X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=395bc3e64e50062e582130f7f90849cd89c33f7b;hb=59949615f7fc6926f07fe65f9dac9436d124b40e;hp=e5800717542af3b059bd36bd067b66ea704afb78;hpb=59161907531b988b084d2ffbf4ffe8328bfe9193;p=mailer.git

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index e580071754..395bc3e64e 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -32,8 +32,7 @@
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (!defined('__SECURITY')) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
@@ -46,7 +45,7 @@ function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER)
 	 array($user), __FILE__, __LINE__);
 	if (SQL_NUMROWS($result) == 0) {
 		// Ok, let's create the admin login
-		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')",
+		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES ('%s', '%s', '%s')",
 		 array($user, $md5, $email), __FILE__, __LINE__);
 		$ret = "done";
 	} else {
@@ -62,73 +61,122 @@ function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER)
 function CHECK_ADMIN_LOGIN ($admin_login, $password)
 {
 	global $cacheArray, $_CONFIG, $cacheInstance;
-	$ret = "404"; $pass = "";
-	if (!empty($cacheArray['admins']['aid'][$admin_login])) {
+
+	// Init variables
+	$ret = "404";
+	$data = array();
+
+	// Get admin id
+	$aid = GET_ADMIN_ID($admin_login);
+
+	// Is the cache valid?
+	if (!empty($cacheArray['admins']['password'][$aid])) {
 		// Get password from cache
-		$pass = $cacheArray['admins']['password'][$admin_login];
+		$data['password'] = $cacheArray['admins']['password'][$aid];
 		$ret = "pass";
-		$_CONFIG['cache_hits']++;
-	} else {
+		if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; }
+
+		// Include more admins data?
+		if (GET_EXT_VERSION("admins") >= "0.7.0") {
+			// Load them here
+			$data['login_failtures'] = $cacheArray['admins']['login_failtures'][$aid];
+			$data['last_failture']   = $cacheArray['admins']['last_failture'][$aid];
+		} // END - if
+	} elseif (!EXT_IS_ACTIVE("cache")) {
+		$ADD = "";
+		if (GET_EXT_VERSION("admins") >= "0.7.0") {
+			// Load them here
+			$ADD = ", login_failtures, UNIX_TIMESTAMP(last_failture) AS last_failture";
+		} // END - if
+
 		// Get password from DB
-		$result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-		 array($admin_login), __FILE__, __LINE__);
+		$result = SQL_QUERY_ESC("SELECT password".$ADD." FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
+		 array($aid), __FILE__, __LINE__);
 		if (SQL_NUMROWS($result) == 1) {
+			// Login password found
 			$ret = "pass";
-			list($pass) = SQL_FETCHROW($result);
-			SQL_FREERESULT($result);
-		}
+
+			// Fetch data
+			$data = SQL_FETCHARRAY($result);
+		} // END - if
+
+		// Free result
+		SQL_FREERESULT($result);
 	}
 
-	//* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."<br />";
-	if ((strlen($pass) == 32) && ($pass == md5($password))) {
+	//* DEBUG: */ echo "*".$data['password']."/".md5($password)."/".$ret."<br />";
+	if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
 		// Generate new hash
-		$pass = generateHash($password);
+		$data['password'] = generateHash($password);
 
 		// Is the sql_patches not installed, than we cannot have a valid hashed password here!
-		if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done";
-	} elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) {
+		if (($ret == "pass") && ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done";
+	} elseif ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == "")) {
 		// Old hashing way
 		return $ret;
+	} elseif (!isset($data['password'])) {
+		// Password not found, so no valid login!
+		return $ret;
 	}
 
 	// Generate salt of password
-	define('__SALT', substr($pass, 0, -40));
+	define('__SALT', substr($data['password'], 0, -40));
 	$salt = __SALT;
 
