X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=86de3a3778c29ecdcacbe632f61b7b4bd6cc7116;hb=a18efdcd57ba91893f0958a457b5c58639b135c3;hp=233ae66a786fb6530dadaed980532277b196a6e9;hpb=6febe3ed5ab75be7091a109ca78a916dfea454ed;p=mailer.git diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 233ae66a78..86de3a3778 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -1,7 +1,7 @@ $aid); - - // Is the cache valid? - if (isset($GLOBALS['cache_array']['admins']['password'][$aid])) { - // Get password from cache - $data['password'] = $GLOBALS['cache_array']['admins']['password'][$aid]; - $ret = "pass"; - incrementConfigEntry('cache_hits'); - - // Include more admins data? - if (GET_EXT_VERSION("admins") >= "0.7.0") { - // Load them here - $data['login_failures'] = $GLOBALS['cache_array']['admins']['login_failures'][$aid]; - $data['last_failure'] = $GLOBALS['cache_array']['admins']['last_failure'][$aid]; - } // END - if - } elseif (!EXT_IS_ACTIVE("cache")) { - // Add extra data via filter now - $ADD = RUN_FILTER('sql_admin_extra_data'); - - // Get password from DB - $result = SQL_QUERY_ESC("SELECT password".$ADD." FROM `{!_MYSQL_PREFIX!}_admins` WHERE id=%s LIMIT 1", - array($aid), __FILE__, __LINE__); - - // Entry found? - if (SQL_NUMROWS($result) == 1) { - // Login password found - $ret = "pass"; - - // Fetch data - $data = SQL_FETCHARRAY($result); - } // END - if - // Free result - SQL_FREERESULT($result); - } +// This function will be executed when the admin is not logged in and has submitted his login data +function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) { + // First of all, no admin login is found, so the admin hash is null + $ret = '404'; + $adminHash = NULL; - //* DEBUG: */ echo "*".$data['password']."/".md5($password)."/".$ret."
"; - if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) { - // Generate new hash - $data['password'] = generateHash($password); - - // Is the sql_patches not installed, than we cannot have a valid hashed password here! - if (($ret == "pass") && ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done"; - } elseif ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == "")) { - // Old hashing way - return $ret; - } elseif (!isset($data['password'])) { - // Password not found, so no valid login! - return $ret; - } + // Get admin id from login + $adminId = getAdminId($adminLogin); - // Generate salt of password - define('__SALT', substr($data['password'], 0, -40)); - $salt = __SALT; - - // Check if password is same - //* DEBUG: */ echo "*".$ret.",".$data['password'].",".$password.",".$salt."*
\n"; - if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) { - // Re-hash the plain passord with new random salt - $data['password'] = generateHash($password); - - // Do we have 0.7.0 of admins or later? - // Remmeber login failures if available - if (GET_EXT_VERSION("admins") >= "0.7.2") { - // Store it in session - set_session('mxchange_admin_failures', $data['login_failures']); - set_session('mxchange_admin_last_fail', $data['last_failure']); - - // Update password and reset login failures - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET password='%s',login_failures=0,last_failure='0000-00-00 00:00:00' WHERE id=%s LIMIT 1", - array($data['password'], $aid), __FILE__, __LINE__); - } else { - // Update password - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET password='%s' WHERE id=%s LIMIT 1", - array($data['password'], $aid), __FILE__, __LINE__); - } + // Continue only with found admin ids + if ($adminId > 0) { + // Then we need to lookup the login name by getting the admin hash + $adminHash = getAdminHash($adminId); - // Rebuild cache - REBUILD_CACHE("admins", "admin"); + // If this is fine, we can continue + if ($adminHash != '-1') { + // Get admin id and set it as current + setCurrentAdminId($adminId); - // Login has failed by default... ;-) - $ret = "failed"; + // Now, we need to encode the password in the same way the one is encoded in database + $testHash = generateHash($adminPassword, $adminHash); - // Password matches so login here - if (LOGIN_ADMIN($admin_login, $data['password'])) { - // All done now - $ret = "done"; - } // END - if - } elseif ((empty($salt)) && ($ret == "pass")) { - // Something bad went wrong - $ret = "failed"; - } elseif ($ret == "done") { - // Try to login here if we have the old hashing way (sql_patches not installed?) - if (!LOGIN_ADMIN($admin_login, $data['password'])) { - // Something went wrong - $ret = "failed"; + // If they both match, the login data is valid + if ($testHash == $adminHash) { + // All fine + $ret = 'done'; + } else { + // Did not match! + $ret = 'password'; + } } // END - if - } - - // Count login failure if admins extension version is 0.7.0+ - if (($ret == "pass") && (GET_EXT_VERSION("admins") >= "0.7.0")) { - // Update counter - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET login_failures=login_failures+1,last_failure=NOW() WHERE id=%s LIMIT 1", - array($aid), __FILE__, __LINE__); - - // Rebuild cache - REBUILD_CACHE("admins", "admin"); } // END - if - // Return the result - //* DEBUG: */ die("RETURN=".$ret); - return $ret; -} - -// Try to login the admin by setting some session/cookie variables -function LOGIN_ADMIN ($adminLogin, $passHash) { - // Reset failure counter on matching admins version - if ((GET_EXT_VERSION("admins") >= "0.7.0") && ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == ""))) { - // Reset counter on out-dated sql_patches version - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET login_failures=0,last_failure='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1", - array($adminLogin), __FILE__, __LINE__); + // Prepare data array + $data = array( + 'id' => $adminId, + 'login' => $adminLogin, + 'plain_pass' => $adminPassword, + 'pass_hash' => $adminHash + ); - // Rebuild cache - REBUILD_CACHE("admins", "admin"); - } // END - if + // Run a special filter + runFilterChain('do_admin_login_' . $ret, $data); - // Now set all session variables and return the result - return ( - ( - set_session('admin_md5', generatePassString($passHash)) - ) && ( - set_session('admin_login', $adminLogin) - ) && ( - set_session('admin_last', time()) - ) && ( - set_session('admin_to', bigintval(REQUEST_POST('timeout'))) - ) - ); + // Return status + return $ret; } // Only be executed on cookie checking -function CHECK_ADMIN_COOKIES ($admin_login, $password) { - // By default no admin cookies are found - $ret = "404"; $pass = ""; - - // Get hash - $pass = GET_ADMIN_HASH(GET_ADMIN_ID($admin_login)); - if ($pass != "-1") $ret = "pass"; - - //* DEBUG: */ print __FUNCTION__."(".__LINE__."):".generatePassString($pass)."(".strlen($pass).")/".$password."(".strlen($password).")
