X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=886fd1d07d9333245c4bba42df3e5b90cf4bc367;hb=00283a82c807a00d66bd5811d41992bb3b059996;hp=bce95acae4a5d8f8e7212e4026b2adc5d1e423f1;hpb=6810caae47787689d6f316c5bdd62e3722b363bb;p=mailer.git diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index bce95acae4..886fd1d07d 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -16,7 +16,7 @@ * $Author:: $ * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009, 2010 by Mailer Developer Team * + * Copyright (c) 2009 - 2011 by Mailer Developer Team * * For more information visit: http://www.mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -52,7 +52,7 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) { // Is the entry there? if (SQL_HASZERONUMS($result)) { // Ok, let's create the admin login - SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')", + SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`,`password`,`email`) VALUES ('%s', '%s', '%s')", array( $adminLogin, $passHash, @@ -72,8 +72,9 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) { // This function will be executed when the admin is not logged in and has submitted his login data function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) { - // First of all, no admin login is found + // First of all, no admin login is found, so the admin hash is null $ret = '404'; + $adminHash = NULL; // Get admin id from login $adminId = getAdminId($adminLogin); @@ -96,7 +97,7 @@ function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) { // All fine $ret = 'done'; } else { - // Set status + // Did not match! $ret = 'password'; } } // END - if @@ -215,14 +216,14 @@ LIMIT 1", loadInclude($inc); } elseif ($GLOBALS['acl_allow'] === false) { // Access denied - loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what)); + loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACCESS_DENIED=' . $what . '%}'); } else { - // Include file not found! :-( - loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action)); + // Include file not found :-( + loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_404=' . $action . '%}'); } } else { - // Invalid action/what pair found! - loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what)); + // Invalid action/what pair found + loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_INVALID=' . $action . '/' . $what . '%}'); } // Free memory @@ -232,8 +233,22 @@ LIMIT 1", loadTemplate('admin_main_footer', false, $content); } +// Checks wether current admin is allowed to access given action/what combination +// (only one is allowed to be null!) +function isAdminAllowedAccessMenu ($action, $what = NULL) { + // Do we have cache? + if (!isset($GLOBALS[__FUNCTION__][$action][$what])) { + // ACL is always 'allow' when no ext-admins is installed + // @TODO This can be rewritten into a filter + $GLOBALS[__FUNCTION__][$action][$what] = ((!isExtensionInstalledAndNewer('admins', '0.2.0')) || (isAdminsAllowedByAcl($action, $what))); + } // END - if + + // Return the cached value + return $GLOBALS[__FUNCTION__][$action][$what]; +} + // Adds an admin menu -function addAdminMenu ($action, $what, $return=false) { +function addAdminMenu ($action, $what, $return = false) { // Init variables $SUB = false; $OUT = ''; @@ -244,7 +259,7 @@ function addAdminMenu ($action, $what, $return=false) { // Build main menu $result_main = SQL_QUERY("SELECT - `action`, `title`, `descr` + `action`,`title`,`descr` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE @@ -258,25 +273,19 @@ ORDER BY $OUT .= '
'.print_r($listType,true).',tableName
'.print_r($tableName,true).',columns=
'.print_r($columns,true).',filterFunctions=
'.print_r($filterFunctions,true).',extraValues=
'.print_r($extraValues,true).',idColumn=
'.print_r($idColumn,true).',userIdColumn=
'.print_r($userIdColumn,true).',rawUserId=
'.print_r($rawUserId,true).''); + foreach (postRequestParameter($idColumn[0]) as $id => $selected) { // Secure id number $id = bigintval($id); // Get result from a given column array and table name - $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id, __FUNCTION__, __LINE__); + $result = SQL_RESULT_FROM_ARRAY($tableName[0], $columns, $idColumn[0], $id, __FUNCTION__, __LINE__); // Is there one entry? if (SQL_NUMROWS($result) == 1) { @@ -784,28 +831,34 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, $idx = array_search($key, $columns, true); //Â Do we have a userid? - if ($key == $userIdColumn) { + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',userIdColumn=' . $userIdColumn[0]); + if ($key == $userIdColumn[0]) { // Add it again as raw id - $content[$userIdColumn] = bigintval($value); - $content[$userIdColumn . '_raw'] = $content[$userIdColumn]; + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'key=' . $key . ',userIdColumn=' . $userIdColumn[0]); + $content[$userIdColumn[0]] = bigintval($value); + $content[$userIdColumn[0] . '_raw'] = $content[$userIdColumn[0]]; } // END - if // If the key matches the idColumn variable, we need to temporary remember it - //* DEBUG: */ debugOutput('key=' . $key . ',idColumn=' . $idColumn . ',value=' . $value); - if ($key == $idColumn) { + //* DEBUG: */ debugOutput('key=' . $key . ',idColumn=' . $idColumn[0] . ',value=' . $value); + if ($key == $idColumn[0]) { // Found, so remember it $GLOBALS['admin_list_builder_id_value'] = $value; } // END - if // Handle the call in external function //* DEBUG: */ debugOutput('key=' . $key . ',fucntion=' . $filterFunctions[$idx] . ',value=' . $value); - $content[$key] = handleExtraValues($filterFunctions[$idx], $value, $extraValues[$idx]); + $content[$key] = handleExtraValues( + $filterFunctions[$idx], + $value, + $extraValues[$idx] + ); } // END - foreach // Then list it $OUT .= loadTemplate(sprintf("admin_%s_%s_row", $listType, - $table + $tableName[0] ), true, $content ); } // END - if @@ -817,23 +870,39 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, // Load master template loadTemplate(sprintf("admin_%s_%s", $listType, - $table + $tableName[0] ), false, $OUT ); } // Change status of "build" list -function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray, $userid = 'userid') { +function adminBuilderStatusHandler ($mode, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray, $rawUserId = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif ((!is_array($userIdColumn)) || (count($userIdColumn) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) { // "Walk" through all entries - foreach ($IDs as $id => $sel) { + foreach (postRequestParameter($idColumn[0]) as $id => $sel) { // Construct SQL query - $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", SQL_ESCAPE($table)); + $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", SQL_ESCAPE($tableName[0])); // Load data of entry $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", - array($table, $idColumn, $id), __FUNCTION__, __LINE__); + array( + $tableName[0], + $idColumn[0], + $id + ), __FUNCTION__, __LINE__); // Fetch the data $content = SQL_FETCHARRAY($result); @@ -849,7 +918,7 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti // Does the entry exist? if ((isset($content[$column])) && (isset($statusInfo[$content[$column]]))) { // Add these entries for update - $sql .= sprintf(" %s='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]])); + $sql .= sprintf(" `%s`='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]])); // Remember status if ($statusColumn == 'unknown') { @@ -870,14 +939,14 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti logDebugMessage(__FUNCTION__, __LINE__, 'Found entry: ' . $key); // Skip id, raw userid and 'do_$mode' - if (!in_array($key, array($idColumn, $userid, ('do_' . $mode)))) { + if (!in_array($key, array($idColumn[0], $rawUserId[0], ('do_' . $mode)))) { // Are there brackets () at the end? if (substr($entries[$id], -2, 2) == '()') { // Direct SQL command found - $sql .= sprintf(" %s=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); + $sql .= sprintf(" `%s`=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); } else { // Add regular entry - $sql .= sprintf(" %s='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); + $sql .= sprintf(" `%s`='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); // Add entry $content[$key] = $entries[$id]; @@ -890,7 +959,7 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti // Finish SQL statement $sql = substr($sql, 0, -1) . sprintf(" WHERE `%s`=%s AND `%s`='%s' LIMIT 1", - $idColumn, + $idColumn[0], bigintval($id), $statusColumn, $oldStatus @@ -906,30 +975,45 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti } // END - if // Send "build mails" out - sendAdminBuildMails($mode, $table, $content, $id, $statusInfo[$content[$column]]); + sendAdminBuildMails($mode, $tableName, $content, $id, $statusInfo[$content[$column]], $userIdColumn); } // END - foreach } // END - if } // Delete rows by given id numbers -function adminDeleteEntriesConfirm ($IDs, $table, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = false, $idColumn = 'id', $userIdColumn = 'userid', $userid = 'userid') { +function adminDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($userIdColumn)) { + // $userIdColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } elseif (!is_array($deleteNow)) { + // $deleteNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'deleteNow[]=' . gettype($deleteNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { // Shall we delete here or list for deletion? - if ($deleteNow === true) { + if ($deleteNow[0] === true) { // The