 	// Check if password is same
-	//* DEBUG: */ echo "*".$ret.",".$pass.",".$password.",".$salt."*<br >\n";
-	if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) 	{
-		// Change the passord hash here
-		$pass = generateHash($password);
-
-		// Update password
-		$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
-		 array($pass, $admin_login), __FILE__, __LINE__);
-
-		// Shall I remove the cache file?
-		if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) {
-			if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
+	//* DEBUG: */ echo "*".$ret.",".$data['password'].",".$password.",".$salt."*<br >\n";
+	if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) {
+		// Re-hash the plain passord with new random salt
+		$data['password'] = generateHash($password);
+
+		// Do we have 0.7.0 of admins or later?
+		// Remmeber login failtures if available
+		if (GET_EXT_VERSION("admins") >= "0.7.0") {
+			// Store it in session
+			set_session('mxchange_admin_failtures', $data['login_failtures']);
+			set_session('mxchange_admin_last_fail', $data['last_failture']);
+
+			// Update password and reset login failtures
+			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s',login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE id=%s LIMIT 1",
+				array($data['password'], $aid), __FILE__, __LINE__);
+		} else {
+			// Update password
+			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE id=%s LIMIT 1",
+				array($data['password'], $aid), __FILE__, __LINE__);
 		}
 
+		// Rebuild cache
+		REBUILD_CACHE("admins", "admin");
+
 		// Login has failed by default... ;-)
 		$ret = "failed";
 
 		// Password matches so login here
-		if (LOGIN_ADMIN($admin_login, $pass)) {
+		if (LOGIN_ADMIN($admin_login, $data['password'])) {
 			// All done now
 			$ret = "done";
-		}
+		} // END - if
 	} elseif ((empty($salt)) && ($ret == "pass")) {
 		// Something bad went wrong
 		$ret = "failed";
 	} elseif ($ret == "done") {
 		// Try to login here if we have the old hashing way (sql_patches not installed?)
-		if (!LOGIN_ADMIN($admin_login, $pass)) {
+		if (!LOGIN_ADMIN($admin_login, $data['password'])) {
 			// Something went wrong
 			$ret = "failed";
-		}
+		} // END - if
 	}
 
+	// Count login failture if admins extension version is 0.7.0+
+	if (($ret == "pass") && (GET_EXT_VERSION("admins") >= "0.7.0")) {
+		// Update counter
+		SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=login_failtures+1,last_failture=NOW() WHERE id=%s LIMIT 1",
+			array($aid), __FILE__, __LINE__);
+
+		// Rebuild cache
+		REBUILD_CACHE("admins", "admin");
+	} // END - if
+
 	// Return the result
 	//* DEBUG: */ die("RETURN=".$ret);
 	return $ret;
@@ -136,6 +184,18 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
 
 // Try to login the admin by setting some session/cookie variables
 function LOGIN_ADMIN ($adminLogin, $passHash) {
+	global $cacheInstance;
+
+	// Reset failture counter on matching admins version
+	if ((GET_EXT_VERSION("admins") >= "0.7.0") && ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == ""))) {
+		// Reset counter on out-dated sql_patches version
+		SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1",
+			array($adminLogin), __FILE__, __LINE__);
+
+		// Rebuild cache
+		REBUILD_CACHE("admins", "admin");
+	} // END - if
+
 	// Now set all session variables and return the result
 	return (
 		(
@@ -145,7 +205,7 @@ function LOGIN_ADMIN ($adminLogin, $passHash) {
 		) && (
 			set_session("admin_last", time())
 		) && (
-			set_session("admin_to", $_POST['timeout'])
+			set_session("admin_to", bigintval($_POST['timeout']))
 		)
 	);
 }
@@ -154,28 +214,12 @@ function LOGIN_ADMIN ($adminLogin, $passHash) {
 function CHECK_ADMIN_COOKIES ($admin_login, $password) {
 	global $cacheArray, $_CONFIG;
 	$ret = "404"; $pass = "";
-	if (!empty($cacheArray['admins']['aid'][$admin_login])) {
-		// Get password from cache
-		$pass = $cacheArray['admins']['password'][$admin_login];
-		$ret = "pass";
-		$_CONFIG['cache_hits']++;
-	} else {
-		// Get password from DB
-		$result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-		 array($admin_login), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1) {
-			// Entry found
-			$ret = "pass";
 
-			// Fetch password
-			list($pass) = SQL_FETCHROW($result);
-		}
-
-		// Free result
-		SQL_FREERESULT($result);
-	}
+	// Get hash
+	$pass = GET_ADMIN_HASH(GET_ADMIN_ID($admin_login));
+	if ($pass != "-1") $ret = "pass";
 