\n"; - - // Check if password matches - if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) { - // Passwords matches! - $ret = "done"; - } +function ifAdminCookiesAreValid ($adminLogin, $passHash) { + // First of all, no admin login is found + $ret = '404'; + + // Then we need to lookup the login name by getting the admin hash + $adminHash = getAdminHash($adminLogin); + + // If this is fine, we can continue + if ($adminHash != '-1') { + // Now, we need to encode the password in the same way the one is encoded in database + $testHash = encodeHashForCookie($adminHash); + //* DEBUG: */ debugOutput('adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash); + + // If they both match, the login data is valid + if ($testHash == $passHash) { + // All fine + $ret = 'done'; + } else { + // Set status + $ret = 'password'; + } + } // END - if - // Return result + // Return status + //* DEBUG: */ debugOutput('ret='.$ret); return $ret; } -// -function ADMIN_DO_ACTION($wht) { - global $DATA; - //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*
\n"; +// Do an admin action +function doAdminAction () { + // Get default what + $what = getWhat(); + + //* DEBUG: */ debugOutput(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*'); // Remove any spaces from variable - if (empty($wht)) { + if (empty($what)) { // Default admin action is the overview page - $wht = "overview"; + $what = 'overview'; } else { - // Compile out some chars - $wht = COMPILE_CODE($wht, false, false, false); + // Secure it + $what = secureString($what); } // Get action value - $act = GET_ACTION($GLOBALS['module'], $wht); - - // Define admin login name and ID number - define('__ADMIN_LOGIN', get_session('admin_login')); - define('__ADMIN_ID' , GET_CURRENT_ADMIN_ID()); + $action = getActionFromModuleWhat(getModule(), $what); - // Preload templates - if (EXT_IS_ACTIVE("admins")) { - define('__ADMIN_WELCOME', LOAD_TEMPLATE("admin_welcome_admins", true)); + // Load welcome template + if (isExtensionActive('admins')) { + // @TODO This and the next getCurrentAdminId() call might be moved into the templates? + $content['welcome'] = loadTemplate('admin_welcome_admins', true, getCurrentAdminId()); } else { - define('__ADMIN_WELCOME', LOAD_TEMPLATE("admin_welcome", true)); + $content['welcome'] = loadTemplate('admin_welcome', true, getCurrentAdminId()); } - define('__ADMIN_FOOTER' , LOAD_TEMPLATE("admin_footer" , true)); - define('__ADMIN_MENU' , ADD_ADMIN_MENU($act, $wht, true)); + + // Load header, footer, render menu + $content['header'] = loadTemplate('admin_header' , true, $content); + $content['footer'] = loadTemplate('admin_footer' , true, $content); + $content['menu'] = addAdminMenu($action, $what, true); // Tableset header - LOAD_TEMPLATE("admin_main_header"); + loadTemplate('admin_main_header', false, $content); // Check if action/what pair is valid - $result_action = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` -WHERE `action`='%s' AND ((what='%s' AND what != 'overview') OR ((what='' OR `what` IS NULL) AND '%s'='overview')) -LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); + $result_action = SQL_QUERY_ESC("SELECT + `id` +FROM + `{?_MYSQL_PREFIX?}_admin_menu` +WHERE + `action`='%s' AND + ( + ( + `what`='%s' AND `what` != 'overview' + ) OR ( + ( + `what`='' OR `what` IS NULL + ) AND ( + '%s'='overview' + ) + ) + ) +LIMIT 1", + array( + $action, + $what, + $what + ), __FUNCTION__, __LINE__); + + // Do we have an entry? if (SQL_NUMROWS($result_action) == 1) { - // Is valid but does the inlcude file exists? - $INC = sprintf("inc/modules/admin/action-%s.php", $act); - if ((INCLUDE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) { + $inc = sprintf("inc/modules/admin/action-%s.php", $action); + if ((isIncludeReadable($inc)) && (isMenuActionValid('admin', $action, $what)) && ($GLOBALS['acl_allow'] === true)) { // Ok, we finally load the admin action module - LOAD_INC($INC); - } elseif (__ACL_ALLOW == false) { + loadInclude($inc); + } elseif ($GLOBALS['acl_allow'] === false) { // Access denied - LOAD_TEMPLATE("admin_menu_failed", false, getMessage('ADMIN_ACCESS_DENIED')); - addFatalMessage(getMessage('ADMIN_ACCESS_DENIED')); + loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACCESS_DENIED=' . $what . '%}'); } else { - // Include file not found! :-( - LOAD_TEMPLATE("admin_menu_failed", false, sprintf(getMessage('ADMIN_ACTION_404'), $act)); - addFatalMessage(getMessage('ADMIN_ACTION_404'), $act); + // Include file not found :-( + loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_404=' . $action . '%}'); } } else { - // Invalid action/what pair found! - LOAD_TEMPLATE("admin_menu_failed", false, sprintf(getMessage('ADMIN_ACTION_INVALID'), $act."/".$wht)); - addFatalMessage(getMessage('ADMIN_ACTION_INVALID'), $act."/".$wht); + // Invalid action/what pair found + loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_INVALID=' . $action . '/' . $what . '%}'); } // Free memory SQL_FREERESULT($result_action); // Tableset footer - LOAD_TEMPLATE("admin_main_footer"); + loadTemplate('admin_main_footer', false, $content); } -// -function ADD_ADMIN_MENU($act, $wht, $return=false) { + +// Checks wether current admin is allowed to access given action/what combination +// (only one is allowed to be null!) +function isAdminAllowedAccessMenu ($action, $what = NULL) { + // Do we have cache? + if (!isset($GLOBALS[__FUNCTION__][$action][$what])) { + // ACL is always 'allow' when no ext-admins is installed + // @TODO This can be rewritten into a filter + $GLOBALS[__FUNCTION__][$action][$what] = ((!isExtensionInstalledAndNewer('admins', '0.2.0')) || (isAdminsAllowedByAcl($action, $what))); + } // END - if + + // Return the cached value + return $GLOBALS[__FUNCTION__][$action][$what]; +} + +// Adds an admin menu +function addAdminMenu ($action, $what, $return = false) { // Init variables $SUB = false; - $OUT = ""; + $OUT = ''; // Menu descriptions $GLOBALS['menu']['description'] = array(); $GLOBALS['menu']['title'] = array(); - // Is there a cache instance? - if ((isset($GLOBALS['cache_instance'])) && (is_object($GLOBALS['cache_instance'])) && (getConfig('cache_admin_menu') == "Y")) { - // Create cache name - $cacheName = "admin_".$act."_".$wht."_".GET_LANGUAGE()."_".strtolower(get_session('admin_login')); - - // Is that cache there? - if ($GLOBALS['cache_instance']->loadCacheFile($cacheName)) { - // Then load it - $data = $GLOBALS['cache_instance']->getArrayFromCache(); - - // Extract all parts - $OUT = base64_decode($data['output'][0]); - $GLOBALS['menu']['title'] = unserialize(base64_decode($data['title'][0])); - $GLOBALS['menu']['description'] = unserialize(base64_decode($data['descr'][0])); - - // Return or output content? - if ($return) { - return $OUT; - } else { - OUTPUT_HTML($OUT); - } - } // END - if - } // END - if - // Build main menu - $result_main = SQL_QUERY("SELECT action, title, descr FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) ORDER BY `sort`, id DESC", __FILE__, __LINE__); - if (SQL_NUMROWS($result_main) > 0) { - $OUT = " -\n"; + $result_main = SQL_QUERY("SELECT + `action`,`title`,`descr` +FROM + `{?_MYSQL_PREFIX?}_admin_menu` +WHERE + (`what`='' OR `what` IS NULL) +ORDER BY + `sort` ASC, + `id` DESC", __FUNCTION__, __LINE__); + + // Do we have entries? + if (!SQL_HASZERONUMS($result_main)) { + $OUT .= ' - -\n"; - $result_what = SQL_QUERY_ESC("SELECT what, title, descr FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ORDER BY `sort`, id DESC", - array($menu), __FILE__, __LINE__); - if ((SQL_NUMROWS($result_what) > 0) && ($act == $menu)) - { + + $OUT .= ' +'; + + // Check for menu entries + $result_what = SQL_QUERY_ESC("SELECT + `what`,`title`,`descr` +FROM + `{?_MYSQL_PREFIX?}_admin_menu` +WHERE + `action`='%s' AND + `what` != '' AND + `what` IS NOT NULL +ORDER BY + `sort` ASC, + `id` DESC", + array($menu), __FUNCTION__, __LINE__); + + // Remember the count for later checks + setAdminMenuHasEntries($menu, ((!SQL_HASZERONUMS($result_what)) && ($action == $menu))); + + // Do we have entries? + if ((ifAdminMenuHasEntries($menu)) && (!SQL_HASZERONUMS($result_what))) { $GLOBALS['menu']['description'] = array(); - $GLOBALS['menu']['title'] = array(); $SUB = true; - $OUT .= " - - -\n"; - } - $OUT .= "\n"; - } - } + $OUT .= ' +'; + } // END - if + } // END - if + } // END - while // Free memory SQL_FREERESULT($result_main); - $OUT .= "
 
