw'] = $SW;
-
 			// Then list it
 			$OUT .= loadTemplate(sprintf("admin_%s_%s_row",
 				$listType,
 				$table
 				), true, $content
 			);
-
-			// Switch color
-			$SW = 3 - $SW;
 		} // END - if
 
 		// Free the result
@@ -1113,7 +1114,7 @@ function sendAdminPasswordResetLink ($email) {
 	// Is there an account?
 	if (SQL_HASZERONUMS($result)) {
 		// No account found!
-		return getMessage('ADMIN_NO_LOGIN_WITH_EMAIL');
+		return '{--ADMIN_NO_LOGIN_WITH_EMAIL--}';
 	} // END - if
 
 	// Load all data
@@ -1123,7 +1124,7 @@ function sendAdminPasswordResetLink ($email) {
 	SQL_FREERESULT($result);
 
 	// Generate hash for reset link
-	$content['hash'] = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $content['login'] . ':' . $content['password'], substr($content['password'], 10));
+	$content['hash'] = generateHash(getUrl() . ':' . $content['id'] . ':' . $content['login'] . ':' . $content['password'], substr($content['password'], 10));
 
 	// Remove some data
 	unset($content['id']);
@@ -1136,7 +1137,7 @@ function sendAdminPasswordResetLink ($email) {
 	sendEmail($email, '{--ADMIN_RESET_PASS_LINK_SUBJECT--}', $mailText);
 
 	// Prepare output
-	return getMessage('ADMIN_RESET_LINK_SENT');
+	return '{--ADMIN_RESET_LINK_SENT--}';
 }
 
 // Validate hash and login for password reset
@@ -1154,7 +1155,7 @@ function adminResetValidateHashLogin ($hash, $login) {
 		$content = SQL_FETCHARRAY($result);
 
 		// Generate hash again
-		$hashFromData = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $login . ':' . $content['password'], substr($content['password'], 10));
+		$hashFromData = generateHash(getUrl() . ':' . $content['id'] . ':' . $login . ':' . $content['password'], substr($content['password'], 10));
 
 		// Does both match?
 		$valid = ($hash == $hashFromData);
@@ -1180,7 +1181,7 @@ function doResetAdminPassword ($login, $password) {
 	runFilterChain('post_admin_reset_pass', array('login' => $login, 'hash' => $passHash));
 
 	// Return output
-	return getMessage('ADMIN_PASSWORD_RESET_DONE');
+	return '{--ADMIN_PASSWORD_RESET_DONE--}';
 }
 
 // Solves a task by given id number
@@ -1392,7 +1393,7 @@ function addEmailNavigation ($numPages, $offset, $show_form, $colspan, $return=f
 			$NAV .= '<a href="{%url=modules.php?module=admin&amp;what=' . getWhat() . '&amp;page=' . $page . '&amp;offset=' . $offset;
 
 			// Add userid when we shall show all mails from a single member
-			if ((isGetRequestParameterSet('userid')) && (bigintval(getRequestParameter('userid')) > 0)) $NAV .= '&amp;userid=' . bigintval(getRequestParameter('userid'));
+			if ((isGetRequestParameterSet('userid')) && (isValidUserId(getRequestParameter('userid')))) $NAV .= '&amp;userid=' . bigintval(getRequestParameter('userid'));
 
 			// Close open anchor tag
 			$NAV .= '%}">';