-	//* DEBUG: */ echo __FUNCTION__.":".$pass."(".strlen($pass).")/".$password."(".strlen($password).")<br />\n";
+	//* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):".generatePassString($pass)."(".strlen($pass).")/".$password."(".strlen($password).")<br />\n";
 
 	// Check if password matches
 	if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {
@@ -191,6 +235,7 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
 	// Initialize some variables
 	$done = false;
 	$seek++;
+	$next=-1;
 	$found = false;
 
 	// Is the file there and read-/write-able?
@@ -215,7 +260,7 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
 					if (strpos($line, $search) > -1) { $next = 0; $found = true; }
 
 					if ($next > -1) {
-						if ($next == $seek) {
+						if ($next === $seek) {
 							$next = -1;
 							$line = $prefix . $DATA . $suffix."\n";
 						} else {
@@ -257,24 +302,20 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
 }
 
 //
-function ADMIN_DO_ACTION($wht)
-{
+function ADMIN_DO_ACTION($wht) {
 	global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $DATA, $DEPTH;
+
 	//* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*<br />\n";
-	if (EXT_IS_ACTIVE("cache"))
-	{
+	if (EXT_IS_ACTIVE("cache")) {
 		// Include cache instance
 		global $cacheInstance;
 	}
 
 	// Remove any spaces from variable
-	if (empty($wht))
-	{
+	if (empty($wht)) {
 		// Default admin action is the overview page
 		$wht = "overview";
-	}
-	 else
-	{
+	} else {
 		// Compile out some chars
 		$wht = COMPILE_CODE($wht, false, false, false);
 	}
@@ -299,29 +340,21 @@ function ADMIN_DO_ACTION($wht)
 	LOAD_TEMPLATE("admin_main_header");
 
 	// Check if action/what pair is valid
-	$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu
+	$result_action = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu
 WHERE action='%s' AND ((what='%s' AND what != 'overview') OR ((what='' OR what IS NULL) AND '%s'='overview'))
 LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result) == 1)
-	{
-		// Free memory
-		SQL_FREERESULT($result);
+	if (SQL_NUMROWS($result_action) == 1) {
 
 		// Is valid but does the inlcude file exists?
 		$INC = sprintf("%sinc/modules/admin/action-%s.php", PATH, $act);
-		if ((FILE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true))
-		{
+		if ((FILE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) {
 			// Ok, we finally load the admin action module
 			include($INC);
-		}
-		 elseif (__ACL_ALLOW == false)
-		{
+		} elseif (__ACL_ALLOW == false) {
 			// Access denied
 			LOAD_TEMPLATE("admin_menu_failed", false, ADMINS_ACCESS_DENIED);
 			ADD_FATAL(ADMINS_ACCESS_DENIED);
-		}
-		 else
-		{
+		} else {
 			// Include file not found! :-(
 			LOAD_TEMPLATE("admin_menu_failed", false, ADMIN_404_ACTION);
 			ADD_FATAL(ADMIN_404_ACTION_1.$act.ADMIN_404_ACTION_2);
@@ -332,22 +365,50 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);
 		ADD_FATAL(ADMIN_INVALID_ACTION_1.$act."/".$wht.ADMIN_INVALID_ACTION_2);
 	}
 
+	// Free memory
+	SQL_FREERESULT($result_action);
+
 	// Tableset footer
 	LOAD_TEMPLATE("admin_main_footer");
 }
 //
-function ADD_ADMIN_MENU($act, $wht,$return=false)
-{
-	global $menuDesription, $menuTitle;
+function ADD_ADMIN_MENU($act, $wht, $return=false) {
+	global $menuDesription, $menuTitle, $cacheInstance, $_CONFIG;
+
+	// Init variables
 	$SUB = false;
+	$OUT = "";
 
 	// Menu descriptions
 	$menuDesription = array();
 	$menuTitle = array();
 