-  · "; - if (($menu == $act) && (empty($wht))) - { - $OUT .= ""; - } - else - { - $OUT .= "["; - } + $OUT .= $title; - if (($menu == $act) && (empty($wht))) - { - $OUT .= ""; - } - else - { - $OUT .= "]"; + + if ($readable === true) { + if (($menu == $action) && (empty($what))) { + $OUT .= ''; + } else { + $OUT .= ']'; + } + } else { + $OUT .= ''; } - $OUT .= "
  - \n"; - while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) { + $GLOBALS['menu']['title'] = array(); + $SUB = true; + $OUT .= '
    • '; + // @TODO Rewrite this to $content = SQL_FETCHARRAY() + while (list($what_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) { // Filename - $INC = sprintf("%sinc/modules/admin/what-%s.php", constant('PATH'), $wht_sub); - if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) { - $ACL = ADMINS_CHECK_ACL("", $wht_sub); - } else { - // ACL is "allow"... hmmm - $ACL = true; - } - $readable = INCLUDE_READABLE($INC); - if ($ACL === true) { + $inc = sprintf("inc/modules/admin/what-%s.php", $what_sub); + + // Is the file readable? + $readable = isIncludeReadable($inc); + + // Is the current admin allowed to access this 'what' menu? + if (isAdminAllowedAccessMenu(null, $what_sub)) { // Insert compiled title and description - $GLOBALS['menu']['title'][$wht_sub] = $title_what; - $GLOBALS['menu']['description'][$wht_sub] = $desc_what; - $OUT .= "
    • - -\n"; - } - } + $OUT .= ' +'; + } // END - if + } // END - while // Free memory SQL_FREERESULT($result_what); - $OUT .= "
    -  --> "; - if ($readable === true) - { - if ($wht == $wht_sub) - { - $OUT .= ""; - } - else - { - $OUT .= "["; + $GLOBALS['menu']['title'][$what_sub] = $title_what; + $GLOBALS['menu']['description'][$what_sub] = $desc_what; + $OUT .= '
  • +
    --> '; + if ($readable === true) { + if ($what == $what_sub) { + $OUT .= ''; + } else { + $OUT .= '['; } + } else { + $OUT .= ''; } - else - { - $OUT .= ""; - } + $OUT .= $title_what; - if ($readable === true) - { - if ($wht == $wht_sub) - { - $OUT .= ""; - } - else - { - $OUT .= "]"; + + if ($readable === true) { + if ($what == $what_sub) { + $OUT .= ''; + } else { + $OUT .= ']'; } + } else { + $OUT .= ''; } - else - { - $OUT .= ""; - } - $OUT .= "
    • -
    \n"; + $OUT .= ''; + } // END - if + + // Is there a cache instance again? + // Return or output content? + if ($return === true) { + return $OUT; + } else { + outputHtml($OUT); } +} - // Compile and run the code here. This inserts all constants into the - // HTML output. Costs me some time to figure this out... *sigh* Quix0r - $eval = "\$OUT = \"".COMPILE_CODE(SQL_ESCAPE($OUT))."\";"; - eval($eval); +// Create an admin selection box form +function addAdminSelectionBox ($adminId = NULL, $special = '') { + // Default is email as "special column" + $ADD = ',`email` AS `special`'; - // Is there a cache instance again? - if ((isset($GLOBALS['cache_instance'])) && (is_object($GLOBALS['cache_instance'])) && (getConfig('cache_admin_menu') == "Y")) { - // Init cache - $GLOBALS['cache_instance']->init($cacheName); - - // Prepare cache data - $data = array( - 'output' => base64_encode($OUT), - 'title' => $GLOBALS['menu']['title'], - 'descr' => $GLOBALS['menu']['description'] - ); + // Is a special column given? + if (!empty($special)) { + // Additional column for SQL query + $ADD = ',`' . $special . '` AS `special`'; + } // END - if + + // Query all entries + $result = SQL_QUERY('SELECT + `id`,`login`' . $ADD . ' +FROM + `{?_MYSQL_PREFIX?}_admins` +ORDER BY + `login` ASC', __FUNCTION__, __LINE__); - // Write the data away - $GLOBALS['cache_instance']->addRow($data); + // Init output + $OUT = ''; - // Close cache - $GLOBALS['cache_instance']->finalize(); + // Load all entries + while ($content = SQL_FETCHARRAY($result)) { + // Add the entry + $OUT .= loadTemplate('select_admins_option', true, $content); } // END - if - // Return or output content? - if ($return) { - return $OUT; - } else { - OUTPUT_HTML($OUT); - } + // Free memory + SQL_FREERESULT($result); + + // Add form to content + $content['form_selection'] = $OUT; + + // Output form + loadTemplate('select_admins_box', false, $content); } -// -function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $none=false, $field="userid") -{ + +// Create a member selection box +function addMemberSelectionBox ($userid = NULL, $add_all = false, $return = false, $none = false, $field = 'userid') { // Output selection form with all confirmed user accounts listed - $result = SQL_QUERY("SELECT userid, surname, family FROM `{!_MYSQL_PREFIX!}_user_data` ORDER BY userid", __FILE__, __LINE__); - $OUT = ""; + $result = SQL_QUERY('SELECT + `userid`,`surname`,`family` +FROM + `{?_MYSQL_PREFIX?}_user_data` +ORDER BY + `userid` ASC', __FUNCTION__, __LINE__); + + // Default output + $OUT = ''; // USe this only for adding points (e.g. adding refs really makes no sence ;-) ) - if ($add_all) $OUT = " \n"; - elseif ($none) $OUT = " \n"; - while (list($id, $sname, $fname) = SQL_FETCHROW($result)) - { - $OUT .= " '; + } elseif ($none === true) { + $OUT = ' '; } + // Load all entries + while ($content = SQL_FETCHARRAY($result)) { + $OUT .= ''; + // Load all entries + while ($content = SQL_FETCHARRAY($result)) { + $OUT .= ''; // Walk through all files - while ($file = readdir($handle)) { + foreach ($menuArray as $file) { // Is this a PHP script? - if (($file != ".") && ($file != "..") && ($file != "lost+found") && (strpos($file, "".$type."-") > -1) && (strpos($file, ".php") > 0)) { + if ((!isDirectory($file)) && (isInString('' . $type . '-', $file)) && (isInString('.php', $file))) { // Then test if the file is readable - $test = sprintf("%sinc/modules/%s/%s", constant('PATH'), $menu, $file); + $test = sprintf("inc/modules/%s/%s", $menu, $file); // Is the file there? - if (FILE_READABLE($test)) { + if (isIncludeReadable($test)) { // Extract the value for what=xxx $part = substr($file, (strlen($type) + 1)); $part = substr($part, 0, -4); // Is that part different from the overview? - if ($part != "overview") { - $OUT .= " ".$title.""; + return '[' . $title . ']'; } // Check "logical-area-mode" -function ADMIN_CHECK_MENU_MODE () { - // Set the global mode as the mode for all admins - $MODE = getConfig('admin_menu'); - $ADMIN = $MODE; +function adminGetMenuMode () { + // Set the default menu mode as the mode for all admins + $mode = 'global'; + + // If sql_patches is up-to-date enough, use the configuration + if (isExtensionInstalledAndNewer('sql_patches', '0.3.2')) { + $mode = getAdminMenu(); + } // END - if + + // Backup it + $adminMode = $mode; // Get admin id - $aid = GET_CURRENT_ADMIN_ID(); + $adminId = getCurrentAdminId(); // Check individual settings of current admin - if (isset($GLOBALS['cache_array']['admins']['la_mode'][$aid])) { + if (isset($GLOBALS['cache_array']['admin']['la_mode'][$adminId])) { // Load from cache - $ADMIN = $GLOBALS['cache_array']['admins']['la_mode'][$aid]; - incrementConfigEntry('cache_hits'); - } elseif (GET_EXT_VERSION("admins") >= "0.6.7") { - // Load from database when version of "admins" is enough - $result = SQL_QUERY_ESC("SELECT la_mode FROM `{!_MYSQL_PREFIX!