base SQL command: $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s` IN (%s)"; // Delete them all $idList = ''; - foreach ($IDs as $id => $sel) { + foreach (postRequestParameter($idColumn[0]) as $id => $sel) { // Is there a userid? - if (isPostRequestParameterSet($userid, $id)) { + if (isPostRequestParameterSet($rawUserId[0], $id)) { // Load all data from that id $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", array( - $table, - $idColumn, + $tableName[0], + $idColumn[0], $id ), __FUNCTION__, __LINE__); @@ -940,7 +1024,7 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns = array(), $filterFun SQL_FREERESULT($result); // Send "build mails" out - sendAdminBuildMails('delete', $table, $content, $id); + sendAdminBuildMails('delete', $tableName, $content, $id, '', $userIdColumn); } // END - if // Add id number @@ -948,48 +1032,64 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns = array(), $filterFun } // END - foreach // Run the query - SQL_QUERY_ESC($sql, array($table, $idColumn, substr($idList, 0, -1)), __FUNCTION__, __LINE__); + SQL_QUERY_ESC($sql, array($tableName[0], $idColumn[0], substr($idList, 0, -1)), __FUNCTION__, __LINE__); // Was this fine? - if (SQL_AFFECTEDROWS() == count($IDs)) { + if (SQL_AFFECTEDROWS() == count(postRequestParameter($idColumn[0]))) { // All deleted - loadTemplate('admin_settings_saved', false, '{--ADMIN_ALL_ENTRIES_REMOVED--}'); + displayMessage('{--ADMIN_ALL_ENTRIES_REMOVED--}'); } else { // Some are still there :( - loadTemplate('admin_settings_saved', false, sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_DELETED'), SQL_AFFECTEDROWS(), count($IDs))); + displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_DELETED'), SQL_AFFECTEDROWS(), count(postRequestParameter($idColumn[0])))); } } else { // List for deletion confirmation - adminListBuilder('delete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('delete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } // Edit rows by given id numbers -function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunctions = array(), $extraValues = array(), $editNow = false, $idColumn = 'id', $userIdColumn = 'userid', $userid = 'userid') { +function adminEditEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $editNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($userIdColumn)) { + // $userIdColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } elseif (!is_array($editNow)) { + // $editNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'editNow[]=' . gettype($editNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'idColumn=
'.print_r($idColumn,true).',tableName
'.print_r($tableName,true).',columns=
'.print_r($columns,true).',filterFunctions=
'.print_r($filterFunctions,true).',extraValues=
'.print_r($extraValues,true).',editNow=
'.print_r($editNow,true).',userIdColumn=
'.print_r($userIdColumn,true).',rawUserId=
'.print_r($rawUserId,true).''); + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { // Shall we change here or list for editing? - if ($editNow === true) { + if ($editNow[0] === true) { // Change them all $affected = '0'; - foreach ($IDs as $id => $sel) { + foreach (postRequestParameter($idColumn[0]) as $id => $sel) { // Prepare content array (new values) $content = array(); // Prepare SQL for this row $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", - SQL_ESCAPE($table) + SQL_ESCAPE($tableName[0]) ); foreach (postRequestArray() as $key => $entries) { // Skip raw userid which is always invalid - if ($key == $userid) { + if ($key == $rawUserId[0]) { // Continue with next field continue; } // END - if // Is entries an array? - if (($key != $idColumn) && (is_array($entries)) && (isset($entries[$id]))) { + if (($key != $idColumn[0]) && (is_array($entries)) && (isset($entries[$id]))) { // Add this entry to content $content[$key] = $entries[$id]; @@ -1004,7 +1104,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunct SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]) ); - } elseif (($key != $idColumn) && (!is_array($entries))) { + } elseif (($key != $idColumn[0]) && (!is_array($entries))) { // Add normal entries as well! $content[$key] = $entries; } @@ -1017,7 +1117,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunct } // END - foreach // Finish SQL command - $sql = substr($sql, 0, -1) . " WHERE `" . $idColumn . "`=" . bigintval($id) . " LIMIT 1"; + $sql = substr($sql, 0, -1) . " WHERE `" . $idColumn[0] . "`=" . bigintval($id) . " LIMIT 1"; // Run this query SQL_QUERY($sql, __FUNCTION__, __LINE__); @@ -1027,7 +1127,11 @@ function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunct // Load all data from that id $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", - array($table, $idColumn, $id), __FUNCTION__, __LINE__); + array( + $tableName[0], + $idColumn[0], + $id + ), __FUNCTION__, __LINE__); // Fetch the data and merge it into $content $content = merge_array($content, SQL_FETCHARRAY($result)); @@ -1036,52 +1140,253 @@ function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunct SQL_FREERESULT($result); // Send "build mails" out - sendAdminBuildMails('edit', $table, $content, $id); + sendAdminBuildMails('edit', $tableName, $content, $id, '', $userIdColumn); } // END - foreach // Was this fine? - if ($affected == count($IDs)) { + if ($affected == count(postRequestParameter($idColumn[0]))) { // All deleted - loadTemplate('admin_settings_saved', false, '{--ADMIN_ALL_ENTRIES_EDITED--}'); + displayMessage('{--ADMIN_ALL_ENTRIES_EDITED--}'); } else { // Some are still there :( - loadTemplate('admin_settings_saved', false, sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_EDITED'), $affected, count($IDs))); + displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_EDITED'), $affected, count(postRequestParameter($idColumn[0])))); } } else { // List for editing - adminListBuilder('edit', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('edit', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } - } // END - if + } else { + // Maybe some invalid parameters + debug_report_bug(__FUNCTION__, __LINE__, 'tableName=' . $tableName[0] . ',columns[]=' . gettype($columns) . ',filterFunctions[]=' . gettype($filterFunctions) . ',extraValues[]=' . gettype($extraValues) . ',idColumn=' . $idColumn[0] . ',userIdColumn=' . $userIdColumn[0] . ' - INVALID!'); + } } // Un-/lock rows by given id numbers -function adminLockEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $lockNow=false, $idColumn='id', $userIdColumn='userid') { +function adminLockEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $statusArray = array(), $lockNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($lockNow)) { + // $lockNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'lockNow[]=' . gettype($lockNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($lockNow === false) || (count($statusArray) == 1))) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($lockNow[0] === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? - if ($lockNow === true) { + if ($lockNow[0] === true) { // Un-/lock entries - adminBuilderStatusHandler('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('lock', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - adminListBuilder('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('lock', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } // Undelete rows by given id numbers -function adminUndeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $undeleteNow=false, $idColumn='id', $userIdColumn='userid') { +function adminUndeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $statusArray = array(), $undeleteNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($undeleteNow)) { + // $undeleteNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'undeleteNow[]=' . gettype($undeleteNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($undeleteNow === false) || (count($statusArray) == 1))) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($undeleteNow[0] === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? - if ($undeleteNow === true) { + if ($undeleteNow[0] === true) { // Undelete entries - adminBuilderStatusHandler('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('undelete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - adminListBuilder('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('undelete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + } + } // END - if +} + +// Adds a given entry to the database +function adminAddEntries ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array()) { + //* DEBUG: */ die('columns=
'.print_r($columns,true).',filterFunctions=
'.print_r($filterFunctions,true).',extraValues=
'.print_r($extraValues,true).',POST=
'.print_r($_POST,true).''); + // Verify that tableName and columns are not empty + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (count($columns) == 0) { + // No columns specified + debug_report_bug(__FUNCTION__, __LINE__, 'columns is not given. Please fix your XML.'); + } + + // Init columns and value elements + $sqlColumns = array(); + $sqlValues = array(); + + // Add columns and values + foreach ($columns as $key=>$columnName) { + // Copy entry to final arrays + $sqlColumns[$key] = $columnName; + $sqlValues[$key] = postRequestParameter($columnName); + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key='.$key.',columnName='.$columnName.',filterFunctions='.$filterFunctions[$key].',extraValues='.intval(isset($extraValues[$key])).',extraValuesName='.intval(isset($extraValues[$columnName . '_list'])).'