+	// Is there a cache instance?
+	if ((is_object($cacheInstance)) && (isset($_CONFIG['cache_admin_menu'])) && ($_CONFIG['cache_admin_menu'] == "Y")) {
+		// Create cache name
+		$cacheName = "admin_".$act."_".$wht."_".GET_LANGUAGE()."_".strtolower(get_session('admin_login'));
+
+		// Is that cache there?
+		if ($cacheInstance->cache_file($cacheName, true)) {
+			// Then load it
+			$data = $cacheInstance->cache_load();
+
+			// Extract all parts
+			$OUT = base64_decode($data['output'][0]);
+			$menuTitle = unserialize(base64_decode($data['title'][0]));
+			$menuDescription = unserialize(base64_decode($data['descr'][0]));
+
+			// Return or output content?
+			if ($return) {
+				return $OUT;
+			} else {
+				OUTPUT_HTML($OUT);
+			}
+		} // END - if
+	} // END - if
+
 	// Build main menu
 	$result_main = SQL_QUERY("SELECT action, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) ORDER BY sort, id DESC", __FILE__, __LINE__);
-	$OUT = "";
 	if (SQL_NUMROWS($result_main) > 0)
 	{
 		$OUT = "<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"admin_menu_main\">
@@ -368,13 +429,13 @@ function ADD_ADMIN_MENU($act, $wht,$return=false)
 				if (!$SUB)
 				{
 					// Insert compiled menu title and description
-					$menuTitle[$menu]        = $title;
+					$menuTitle[$menu]      = $title;
 					$menuDesription[$menu] = $descr;
 				}
 				$OUT .= "<TR>
 	<TD class=\"admin_menu\" colspan=\"2\">
 		<NOBR>&nbsp;<STRONG>&middot;</STRONG>&nbsp;";
-					if (($menu == $act) && (empty($wht)))
+				if (($menu == $act) && (empty($wht)))
 				{
 					$OUT .= "<STRONG>";
 				}
@@ -383,7 +444,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false)
 					$OUT .= "[<A href=\"".URL."/modules.php?module=admin&amp;action=".$menu."\">";
 				}
 				$OUT .= $title;
-					if (($menu == $act) && (empty($wht)))
+				if (($menu == $act) && (empty($wht)))
 				{
 					$OUT .= "</STRONG>";
 				}
@@ -393,7 +454,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false)
 				}
 				$OUT .= "</NOBR></TD>
 </TR>\n";
-				$result_what = SQL_QUERY_ESC("SELECT what, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' ORDER BY sort, id DESC",
+				$result_what = SQL_QUERY_ESC("SELECT what, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE action='%s' AND what != '' AND what IS NOT NULL ORDER BY sort, id DESC",
 				 array($menu), __FILE__, __LINE__);
 				if ((SQL_NUMROWS($result_what) > 0) && ($act == $menu))
 				{
@@ -403,24 +464,19 @@ function ADD_ADMIN_MENU($act, $wht,$return=false)
 	<TD width=\"10\" class=\"seperator\">&nbsp;</TD>
 	<TD class=\"admin_menu\">
 		<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"admin_menu_sub\">\n";
-						while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what))
-					{
+					while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) {
 						// Filename
 						$INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $wht_sub);
-						if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))
-						{
+						if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) {
 							$ACL = ADMINS_CHECK_ACL("", $wht_sub);
-						}
-						 else
-						{
+						} else {
 							// ACL is "allow"... hmmm
 							$ACL = true;
 						}
 						$readable = FILE_READABLE($INC);
-						if ($ACL)
-						{
+						if ($ACL) {
 							// Insert compiled title and description
-							$menuTitle[$wht_sub]        = $title_what;
+							$menuTitle[$wht_sub]      = $title_what;
 							$menuDesription[$wht_sub] = $desc_what;
 							$OUT .= "<TR>
 	<TD class=\"admin_menu\" colspan=\"2\">
@@ -481,6 +537,25 @@ function ADD_ADMIN_MENU($act, $wht,$return=false)
 	$eval = "\$OUT = \"".COMPILE_CODE(addslashes($OUT))."\";";
 	eval($eval);
 