}_admins` WHERE id=%s LIMIT 1", - array($aid), __FILE__, __LINE__); + $adminMode = $GLOBALS['cache_array']['admin']['la_mode'][$adminId]; + incrementStatsEntry('cache_hits'); + } elseif (isExtensionInstalledAndNewer('admins', '0.6.7')) { + // Load from database when version of 'admins' is enough + $result = SQL_QUERY_ESC("SELECT `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", + array($adminId), __FUNCTION__, __LINE__); + + // Do we have an entry? if (SQL_NUMROWS($result) == 1) { // Load data - list($ADMIN) = SQL_FETCHROW($result); - } + list($adminMode) = SQL_FETCHROW($result); + } // END - if // Free memory SQL_FREERESULT($result); } - // Check what the admin wants and set it when it's not the global mode - if ($ADMIN != "global") $MODE = $ADMIN; + // Check what the admin wants and set it when it's not the default mode + if ($adminMode != 'global') { + $mode = $adminMode; + } // END - if // Return admin-menu's mode - return $MODE; + return $mode; } // Change activation status -function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { - $cnt = 0; $newStatus = "Y"; +function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') { + $count = '0'; if ((is_array($IDs)) && (count($IDs) > 0)) { // "Walk" all through and count them foreach ($IDs as $id => $selected) { - // Secure the ID number + // Secure the id number $id = bigintval($id); // Should always be set... ;-) if (!empty($selected)) { // Determine new status - $result = SQL_QUERY_ESC("SELECT %s FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", - array($row, $table, $idRow, $id), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT %s FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1", + array( + $row, + $table, + $idRow, + $id + ), __FUNCTION__, __LINE__); // Row found? if (SQL_NUMROWS($result) == 1) { @@ -756,14 +768,20 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { list($currStatus) = SQL_FETCHROW($result); // And switch it N<->Y - if ($currStatus == "Y") $newStatus = "N"; else $newStatus = "Y"; + $newStatus = convertBooleanToYesNo(!($currStatus == 'Y')); // Change this status - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_%s` SET %s='%s' WHERE %s=%s LIMIT 1", - array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s` SET %s='%s' WHERE %s=%s LIMIT 1", + array( + $table, + $row, + $newStatus, + $idRow, + $id + ), __FUNCTION__, __LINE__); // Count up affected rows - $cnt += SQL_AFFECTEDROWS(); + $count += SQL_AFFECTEDROWS(); } // END - if // Free the result @@ -772,15 +790,24 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { } // END - foreach // Output status - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_STATUS_CHANGED_1.$cnt.ADMIN_STATUS_CHANGED_2.count($IDs).ADMIN_STATUS_CHANGED_3); + displayMessage(sprintf(getMessage('ADMIN_STATUS_CHANGED'), $count, count($IDs))); } else { // Nothing selected! - LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_NOTHING_SELECTED_CHANGE')); + displayMessage('{--ADMIN_NOTHING_SELECTED_CHANGE--}'); } } // Send mails for del/edit/lock build modes -function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="") { +function sendAdminBuildMails ($mode, $tableName, $content, $id, $subjectPart = '', $userIdColumn = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'tableName[]=' . gettype($tableName) . '!=array'); + } elseif ((!is_array($userIdColumn)) || (count($userIdColumn) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } // END - if + // Default subject is the subject part $subject = $subjectPart; @@ -791,43 +818,54 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="") } // END - if // Is the raw userid set? - if (REQUEST_POST('uid_raw', $id) > 0) { - // Generate subject - $subjectLine = constant('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT'); - + if (postRequestElement($userIdColumn[0], $id) > 0) { // Load email template if (!empty($subjectPart)) { - $mail = LOAD_EMAIL_TEMPLATE("member_".$mode."_".strtolower($subjectPart)."_".$table, $content); + $mail = loadEmailTemplate('member_' . $mode . '_' . strtolower($subjectPart) . '_' . $tableName[0], $content); } else { - $mail = LOAD_EMAIL_TEMPLATE("member_".$mode."_".$table, $content); + $mail = loadEmailTemplate('member_' . $mode . '_' . $tableName[0], $content); } // Send email out - SEND_EMAIL(REQUEST_POST('uid_raw', $id), $subjectLine, $mail); + sendEmail(postRequestElement($userIdColumn[0], $id), strtoupper('{--MEMBER_' . $subject . '_' . $tableName[0] . '_SUBJECT--}'), $mail); } // END - if // Generate subject - $subjectLine = constant('ADMIN_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT'); + $subject = strtoupper('{--ADMIN_' . $subject . '_' . $tableName[0] . '_SUBJECT--}'); // Send admin notification out if (!empty($subjectPart)) { - SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, REQUEST_POST('uid_raw', $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $tableName[0], $content, postRequestElement($userIdColumn[0], $id)); } else { - SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, REQUEST_POST('uid_raw', $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . $tableName[0], $content, postRequestElement($userIdColumn[0], $id)); } } // Build a special template list -function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn) { - $OUT = ""; $SW = 2; +function adminListBuilder ($listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId = array('userid')) { + // $tableName and $idColumn must bove be arrays! + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif ((!is_array($userIdColumn)) || (count($userIdColumn) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } + + // Init row output + $OUT = ''; // "Walk" through all entries - foreach ($IDs as $id => $selected) { - // Secure ID number + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'listType=
    '.print_r($listType,true).'
    ,tableName
    '.print_r($tableName,true).'
    ,columns=
    '.print_r($columns,true).'
    ,filterFunctions=
    '.print_r($filterFunctions,true).'
    ,extraValues=
    '.print_r($extraValues,true).'
    ,idColumn=
    '.print_r($idColumn,true).'
    ,userIdColumn=
    '.print_r($userIdColumn,true).'
    ,rawUserId=
    '.print_r($rawUserId,true).'
    '); + foreach (postRequestElement($idColumn[0]) as $id => $selected) { + // Secure id number $id = bigintval($id); // Get result from a given column array and table name - $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id, __FILE__, __LINE__); + $result = SQL_RESULT_FROM_ARRAY($tableName[0], $columns, $idColumn[0], $id, __FUNCTION__, __LINE__); // Is there one entry? if (SQL_NUMROWS($result) == 1) { @@ -837,30 +875,57 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions, // Filter all data foreach ($content as $key => $value) { // Search index - $idx = array_search($key, $columns, true); + $idx = searchXmlArray($key, $columns, 'column'); + + // Skip any missing entries + if ($idx === false) { + // Skip this one + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'key=' . $key . ' - SKIPPED!'); + continue; + } // END - if // Do we have a userid? - if ($key == "userid") { + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',userIdColumn=' . $userIdColumn[0]); + if ($key == $userIdColumn[0]) { // Add it again as raw id - $content['uid'] = bigintval($value); + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'key=' . $key . ',userIdColumn=' . $userIdColumn[0]); + $content[$userIdColumn[0]] = makeZeroToNull($value); + $content[$userIdColumn[0] . '_raw'] = $content[$userIdColumn[0]]; } // END - if - // Handle the call in external function - $content[$key] = HANDLE_EXTRA_VALUES($filterFunctions[$idx], $value, $extraValues[$idx]); - } // END - foreach + // If the key matches the idColumn variable, we need to temporary remember it + //* DEBUG: */ debugOutput('key=' . $key . ',idColumn=' . $idColumn[0] . ',value=' . $value); + if ($key == $idColumn[0]) { + // Found, so remember it + $GLOBALS['admin_list_builder_id_value'] = $value; + } // END - if - // Add color switching - $content['sw'] = $SW; + // Do we have a call-back function and extra-value pair? + if ((isset($filterFunctions[$idx])) && (isset($extraValues[$idx]))) { + // Handle the call in external function + //* DEBUG: */ debugOutput('key=' . $key . ',fucntion=' . $filterFunctions[$idx] . ',value=' . $value); + $content[$key] = handleExtraValues( + $filterFunctions[$idx], + $value, + $extraValues[$idx] + ); + } elseif ((isset($columns[$idx]['name'])) && (isset($filterFunctions[$columns[$idx]['name']])) && (isset($extraValues[$columns[$idx]['name']]))) { + // Handle the call in external function + //* DEBUG: */ debugOutput('key=' . $key . ',fucntion=' . $filterFunctions[$columns[$idx]['name']] . ',value=' . $value); + $content[$key] = handleExtraValues( + $filterFunctions[$columns[$idx]['name']], + $value, + $extraValues[$columns[$idx]['name']] + ); + } + } // END - foreach // Then list it - $OUT .= LOAD_TEMPLATE(sprintf("admin_%s_%s_row", - $listType, - $table + $OUT .