X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=886fd1d07d9333245c4bba42df3e5b90cf4bc367;hb=00283a82c807a00d66bd5811d41992bb3b059996;hp=6a726a464d0147e080a948ddb609fa64719f7b6b;hpb=de5910b8e5deb9285a7ac57c26ebd894f4e1afbf;p=mailer.git
diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 6a726a464d..886fd1d07d 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -14,10 +14,9 @@
* $Date:: $ *
* $Tag:: 0.2.1-FINAL $ *
* $Author:: $ *
- * Needs to be in all Files and every File needs "svn propset *
- * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
+ * Copyright (c) 2009 - 2011 by Mailer Developer Team *
* For more information visit: http://www.mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -51,9 +50,9 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
array($adminLogin), __FUNCTION__, __LINE__);
// Is the entry there?
- if (SQL_NUMROWS($result) == '0') {
+ if (SQL_HASZERONUMS($result)) {
// Ok, let's create the admin login
- SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`,`password`,`email`) VALUES ('%s', '%s', '%s')",
array(
$adminLogin,
$passHash,
@@ -73,32 +72,40 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
// This function will be executed when the admin is not logged in and has submitted his login data
function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) {
- // First of all, no admin login is found
+ // First of all, no admin login is found, so the admin hash is null
$ret = '404';
+ $adminHash = NULL;
- // Then we need to lookup the login name by getting the admin hash
- $adminHash = getAdminHash($adminLogin);
+ // Get admin id from login
+ $adminId = getAdminId($adminLogin);
- // If this is fine, we can continue
- if ($adminHash != '-1') {
- // Get admin id and set it as current
- setCurrentAdminId(getAdminId($adminLogin));
+ // Continue only with found admin ids
+ if ($adminId > 0) {
+ // Then we need to lookup the login name by getting the admin hash
+ $adminHash = getAdminHash($adminId);
- // Now, we need to encode the password in the same way the one is encoded in database
- $testHash = generateHash($adminPassword, $adminHash);
+ // If this is fine, we can continue
+ if ($adminHash != '-1') {
+ // Get admin id and set it as current
+ setCurrentAdminId($adminId);
- // If they both match, the login data is valid
- if ($testHash == $adminHash) {
- // All fine
- $ret = 'done';
- } else {
- // Set status
- $ret = 'pass';
- }
+ // Now, we need to encode the password in the same way the one is encoded in database
+ $testHash = generateHash($adminPassword, $adminHash);
+
+ // If they both match, the login data is valid
+ if ($testHash == $adminHash) {
+ // All fine
+ $ret = 'done';
+ } else {
+ // Did not match!
+ $ret = 'password';
+ }
+ } // END - if
} // END - if
// Prepare data array
$data = array(
+ 'id' => $adminId,
'login' => $adminLogin,
'plain_pass' => $adminPassword,
'pass_hash' => $adminHash
@@ -123,7 +130,7 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) {
if ($adminHash != '-1') {
// Now, we need to encode the password in the same way the one is encoded in database
$testHash = encodeHashForCookie($adminHash);
- //* DEBUG: */ outputHtml('adminLogin='.$adminLogin.',
passHash='.$passHash.',
adminHash='.$adminHash.',
testHash='.$testHash.'
');
+ //* DEBUG: */ debugOutput('adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash);
// If they both match, the login data is valid
if ($testHash == $passHash) {
@@ -131,12 +138,12 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) {
$ret = 'done';
} else {
// Set status
- $ret = 'pass';
+ $ret = 'password';
}
} // END - if
// Return status
- //* DEBUG: */ outputHtml('ret='.$ret);
+ //* DEBUG: */ debugOutput('ret='.$ret);
return $ret;
}
@@ -145,7 +152,7 @@ function doAdminAction () {
// Get default what
$what = getWhat();
- //* DEBUG: */ outputHtml(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*
');
+ //* DEBUG: */ debugOutput(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*');
// Remove any spaces from variable
if (empty($what)) {
@@ -159,16 +166,16 @@ function doAdminAction () {
// Get action value
$action = getActionFromModuleWhat(getModule(), $what);
- // Define admin login name and id number
- $content['login'] = getSession('admin_login');
- $content['id'] = getCurrentAdminId();
-
- // Preload templates
+ // Load welcome template
if (isExtensionActive('admins')) {
- $content['welcome'] = loadTemplate('admin_welcome_admins', true, $content);
+ // @TODO This and the next getCurrentAdminId() call might be moved into the templates?
+ $content['welcome'] = loadTemplate('admin_welcome_admins', true, getCurrentAdminId());
} else {
- $content['welcome'] = loadTemplate('admin_welcome', true, $content);
+ $content['welcome'] = loadTemplate('admin_welcome', true, getCurrentAdminId());
}
+
+ // Load header, footer, render menu
+ $content['header'] = loadTemplate('admin_header' , true, $content);
$content['footer'] = loadTemplate('admin_footer' , true, $content);
$content['menu'] = addAdminMenu($action, $what, true);
@@ -209,14 +216,14 @@ LIMIT 1",
loadInclude($inc);
} elseif ($GLOBALS['acl_allow'] === false) {
// Access denied
- loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what));
+ loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACCESS_DENIED=' . $what . '%}');
} else {
- // Include file not found! :-(
- loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action));
+ // Include file not found :-(
+ loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_404=' . $action . '%}');
}
} else {
- // Invalid action/what pair found!
- loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what));
+ // Invalid action/what pair found
+ loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_INVALID=' . $action . '/' . $what . '%}');
}
// Free memory
@@ -226,8 +233,22 @@ LIMIT 1",
loadTemplate('admin_main_footer', false, $content);
}
+// Checks wether current admin is allowed to access given action/what combination
+// (only one is allowed to be null!)
+function isAdminAllowedAccessMenu ($action, $what = NULL) {
+ // Do we have cache?
+ if (!isset($GLOBALS[__FUNCTION__][$action][$what])) {
+ // ACL is always 'allow' when no ext-admins is installed
+ // @TODO This can be rewritten into a filter
+ $GLOBALS[__FUNCTION__][$action][$what] = ((!isExtensionInstalledAndNewer('admins', '0.2.0')) || (isAdminsAllowedByAcl($action, $what)));
+ } // END - if
+
+ // Return the cached value
+ return $GLOBALS[__FUNCTION__][$action][$what];
+}
+
// Adds an admin menu
-function addAdminMenu ($action, $what, $return=false) {
+function addAdminMenu ($action, $what, $return = false) {
// Init variables
$SUB = false;
$OUT = '';
@@ -238,7 +259,7 @@ function addAdminMenu ($action, $what, $return=false) {
// Build main menu
$result_main = SQL_QUERY("SELECT
- `action`, `title`, `descr`
+ `action`,`title`,`descr`
FROM
`{?_MYSQL_PREFIX?}_admin_menu`
WHERE
@@ -248,29 +269,23 @@ ORDER BY
`id` DESC", __FUNCTION__, __LINE__);
// Do we have entries?
- if (SQL_NUMROWS($result_main) > 0) {
+ if (!SQL_HASZERONUMS($result_main)) {
$OUT .= '