+	// Is there a cache instance again?
+	if ((is_object($cacheInstance)) && (isset($_CONFIG['cache_admin_menu'])) && ($_CONFIG['cache_admin_menu'] == "Y")) {
+		// Init cache
+		$cacheInstance->cache_init($cacheName);
+
+		// Prepare cache data
+		$data = array(
+			'output' => base64_encode($OUT),
+			'title'  => $menuTitle,
+			'descr'  => $menuDesription
+		);
+
+		// Write the data away
+		$cacheInstance->add_row($data);
+
+		// Close cache
+		$cacheInstance->cache_close();
+	} // END - if
+
 	// Return or output content?
 	if ($return) {
 		return $OUT;
@@ -489,7 +564,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false)
 	}
 }
 //
-function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $none=false)
+function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $none=false, $field="userid")
 {
 	// Output selection form with all confirmed user accounts listed
 	$result = SQL_QUERY("SELECT userid, surname, family FROM "._MYSQL_PREFIX."_user_data ORDER BY userid", __FILE__, __LINE__);
@@ -518,8 +593,8 @@ function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $non
 		// Load template
 		LOAD_TEMPLATE("admin_member_selection_box", false, $GLOBALS['what']);
 	} else {
-		// Return content
-		return "<select name=\"userid\" size=\"1\">\n".$OUT."</select>\n";
+		// Return content in selection frame
+		return "<select class=\"admin_select\" name=\"".$field."\" size=\"1\">\n".$OUT."</select>\n";
 	}
 }
 //
@@ -574,7 +649,7 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con
 				// Translate the value? (comma to dot!)
 				if ((is_array($translateComma)) && (in_array($id, $translateComma))) {
 					// Then do it here... :)
-					$val = str_replace(",", ".", $val);
+					$val = REVERT_COMMA($val);
 				} // END - if
 
 				// Shall we add numbers or strings?
@@ -623,7 +698,7 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con
 		$VALUEs = implode(", ", $VALUEs);
 
 		// Generate SQL string
-		$SQL = "INSERT INTO "._MYSQL_PREFIX.$tableName." (".$KEYs.") VALUES(".$VALUEs.")";
+		$SQL = "INSERT INTO "._MYSQL_PREFIX.$tableName." (".$KEYs.") VALUES (".$VALUEs.")";
 	}
 
 	// Free memory
@@ -632,12 +707,8 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con
 	// Simply run generated SQL string
 	$result = SQL_QUERY($SQL, __FILE__, __LINE__);
 
-	// Is the config table updated and the cache extension installed?
-	if ((GET_EXT_VERSION("cache") >= "0.1.2") && ($tableName == "_config")) {
-		// Remove it here...
-		if ($cacheInstance->cache_file("config", true)) $cacheInstance->cache_destroy();
-		unset($cacheArray);
-	} // END - if
+	// Rebuild cache
+	REBUILD_CACHE("config", "config");
 
 	// Settings saved
 	LOAD_TEMPLATE("admin_settings_saved", false, "<STRONG class=\"admin_done\">".SETTINGS_SAVED."</STRONG>");
@@ -699,15 +770,18 @@ function ADMIN_CHECK_MENU_MODE() {
 	// Set the global mode as the mode for all admins
 	$MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE;
 
+	// Get admin id
+	$aid = GET_ADMIN_ID(get_session('admin_login'));
+
 	// Check individual settings of current admin
-	if (isset($cacheArray['admins']['la_mode'][get_session('admin_login')])) {
+	if (isset($cacheArray['admins']['la_mode'][$aid])) {
 		// Load from cache
-		$ADMIN = $cacheArray['admins']['la_mode'][get_session('admin_login')];
-		$_CONFIG['cache_hits']++;
+		$ADMIN = $cacheArray['admins']['la_mode'][$aid];
+		if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; }
 	} elseif (GET_EXT_VERSION("admins") >= "0.6.7") {
 		// Load from database when version of "admins" is enough
-		$result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-		 array(get_session('admin_login')), __FILE__, __LINE__);
+		$result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
+		 array($aid), __FILE__, __LINE__);
 		if (SQL_NUMROWS($result) == 1) {
 			// Load data
 			list($ADMIN) = SQL_FETCHROW($result);
@@ -779,8 +853,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
 	// Is the raw userid set?
 	if ($_POST['uid_raw'][$id] > 0) {
 		// Generate subject
-		$eval = "\$subjectLine = MEMBER_".$subject."_".strtoupper($table)."_SUBJECT;";
-		eval($eval);
+		$subjectLine = constant('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
 
 		// Load email template
 		if (!empty($subjectPart)) {
@@ -794,8 +867,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
 	} // END - if
 