= loadTemplate(sprintf("admin_%s_%s_row", + $listType, + $tableName[0] ), true, $content ); - - // Switch color - $SW = 3 - $SW; } // END - if // Free the result @@ -868,27 +933,41 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions, } // END - foreach // Load master template - LOAD_TEMPLATE(sprintf("admin_%s_%s", - $listType, - $table + loadTemplate(sprintf("admin_%s_%s", + $listType, + $tableName[0] ), false, $OUT ); } // Change status of "build" list -function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray) { +function adminBuilderStatusHandler ($mode, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray, $rawUserId = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif ((!is_array($userIdColumn)) || (count($userIdColumn) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) { // "Walk" through all entries - foreach ($IDs as $id => $sel) { + foreach (postRequestElement($idColumn[0]) as $id => $sel) { // Construct SQL query - $SQL = sprintf("UPDATE `{!_MYSQL_PREFIX!}_%s` SET", - SQL_ESCAPE($table) - ); + $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", SQL_ESCAPE($tableName[0])); // Load data of entry - $result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", - array($table, $idColumn, $id), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", + array( + $tableName[0], + $idColumn[0], + $id + ), __FUNCTION__, __LINE__); // Fetch the data $content = SQL_FETCHARRAY($result); @@ -897,17 +976,17 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct SQL_FREERESULT($result); // Add all status entries (e.g. status column last_updated or so) - $newStatus = "UNKNOWN"; - $oldStatus = "UNKNOWN"; - $statusColumn = "unknown"; + $newStatus = 'UNKNOWN'; + $oldStatus = 'UNKNOWN'; + $statusColumn = 'unknown'; foreach ($statusArray as $column => $statusInfo) { // Does the entry exist? if ((isset($content[$column])) && (isset($statusInfo[$content[$column]]))) { // Add these entries for update - $SQL .= sprintf(" %s='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]])); + $sql .= sprintf(" `%s`='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]])); // Remember status - if ($statusColumn == "unknown") { + if ($statusColumn == 'unknown') { // Always (!!!) change status column first! $oldStatus = $content[$column]; $newStatus = $statusInfo[$oldStatus]; @@ -915,68 +994,93 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct } // END - if } elseif (isset($content[$column])) { // Unfinished! - mxchange_die("{--".__FUNCTION__."--}:".__LINE__.":UNFINISHED: id={$id}/{$column}[".gettype($statusInfo)."] = {$content[$column]}"); + debug_report_bug(__FUNCTION__, __LINE__, ':UNFINISHED: id=' . $id . ',column=' . $column . '[' . gettype($statusInfo) . '] = ' . $content[$column]); } } // END - foreach // Add other columns as well - foreach (REQUEST_POST_ARRAY() as $key => $entries) { + foreach (postRequestArray() as $key => $entries) { + // Debug message + logDebugMessage(__FUNCTION__, __LINE__, 'Found entry: ' . $key); + // Skip id, raw userid and 'do_$mode' - if (!in_array($key, array($idColumn, 'uid_raw', ('do_'.$mode)))) { + if (!in_array($key, array($idColumn[0], $rawUserId[0], ('do_' . $mode)))) { // Are there brackets () at the end? - if (substr($entries[$id], -2, 2) == "()") { + if (substr($entries[$id], -2, 2) == '()') { // Direct SQL command found - $SQL .= sprintf(" %s=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); + $sql .= sprintf(" `%s`=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); } else { // Add regular entry - $SQL .= sprintf(" %s='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); + $sql .= sprintf(" `%s`='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); // Add entry $content[$key] = $entries[$id]; } - } // END - if + } else { + // Skipped entry + logDebugMessage(__FUNCTION__, __LINE__, 'Skipped: ' . $key); + } } // END - foreach // Finish SQL statement - $SQL = substr($SQL, 0, -1) . sprintf(" WHERE %s=%s AND %s='%s' LIMIT 1", - $idColumn, + $sql = substr($sql, 0, -1) . sprintf(" WHERE `%s`=%s AND `%s`='%s' LIMIT 1", + $idColumn[0], bigintval($id), $statusColumn, $oldStatus ); // Run the SQL - SQL_QUERY($SQL, __FILE__, __LINE__); + SQL_QUERY($sql, __FUNCTION__, __LINE__); // Do we have an URL? if (isset($content['url'])) { // Then add a framekiller test as well - $content['frametester'] = FRAMETESTER($content['url']); + $content['frametester'] = generateFrametesterUrl($content['url']); } // END - if // Send "build mails" out - ADMIN_SEND_BUILD_MAILS($mode, $table, $content, $id, $statusInfo[$content[$column]]); + sendAdminBuildMails($mode, $tableName, $content, $id, $statusInfo[$content[$column]], $userIdColumn); } // END - foreach } // END - if } -// Delete rows by given ID numbers -function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $deleteNow=false, $idColumn="id", $userIdColumn="userid") { +// Delete rows by given id numbers +function adminDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($userIdColumn)) { + // $userIdColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } elseif (!is_array($deleteNow)) { + // $deleteNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'deleteNow[]=' . gettype($deleteNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { // Shall we delete here or list for deletion? - if ($deleteNow) { + if ($deleteNow[0] === true) { // The base SQL command: - $SQL = "DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s IN (%s)"; + $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s` IN (%s)"; // Delete them all - $idList = ""; - foreach ($IDs as $id => $sel) { + $idList = ''; + foreach (postRequestElement($idColumn[0]) as $id => $sel) { // Is there a userid? - if (REQUEST_ISSET_POST(('uid_raw', $id))) { + if (isPostRequestElementSet($rawUserId[0], $id)) { // Load all data from that id - $result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", - array($table, $idColumn, $id), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", + array( + $tableName[0], + $idColumn[0], + $id + ), __FUNCTION__, __LINE__); // Fetch the data $content = SQL_FETCHARRAY($result); @@ -985,182 +1089,382 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu SQL_FREERESULT($result); // Send "build mails" out - ADMIN_SEND_BUILD_MAILS("del", $table, $content, $id); + sendAdminBuildMails('delete', $tableName, $content, $id, '', $userIdColumn); } // END - if // Add id number - $idList .= $id.","; + $idList .= $id . ','; } // END - foreach // Run the query - SQL_QUERY($SQL, array($table, $idColumn, substr($idList, 0, -1)), __FILE__, __LINE__); + SQL_QUERY_ESC($sql, array($tableName[0], $idColumn[0], substr($idList, 0, -1)), __FUNCTION__, __LINE__); // Was this fine? - if (SQL_AFFECTEDROWS() == count($IDs)) { + if (SQL_AFFECTEDROWS() == count(postRequestElement($idColumn[0]))) { // All deleted - LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ALL_ENTRIES_REMOVED')); + displayMessage('{--ADMIN_ALL_ENTRIES_REMOVED--}'); } else { // Some are still there :( - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(ADMIN_SOME_ENTRIES_NOT_DELETED, SQL_AFFECTEDROWS(), count($IDs))); + displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_DELETED'), SQL_AFFECTEDROWS(), count(postRequestElement($idColumn[0])))); } } else { // List for deletion confirmation - ADMIN_BUILD_LIST("del", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('delete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } -// Edit rows by given ID numbers -function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $editNow=false, $idColumn="id", $userIdColumn="userid") { +// Edit rows by given id numbers +function adminEditEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $editNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($userIdColumn)) { + // $userIdColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } elseif (!is_array($editNow)) { + // $editNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'editNow[]=' . gettype($editNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'idColumn=
    '.print_r($idColumn,true).'
    ,tableName
    '.print_r($tableName,true).'
    ,columns=
    '.print_r($columns,true).'
    ,filterFunctions=
    '.print_r($filterFunctions,true).'
    ,extraValues=
    '.print_r($extraValues,true).'
    ,editNow=
    '.print_r($editNow,true).'
    ,userIdColumn=
    '.print_r($userIdColumn,true).'
    ,rawUserId=
    '.print_r($rawUserId,true).'