 	// Generate subject
-	$eval = "\$subjectLine = ADMIN_".$subject."_".strtoupper($table)."_SUBJECT;";
-	eval($eval);
+	$subjectLine = constant('ADMIN_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
 
 	// Send admin notification out
 	if (!empty($subjectPart)) {
@@ -815,7 +887,7 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions,
 		$id = bigintval($id);
 
 		// Get result from a given column array and table name
-		$result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id);
+		$result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id, __FILE__, __LINE__);
 
 		// Is there one entry?
 		if (SQL_NUMROWS($result) == 1) {
@@ -854,14 +926,90 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions,
 	// Load master template
 	LOAD_TEMPLATE("admin_".$listType."_".$table."", false, $OUT);
 }
+// Change status of "build" list
+function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray) {
+	// All valid entries? (We hope so here!)
+	if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) {
+		// "Walk" through all entries
+		foreach ($IDs as $id => $sel) {
+			// Construct SQL query
+			$SQL = "UPDATE "._MYSQL_PREFIX."_".$table." SET";
+
+			// Load data of entry
+			$result = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1",
+				array($table, $idColumn, $id), __FILE__, __LINE__);
+
+			// Fetch the data
+			$content = SQL_FETCHARRAY($result);
+
+			// Free the result
+			SQL_FREERESULT($result);
+
+			// Add all status entries (e.g. status column last_updated or so)
+			$newStatus = "UNKNOWN";
+			$oldStatus = "UNKNOWN";
+			$statusColumn = "unknown";
+			foreach ($statusArray as $column => $statusInfo) {
+				// Does the entry exist?
+				if ((isset($content[$column])) && (isset($statusInfo[$content[$column]]))) {
+					// Add these entries for update
+					$SQL .= sprintf(" %s='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]]));
+
+					// Remember status
+					if ($statusColumn == "unknown") {
+						// Always (!!!) change status column first!
+						$oldStatus = $content[$column];
+						$newStatus = $statusInfo[$oldStatus];
+						$statusColumn = $column;
+					} // END - if
+				} elseif (isset($content[$column])) {
+					// Unfinished!
+					mxchange_die("{--".__FUNCTION__."--}:UNFINISHED: id={$id}/{$column}[".gettype($statusInfo)."] = {$content[$column]}");
+				}
+			} // END - foreach
+
+			// Add other columns as well
+			foreach ($_POST as $key => $entries) {
+				// Skip id, raw userid and 'do_lock'
+				if (!in_array($key, array($idColumn, 'uid_raw', 'do_lock'))) {
+					// Are there brackets () at the end?
+					if (substr($entries[$id], -2, 2) == "()") {
+						// Direct SQL command found
+						$SQL .= sprintf(" %s=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]));
+					} else {
+						// Add regular entry
+						$SQL .= sprintf(" %s='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]));
+					}
+				} // END - if
+			} // END - if
+
+			// Finish SQL statement
+			$SQL = substr($SQL, 0, -1) . " WHERE ".$idColumn."=".bigintval($id)." AND ".$statusColumn."='".$oldStatus."' LIMIT 1";
+
+			// Run the SQL
+			SQL_QUERY($SQL, __FILE__, __LINE__);
+
+			// Do we have an URL?
+			if (isset($content['url'])) {
+				// Then add a framekiller test as well
+				$content['frametester'] = FRAMETESTER($content['url']);
+			} // END - if
+
+			// Send "build mails" out
+			ADMIN_SEND_BUILD_MAILS($mode, $table, $content, $id, $statusInfo[$content[$column]]);
+		} // END - foreach
+	} // END - if
+}
 // Delete rows by given ID numbers
 function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $deleteNow=false, $idColumn="id", $userIdColumn="userid") {
 	// All valid entries? (We hope so here!)
 	if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) {
 		// Shall we delete here or list for deletion?
 		if ($deleteNow) {
-			// Delete them
+			// The base SQL command:
 			$SQL = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_%s WHERE %s IN (%s)";
+
+			// Delete them all
 			$idList = "";
 			foreach ($IDs as $id => $sel) {
 				// Is there a userid?
@@ -882,7 +1030,7 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu
 
 				// Add id number
 				$idList .= $id.",";
-			} // END - if
+			} // END - foreach
 
 			// Run the query
 			SQL_QUERY($SQL, array($table, $idColumn, substr($idList, 0, -1)), __FILE__, __LINE__);
@@ -948,7 +1096,9 @@ function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc
 						// Then add a framekiller test as well
 						$content['frametester'] = FRAMETESTER($content[$key]);
 					} // END - if
-				}
+				} // END - foreach
+
+				// Finish SQL command
 				$SQL = substr($SQL, 0, -1) . " WHERE ".$idColumn."=".bigintval($id)." LIMIT 1";
 
 				// Run this query
@@ -993,79 +1143,27 @@ function ADMIN_LOCK_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc
 		// Shall we un-/lock here or list for locking?
 		if ($lockNow) {
 			// Un-/lock entries
-			foreach ($IDs as $id => $sel) {
-				// Construct SQL query
-				$SQL = "UPDATE "._MYSQL_PREFIX."_".$table." SET";
-
-				// Load data of entry
-				$result = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1",
-					array($table, $idColumn, $id), __FILE__, __LINE__);
-
-				// Fetch the data
-				$content = SQL_FETCHARRAY($result);
-
-				// Free the result
-				SQL_FREERESULT($result);
-
-				// Add all status entries (e.g. status column last_updated or so)
-				$newStatus = "UNKNOWN";
-				$oldStatus = "UNKNOWN";
-				$statusColumn = "unknown";
-				foreach ($statusArray as $column => $statusInfo) {
-					// Does the entry exist?
-					if ((isset($content[$column])) && (isset($statusInfo[$content[$column]]))) {
-						// Add these entries for update
-						$SQL .= sprintf(" %s='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]]));
-
-						// Remember status
-						if ($statusColumn == "unknown") {
-							// Always (!!!) change status column first!
-							$oldStatus = $content[$column];
-							$newStatus = $statusInfo[$oldStatus];
-							$statusColumn = $column;
-						} // END - if
-					} elseif (isset($content[$column])) {
-						// Unfinished!
-						die("UNFINISHED: {$column}[".gettype($statusInfo)."] = {$content[$column]}");
-					}
-				} // END - foreach
-
-				// Add other columns as well
-				foreach ($_POST as $key => $entries) {
-					// Skip id, raw userid and 'do_lock'
-					if (!in_array($key, array($idColumn, 'uid_raw', 'do_lock'))) {
-						// Are there brackets () at the end?
-						if (substr($entries[$id], -2, 2) == "()") {
-							// Direct SQL command found
-							$SQL .= sprintf(" %s=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]));
-						} else {
-							// Add regular entry
-							$SQL .= sprintf(" %s='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]));
-						}
-					} // END - if
-				} // END - if
-
-				// Finish SQL statement
-				$SQL = substr($SQL, 0, -1) . " WHERE ".$idColumn."=".bigintval($id)." AND ".$statusColumn."='".$oldStatus."' LIMIT 1";
-
-				// Run the SQL
-				SQL_QUERY($SQL, __FILE__, __LINE__);
-
-				// Do we have an URL?
-				if (isset($content['url'])) {
-					// Then add a framekiller test as well
-					$content['frametester'] = FRAMETESTER($content['url']);
-				} // END - if
-
-				// Send "build mails" out
-				ADMIN_SEND_BUILD_MAILS("lock", $table, $content, $id, $statusInfo[$content[$column]]);
-			} // END - if
+			ADMIN_BUILD_STATUS_HANDLER("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
 		} else {
 			// List for editing
 			ADMIN_BUILD_LIST("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
 		}
 	} // END - if
 }
+// Undelete rows by given ID numbers
+function ADMIN_UNDELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $lockNow=false, $idColumn="id", $userIdColumn="userid") {
+	// All valid entries? (We hope so here!)
+	if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && ((!$lockNow) || (count($statusArray) == 1))) {
+		// Shall we un-/lock here or list for locking?
+		if ($lockNow) {
+			// Undelete entries
+			ADMIN_BUILD_STATUS_HANDLER("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
+		} else {
+			// List for editing
+			ADMIN_BUILD_LIST("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+		}
+	} // END - if
+}
 // Checks proxy settins by fetching check-updates3.php from www.mxchange.org
 function ADMIN_TEST_PROXY_SETTINGS ($settingsArray) {
 	global $_CONFIG;