    '); + //if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + if (true) { // Shall we change here or list for editing? - if ($editNow) { + if ($editNow[0] === true) { // Change them all - $affected = 0; - foreach ($IDs as $id => $sel) { + $affected = '0'; + foreach (postRequestElement($idColumn[0]) as $id => $sel) { // Prepare content array (new values) $content = array(); // Prepare SQL for this row - $SQL = sprintf("UPDATE `{!_MYSQL_PREFIX!}_ SET", - SQL_ESCAPE($table) + $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", + SQL_ESCAPE($tableName[0]) ); - foreach (REQUEST_POST_ARRAY() as $key => $entries) { + foreach (postRequestArray() as $key => $entries) { // Skip raw userid which is always invalid - if ($key == "uid_raw") { + if ($key == $rawUserId[0]) { // Continue with next field continue; } // END - if // Is entries an array? - if (($key != $idColumn) && (is_array($entries)) && (isset($entries[$id]))) { + if (($key != $idColumn[0]) && (is_array($entries)) && (isset($entries[$id]))) { // Add this entry to content $content[$key] = $entries[$id]; // Send data through the filter function if found if ((isset($filterFunctions[$key])) && (isset($extraValues[$key]))) { // Filter function set! - $entries[$id] = HANDLE_EXTRA_VALUES($filterFunctions[$key], $entries[$id], $extraValues[$key]); + $entries[$id] = handleExtraValues($filterFunctions[$key], $entries[$id], $extraValues[$key]); } // END - if // Then add this value - $SQL .= sprintf(" %s='%s',", + $sql .= sprintf(" `%s`='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]) ); - } elseif (($key != $idColumn) && (!is_array($entries))) { + } elseif (($key != $idColumn[0]) && (!is_array($entries))) { // Add normal entries as well! $content[$key] = $entries; } // Do we have an URL? - if ($key == "url") { + if ($key == 'url') { // Then add a framekiller test as well - $content['frametester'] = FRAMETESTER($content[$key]); + $content['frametester'] = generateFrametesterUrl($content[$key]); } // END - if } // END - foreach // Finish SQL command - $SQL = substr($SQL, 0, -1) . " WHERE ".$idColumn."=".bigintval($id)." LIMIT 1"; + $sql = substr($sql, 0, -1) . " WHERE `" . $idColumn[0] . "`=" . bigintval($id) . " LIMIT 1"; // Run this query - SQL_QUERY($SQL, __FILE__, __LINE__); + SQL_QUERY($sql, __FUNCTION__, __LINE__); // Add affected rows $affected += SQL_AFFECTEDROWS(); // Load all data from that id - $result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", - array($table, $idColumn, $id), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", + array( + $tableName[0], + $idColumn[0], + $id + ), __FUNCTION__, __LINE__); - // Fetch the data - global $DATA; - $DATA = SQL_FETCHARRAY($result); + // Fetch the data and merge it into $content + $content = merge_array($content, SQL_FETCHARRAY($result)); // Free the result SQL_FREERESULT($result); // Send "build mails" out - ADMIN_SEND_BUILD_MAILS("edit", $table, $content, $id); + sendAdminBuildMails('edit', $tableName, $content, $id, '', $userIdColumn); } // END - foreach // Was this fine? - if ($affected == count($IDs)) { + if ($affected == count(postRequestElement($idColumn[0]))) { // All deleted - LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ALL_ENTRIES_EDITED')); + displayMessage('{--ADMIN_ALL_ENTRIES_EDITED--}'); } else { // Some are still there :( - LOAD_TEMPLATE("admin_settings_saved", false, sprintf(ADMIN_SOME_ENTRIES_NOT_EDITED, $affected, count($IDs))); + displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_EDITED'), $affected, count(postRequestElement($idColumn[0])))); } } else { // List for editing - ADMIN_BUILD_LIST("edit", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('edit', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } - } // END - if + } else { + // Maybe some invalid parameters + debug_report_bug(__FUNCTION__, __LINE__, 'tableName=' . $tableName[0] . ',columns[]=' . gettype($columns) . ',filterFunctions[]=' . gettype($filterFunctions) . ',extraValues[]=' . gettype($extraValues) . ',idColumn=' . $idColumn[0] . ',userIdColumn=' . $userIdColumn[0] . ' - INVALID!'); + } } -// Un-/lock rows by given ID numbers -function ADMIN_LOCK_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $lockNow=false, $idColumn="id", $userIdColumn="userid") { +// Un-/lock rows by given id numbers +function adminLockEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $statusArray = array(), $lockNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($lockNow)) { + // $lockNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'lockNow[]=' . gettype($lockNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && ((!$lockNow) || (count($statusArray) == 1))) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($lockNow[0] === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? - if ($lockNow) { + if ($lockNow[0] === true) { // Un-/lock entries - ADMIN_BUILD_STATUS_HANDLER("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('lock', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - ADMIN_BUILD_LIST("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('lock', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } -// Undelete rows by given ID numbers -function ADMIN_UNDELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $lockNow=false, $idColumn="id", $userIdColumn="userid") { +// Undelete rows by given id numbers +function adminUndeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $statusArray = array(), $undeleteNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($undeleteNow)) { + // $undeleteNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'undeleteNow[]=' . gettype($undeleteNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && ((!$lockNow) || (count($statusArray) == 1))) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($undeleteNow[0] === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? - if ($lockNow) { + if ($undeleteNow[0] === true) { // Undelete entries - ADMIN_BUILD_STATUS_HANDLER("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('undelete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - ADMIN_BUILD_LIST("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('undelete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + } + } // END - if +} + +// Adds a given entry to the database +function adminAddEntries ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array()) { + //* DEBUG: */ die('columns=
    '.print_r($columns,true).'
    ,filterFunctions=
    '.print_r($filterFunctions,true).'
    ,extraValues=
    '.print_r($extraValues,true).'
    ,POST=
    '.print_r($_POST,true).'
    '); + // Verify that tableName and columns are not empty + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (count($columns) == 0) { + // No columns specified + debug_report_bug(__FUNCTION__, __LINE__, 'columns is not given. Please fix your XML.'); + } + + // Init columns and value elements + $sqlColumns = array(); + $sqlValues = array(); + + // Add columns and values + foreach ($columns as $key=>$columnName) { + // Copy entry to final arrays + $sqlColumns[$key] = $columnName; + $sqlValues[$key] = postRequestElement($columnName); + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key='.$key.',columnName='.$columnName.',filterFunctions='.$filterFunctions[$key].',extraValues='.intval(isset($extraValues[$key])).',extraValuesName='.intval(isset($extraValues[$columnName . '_list'])).'
    '); + + // Send data through the filter function if found + if ((isset($filterFunctions[$key])) && (isset($extraValues[$key . '_list']))) { + // Filter function set! + $sqlValues[$key] = call_user_func_array($filterFunctions[$key], merge_array(array($columnName), $extraValues[$key . '_list'])); + } // END - if + } // END - foreach + + // Build the SQL query + $SQL = 'INSERT INTO `{?_MYSQL_PREFIX?}_' . $tableName[0] . '` (`' . implode('`,`', $sqlColumns) . "`) VALUES ('" . implode("','", $sqlValues) . "')"; + + // Run the SQL query + SQL_QUERY($SQL, __FUNCTION__, __LINE__); + + // Entry has been added? + if (!SQL_HASZEROAFFECTED()) { + // Display success message + displayMessage('{--ADMIN_ENTRY_ADDED--}'); + } else { + // Display failed message + displayMessage('{--ADMIN_ENTRY_NOT_ADDED--}'); + } +} + +// List all given rows (callback function from XML) +function adminListEntries ($tableTemplate, $rowTemplate, $noEntryMessageId, $tableName, $columns, $whereColumns, $orderByColumns, $callbackColumns, $extraParameters = array()) { + // Verify that tableName and columns are not empty + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array,tableTemplate=' . $tableTemplate . ',rowTemplate=' . $rowTemplate); + } elseif (count($columns) == 0) { + // No columns specified + debug_report_bug(__FUNCTION__, __LINE__, 'columns is not given. Please fix your XML,tableTemplate=' . $tableTemplate . ',rowTemplate=' . $rowTemplate . ',tableName[0]=' . $tableName[0]); + } + + // This is the minimum query, so at least columns and tableName must have entries + $SQL = 'SELECT '; + + // Get the sql part back from given array + $SQL .= getSqlPartFromXmlArray($columns); + + // Remove last commata and add FROM statement + $SQL .= ' FROM `{?_MYSQL_PREFIX?}_' . $tableName[0] . '`'; + + // Do we have entries from whereColumns to add? + if (count($whereColumns) > 0) { + // Then add these as well + if (count($whereColumns) == 1) { + // One entry found + $SQL .= ' WHERE '; + + // Table/alias included? + if (!empty($whereColumns[0]['table'])) { + // Add it as well + $SQL .= $whereColumns[0]['table'] . '.'; + } // END - if + + // Add the rest + $SQL .= '`' . $whereColumns[0]['column'] . '`' . $whereColumns[0]['condition'] . "'" . $whereColumns[0]['look_for'] . "'"; + } else { + // More than one entry -> Unsupported + debug_report_bug(__FUNCTION__, __LINE__, 'More than one WHERE statement found. This is currently not supported.'); } } // END - if + + // Do we have entries from orderByColumns to add? + if (count($orderByColumns) > 0) { + // Add them as well + $SQL .= ' ORDER BY '; + foreach ($orderByColumns as $orderByColumn=>$array) { + // Get keys (table/alias) and values (sorting itself) + $table = trim(implode('', array_keys($array))); + $sorting = trim(implode('', array_keys($array))); + + // table/alias can be omitted + if (!empty($table)) { + // table/alias is given + $SQL .= $table . '.'; + } // END - if + + // Add order-by column + $SQL .= '`' . $orderByColumn . '` ' . $sorting . ','; + } // END - foreach + + // Remove last column + $SQL = substr($SQL, 0, -1); + } // END - if + + // Now handle all over to the inner function which will execute the listing + doAdminListEntries($SQL, $tableTemplate, $noEntryMessageId, $rowTemplate, $callbackColumns, $extraParameters); +} + +// Do the listing of entries +function doAdminListEntries ($SQL, $tableTemplate, $noEntryMessageId, $rowTemplate, $callbackColumns, $extraParameters = array()) { + // Run the SQL query + $result = SQL_QUERY($SQL, __FUNCTION__, __LINE__); + + // Do we have some URLs left? + if (!SQL_HASZERONUMS($result)) { + // List all URLs + $OUT = ''; + while ($content = SQL_FETCHARRAY($result)) { + // "Translate" content + foreach ($callbackColumns as $columnName=>$callbackFunction) { + // Fill the callback arguments + $args = array($content[$columnName]); + + // Do we have more to add? + if (isset($extraParameters[$columnName])) { + // Add them as well + $args = merge_array($args, $extraParameters[$columnName]); + } // END - if + + // Call the callback-function + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'callbackFunction=' . $callbackFunction . ',args=
    '.print_r($args, true).'
    '); + // @TODO If we can rewrite the EL sub-system to support more than one parameter, this call_user_func_array() can be avoided + $content[$columnName] = call_user_func_array($callbackFunction, $args); + } // END - foreach + + // Load row template + $OUT .= loadTemplate(trim($rowTemplate[0]), true, $content); + } // END - while + + // Load main template + loadTemplate(trim($tableTemplate[0]), false, $OUT); + } else { + // No URLs in surfbar + displayMessage('{--' .$noEntryMessageId[0] . '--}'); + } + + // Free result + SQL_FREERESULT($result); } -// Checks proxy settins by fetching check-updates3.php from www.mxchange.org -function ADMIN_TEST_PROXY_SETTINGS ($settingsArray) { +// Checks proxy settins by fetching check-updates3.php from mxchange.org +function adminTestProxySettings ($settingsArray) { // Set temporary the new settings mergeConfig($settingsArray); // Now get the test URL - $content = GET_URL("check-updates3.php"); + $content = sendGetRequest('check-updates3.php'); // Is the first line with "200 OK"? - $valid = eregi("200 OK", $content[0]); + $valid = isInString('200 OK', $content[0]); // Return result return $valid; } // Sends out a link to the given email adress so the admin can reset his/her password -function ADMIN_SEND_PASSWORD_RESET_LINK ($email) { +function sendAdminPasswordResetLink ($email) { // Init output - $OUT = ""; - - // Compile out security characters (must be for looking up!) - $email = COMPILE_CODE($email); + $OUT = ''; // Look up administator login - $result = SQL_QUERY_ESC("SELECT id, login, password FROM `{!_MYSQL_PREFIX!}_admins` WHERE email='%s' LIMIT 1", - array($email), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT `id`,`login`,`password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE '%s' REGEXP `email` LIMIT 1", + array($email), __FUNCTION__, __LINE__); // Is there an account? - if (SQL_NUMROWS($result) == 0) { - // No account found! - return getMessage('ADMIN_NO_LOGIN_WITH_EMAIL'); + if (SQL_HASZERONUMS($result)) { + // No account found + return '{--ADMIN_NO_LOGIN_WITH_EMAIL--}'; } // END - if // Load all data @@ -1170,33 +1474,30 @@ function ADMIN_SEND_PASSWORD_RESET_LINK ($email) { SQL_FREERESULT($result); // Generate hash for reset link - $content['hash'] = generateHash(URL.":".$content['id'].":".$content['login'].":".$content['password'], substr($content['password'], 10)); + $content['hash'] = generateHash(getUrl() . getEncryptSeparator() . $content['id'] . getEncryptSeparator() . $content['login'] . getEncryptSeparator() . $content['password'], substr($content['password'], getSaltLength())); // Remove some data unset($content['id']); unset($content['password']); // Prepare email - $mailText = LOAD_EMAIL_TEMPLATE("admin_reset_password", $content); + $mailText = loadEmailTemplate('admin_reset_password', $content); // Send it out - SEND_EMAIL($email, getMessage('ADMIN_RESET_PASS_LINK_SUBJ'), $mailText); + sendEmail($email, '{--ADMIN_RESET_PASSWORD_LINK_SUBJECT--}', $mailText); // Prepare output - return getMessage('ADMIN_RESET_LINK_SENT'); + return '{--ADMIN_RESET_PASSWORD_LINK_SENT--}'; } // Validate hash and login for password reset -function ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN ($hash, $login) { +function adminResetValidateHashLogin ($hash, $login) { // By default nothing validates... ;) $valid = false; - // Compile the login for lookup - $login = COMPILE_CODE($login); - // Then try to find that user - $result = SQL_QUERY_ESC("SELECT id, password, email FROM `{!_MYSQL_PREFIX!}_admins` WHERE login='%s' LIMIT 1", - array($login), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT `id`,`password`,`email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", + array($login), __FUNCTION__, __LINE__); // Is an account here? if (SQL_NUMROWS($result) == 1) { @@ -1204,7 +1505,7 @@ function ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN ($hash, $login) { $content = SQL_FETCHARRAY($result); // Generate hash again - $hashFromData = generateHash(URL.":".$content['id'].":".$login.":".$content['password'], substr($content['password'], 10)); + $hashFromData = generateHash(getUrl() . getEncryptSeparator() . $content['id'] . getEncryptSeparator() . $login . getEncryptSeparator() . $content['password'], substr($content['password'], getSaltLength())); // Does both match? $valid = ($hash == $hashFromData); @@ -1216,45 +1517,390 @@ function ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN ($hash, $login) { // Return result return $valid; } + // Reset the password for the login. Do NOT call this function without calling above function first! -function ADMIN_RESET_PASSWORD ($login, $password) { - // Init hash - $passHash = ""; - - // Now check if we have sql_patches installed - if (GET_EXT_VERSION("sql_patches") >= "0.3.6") { - // Use new way of hashing - $passHash = generateHash($password); - } else { - // Old MD5 method - $passHash = md5($password); - } +function doResetAdminPassword ($login, $password) { + // Generate hash (we already check for sql_patches in generateHash()) + $passHash = generateHash($password); + + // Prepare fake POST data + $postData = array( + 'login' => array(getAdminId($login) => $login), + 'password' => array(getAdminId($login) => $passHash), + ); // Update database - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET password='%s' WHERE login='%s' LIMIT 1", - array($passHash, $login), __FILE__, __LINE__); + $message = adminsChangeAdminAccount($postData, '', false); // Run filters - RUN_FILTER('post_admin_reset_pass', array('login' => $login, 'hash' => $passHash)); + runFilterChain('post_form_reset_pass', array('login' => $login, 'hash' => $passHash, 'message' => $message)); // Return output - return ADMIN_PASSWORD_RESET_DONE; + return '{--ADMIN_PASSWORD_RESET_DONE--}'; } + // Solves a task by given id number -function ADMIN_SOLVE_TASK ($id) { +function adminSolveTask ($id) { // Update the task data - ADMIN_UPDATE_TASK_DATA($id, "status", "SOLVED"); + adminUpdateTaskData($id, 'status', 'SOLVED'); } + // Marks a given task as deleted -function ADMIN_DELETE_TASK ($id) { +function adminDeleteTask ($id) { // Update the task data - ADMIN_UPDATE_TASK_DATA($id, "status", "DELETED"); + adminUpdateTaskData($id, 'status', 'DELETED'); } + // Function to update task data -function ADMIN_UPDATE_TASK_DATA ($id, $row, $data) { +function adminUpdateTaskData ($id, $row, $data) { + // Should be admin and valid id + if (!isAdmin()) { + // Not an admin so redirect better + debug_report_bug(__FUNCTION__, __LINE__, 'id=' . $id . ',row=' . $row . ',data=' . $data . ' - isAdmin()=false'); + } elseif ($id <= 0) { + // Initiate backtrace + debug_report_bug(__FUNCTION__, __LINE__, sprintf("id is invalid: %s. row=%s, data=%s", + $id, + $row, + $data + )); + } // END - if + // Update the task - SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_task_system` SET %s='%s' WHERE id=%s LIMIT 1", - array($row, $data, bigintval($id)), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_task_system` SET `%s`='%s' WHERE `id`=%s LIMIT 1", + array( + $row, + $data, + bigintval($id) + ), __FUNCTION__, __LINE__); +} + +// Checks wether if the admin menu has entries +function ifAdminMenuHasEntries ($action) { + return ( + (( + // Is the entry set? + isset($GLOBALS['admin_menu_has_entries'][$action]) + ) && ( + // And do we have a menu for this action? + $GLOBALS['admin_menu_has_entries'][$action] === true + )) || ( + // Login has always a menu + $action == 'login' + ) + ); } + +// Setter for 'admin_menu_has_entries' +function setAdminMenuHasEntries ($action, $hasEntries) { + $GLOBALS['admin_menu_has_entries'][$action] = (bool) $hasEntries; +} + +// Creates a link to the user's admin-profile +function adminCreateUserLink ($userid) { + // Is the userid set correctly? + if (isValidUserId($userid)) { + // Create a link to that profile + return '{%url=modules.php?module=admin&what=list_user&userid=' . bigintval($userid) . '%}'; + } // END - if + + // Return a link to the user list + return '{%url=modules.php?module=admin&what=list_user%}'; +} + +// Generate a "link" for the given admin id (admin_id) +function generateAdminLink ($adminId) { + // No assigned admin is default + $adminLink = '{--ADMIN_NO_ADMIN_ASSIGNED--}'; + + // Zero? = Not assigned + if (bigintval($adminId) > 0) { + // Load admin's login + $login = getAdminLogin($adminId); + + // Is the login valid? + if ($login != '***') { + // Is the extension there? + if (isExtensionActive('admins')) { + // Admin found + $adminLink = '' . $login . ''; + } else { + // Extension not found + $adminLink = '{%message,ADMIN_TASK_ROW_EXTENSION_NOT_INSTALLED=admins%}'; + } + } else { + // Maybe deleted? + $adminLink = '
    {%message,ADMIN_ID_404=' . $adminId . '%}
    '; + } + } // END - if + + // Return result + return $adminLink; +} + +// Verifies if the current admin has confirmed to alter expert settings // +// Return values: +// 'failed' = Something goes wrong (default) +// 'agreed' = Has verified and and confirmed it to see them +// 'forbidden' = Has not the proper right to alter them +// 'update' = Need to update extension 'admins' +// 'ask' = A form was send to the admin +function doVerifyExpertSettings () { + // Default return status is failed + $return = 'failed'; + + // Is the extension installed and recent? + if (isExtensionInstalledAndNewer('admins', '0.7.3')) { + // Okay, load the status + $expertSettings = getAminsExpertSettings(); + + // Is he allowed? + if ($expertSettings == 'Y') { + // Okay, does he want to see them? + if (isAdminsExpertWarningEnabled()) { + // Ask for them + if (isFormSent()) { + // Is the element set, then we need to change the admin + if (isPostRequestElementSet('expert_settings')) { + // Get it and prepare final post data array + $postData['login'][getCurrentAdminId()] = getCurrentAdminLogin(); + $postData['expert_warning'][getCurrentAdminId()] = 'N'; + + // Change it in the admin + adminsChangeAdminAccount($postData, 'expert_warning'); + + // Clear form + unsetPostRequestElement('ok'); + } // END - if + + // All fine! + $return = 'agreed'; + } else { + // Send form + loadTemplate('admin_expert_settings_form'); + + // Asked for it + $return = 'ask'; + } + } else { + // Do not display + $return = 'agreed'; + } + } else { + // Forbidden + $return = 'forbidden'; + } + } else { + // Out-dated extension or not installed + $return = 'update'; + } + + // Output message for other status than ask/agreed + if (($return != 'ask') && ($return != 'agreed')) { + // Output message + displayMessage('{--ADMIN_EXPERT_SETTINGS_STATUS_' . strtoupper($return) . '--}'); + } // END - if + + // Return status + return $return; +} + +// Generate link to unconfirmed mails for admin +function generateUnconfirmedAdminLink ($id, $unconfirmed, $type = 'bid') { + // Init output + $OUT = $unconfirmed; + + // Do we have unconfirmed mails? + if ($unconfirmed > 0) { + // Add link to list_unconfirmed what-file + $OUT = '{%pipe,translateComma=' . $unconfirmed . '%}'; + } // END - if + + // Return it + return $OUT; +} + +// Generates a navigation row for listing emails +function addEmailNavigation ($numPages, $offset, $show_form, $colspan, $return=false) { + // Don't do anything if $numPages is 1 + if ($numPages == 1) { + // Abort here with empty content + return ''; + } // END - if + + $TOP = ''; + if ($show_form === false) { + $TOP = ' top'; + } // END - if + + $NAV = ''; + for ($page = 1; $page <= $numPages; $page++) { + // Is the page currently selected or shall we generate a link to it? + if (($page == getRequestElement('page')) || ((!isGetRequestElementSet('page')) && ($page == 1))) { + // Is currently selected, so only highlight it + $NAV .= '-'; + } else { + // Open anchor tag and add base URL + $NAV .= ''; + } + $NAV .= $page; + if (($page == getRequestElement('page')) || ((!isGetRequestElementSet('page')) && ($page == 1))) { + // Is currently selected, so only highlight it + $NAV .= '-'; + } else { + // Close anchor tag + $NAV .= ''; + } + + // Add separator if we have not yet reached total pages + if ($page < $numPages) { + // Add it + $NAV .= '|'; + } // END - if + } // END - for + + // Define constants only once + $content['nav'] = $NAV; + $content['span'] = $colspan; + $content['top'] = $TOP; + + // Load navigation template + $OUT = loadTemplate('admin_email_nav_row', true, $content); + + if ($return === true) { + // Return generated HTML-Code + return $OUT; + } else { + // Output HTML-Code + outputHtml($OUT); + } +} + +// Process menu editing form +function adminProcessMenuEditForm ($type, $subMenu) { + // An action is done... + foreach (postRequestElement('sel') as $sel => $menu) { + $AND = "(`what` = '' OR `what` IS NULL)"; + + $sel = bigintval($sel); + + if (!empty($subMenu)) { + $AND = "`action`='" . $subMenu . "'"; + } // END - if + + switch (postRequestElement('ok')) { + case 'edit': // Edit menu + if (postRequestElement('sel_what', $sel) == '') { + // Update with 'what'=null + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `title`='%s',`action`='%s',`what`=NULL WHERE ".$AND." AND `id`=%s LIMIT 1", + array( + $type, + $menu, + postRequestElement('sel_action', $sel), + $sel + ), __FILE__, __LINE__); + } else { + // Update with selected 'what' + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `title`='%s',`action`='%s',`what`='%s' WHERE ".$AND." AND `id`=%s LIMIT 1", + array( + $type, + $menu, + postRequestElement('sel_action', $sel), + postRequestElement('sel_what', $sel), + $sel + ), __FILE__, __LINE__); + } + break; + + case 'delete': // Delete menu + SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE ".$AND." AND `id`=%s LIMIT 1", + array($type, $sel), __FILE__, __LINE__); + break; + + case 'status': // Change status of menus + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `visible`='%s',`locked`='%s' WHERE ".$AND." AND `id`=%s LIMIT 1", + array($type, postRequestElement('visible', $sel), postRequestElement('locked', $sel), $sel), __FILE__, __LINE__); + break; + + default: // Unexpected action + logDebugMessage(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", postRequestElement('ok'))); + displayMessage('{%message,ADMIN_UNKNOWN_OKAY=' . postRequestElement('ok') . '%}'); + break; + } // END - switch + } // END - foreach + + // Load template + displayMessage('{--SETTINGS_SAVED--}'); +} + +// Handle weightning +function doAdminProcessMenuWeightning ($type, $AND) { + // Are there all required (generalized) GET parameter? + if ((isGetRequestElementSet('act')) && (isGetRequestElementSet('tid')) && (isGetRequestElementSet('fid'))) { + // Init variables + $tid = ''; $fid = ''; + + // Get ids + if (isGetRequestElementSet('w')) { + // Sub menus selected + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND `sort`=%s LIMIT 1", + array( + $type, + getRequestElement('act'), + bigintval(getRequestElement('tid')) + ), __FILE__, __LINE__); + list($tid) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND `sort`=%s LIMIT 1", + array( + $type, + getRequestElement('act'), + bigintval(getRequestElement('fid')) + ), __FILE__, __LINE__); + list($fid) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + } else { + // Main menu selected + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE (`what`='' OR `what` IS NULL) AND `sort`=%s LIMIT 1", + array( + $type, + bigintval(getRequestElement('tid')) + ), __FILE__, __LINE__); + list($tid) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE (`what`='' OR `what` IS NULL) AND `sort`=%s LIMIT 1", + array( + $type, + bigintval(getRequestElement('fid')) + ), __FILE__, __LINE__); + list($fid) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + } + + if ((!empty($tid)) && (!empty($fid))) { + // Sort menu + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `sort`=%s WHERE ".$AND." AND `id`=%s LIMIT 1", + array( + $type, + bigintval(getRequestElement('tid')), + bigintval($fid) + ), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `sort`=%s WHERE ".$AND." AND `id`=%s LIMIT 1", + array( + $type, + bigintval(getRequestElement('fid')), + bigintval($tid) + ), __FILE__, __LINE__); + } // END - if + } // END - if +} + +// [EOF] ?>