'.print_r($args, true).''); + // @TODO If we can rewrite the EL sub-system to support more than one parameter, this call_user_func_array() can be avoided + $content[$columnName] = call_user_func_array($callbackFunction, $args); + } // END - foreach + + // Load row template + $OUT .= loadTemplate(trim($rowTemplate[0]), true, $content); + } // END - while + + // Load main template + loadTemplate(trim($tableTemplate[0]), false, $OUT); + } else { + // No URLs in surfbar + displayMessage('{--' .$noEntryMessageId[0] . '--}'); + } + + // Free result + SQL_FREERESULT($result); } // Checks proxy settins by fetching check-updates3.php from www.mxchange.org @@ -1093,7 +1398,7 @@ function adminTestProxySettings ($settingsArray) { $content = sendGetRequest('check-updates3.php'); // Is the first line with "200 OK"? - $valid = (strpos($content[0], '200 OK') !== false); + $valid = isInString('200 OK', $content[0]); // Return result return $valid; @@ -1105,12 +1410,12 @@ function sendAdminPasswordResetLink ($email) { $OUT = ''; //Â Look up administator login - $result = SQL_QUERY_ESC("SELECT `id`, `login`, `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT `id`,`login`,`password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE '%s' REGEXP `email` LIMIT 1", array($email), __FUNCTION__, __LINE__); // Is there an account? if (SQL_HASZERONUMS($result)) { - // No account found! + // No account found return '{--ADMIN_NO_LOGIN_WITH_EMAIL--}'; } // END - if @@ -1121,20 +1426,20 @@ function sendAdminPasswordResetLink ($email) { SQL_FREERESULT($result); // Generate hash for reset link - $content['hash'] = generateHash(getUrl() . ':' . $content['id'] . ':' . $content['login'] . ':' . $content['password'], substr($content['password'], 10)); + $content['hash'] = generateHash(getUrl() . getEncryptSeperator() . $content['id'] . getEncryptSeperator() . $content['login'] . getEncryptSeperator() . $content['password'], substr($content['password'], getSaltLength())); // Remove some data unset($content['id']); unset($content['password']); // Prepare email - $mailText = loadEmailTemplate('form_reset_password', $content); + $mailText = loadEmailTemplate('admin_reset_password', $content); // Send it out - sendEmail($email, '{--ADMIN_RESET_PASS_LINK_SUBJECT--}', $mailText); + sendEmail($email, '{--ADMIN_RESET_PASSWORD_LINK_SUBJECT--}', $mailText); // Prepare output - return '{--ADMIN_RESET_LINK_SENT--}'; + return '{--ADMIN_RESET_PASSWORD_LINK_SENT--}'; } // Validate hash and login for password reset @@ -1143,7 +1448,7 @@ function adminResetValidateHashLogin ($hash, $login) { $valid = false; // Then try to find that user - $result = SQL_QUERY_ESC("SELECT `id`, `password`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT `id`,`password`,`email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", array($login), __FUNCTION__, __LINE__); // Is an account here? @@ -1152,7 +1457,7 @@ function adminResetValidateHashLogin ($hash, $login) { $content = SQL_FETCHARRAY($result); // Generate hash again - $hashFromData = generateHash(getUrl() . ':' . $content['id'] . ':' . $login . ':' . $content['password'], substr($content['password'], 10)); + $hashFromData = generateHash(getUrl() . getEncryptSeperator() . $content['id'] . getEncryptSeperator() . $login . getEncryptSeperator() . $content['password'], substr($content['password'], getSaltLength())); // Does both match? $valid = ($hash == $hashFromData); @@ -1170,12 +1475,17 @@ function doResetAdminPassword ($login, $password) { // Generate hash (we already check for sql_patches in generateHash()) $passHash = generateHash($password); + // Prepare fake POST data + $postData = array( + 'login' => array(getAdminId($login) => $login), + 'password' => array(getAdminId($login) => $passHash), + ); + // Update database - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `login`='%s' LIMIT 1", - array($passHash, $login), __FUNCTION__, __LINE__); + $message = adminsChangeAdminAccount($postData, '', false); // Run filters - runFilterChain('post_form_reset_pass', array('login' => $login, 'hash' => $passHash)); + runFilterChain('post_form_reset_pass', array('login' => $login, 'hash' => $passHash, 'message' => $message)); // Return output return '{--ADMIN_PASSWORD_RESET_DONE--}'; @@ -1195,14 +1505,11 @@ function adminDeleteTask ($id) { // Function to update task data function adminUpdateTaskData ($id, $row, $data) { - // Should be admin! + // Should be admin and valid id if (!isAdmin()) { // Not an admin so redirect better - redirectToUrl('modules.php?module=index'); - } // END - if - - // Is the id not set, then we need a backtrace here... :( - if ($id <= 0) { + debug_report_bug(__FUNCTION__, __LINE__, 'id=' . $id . ',row=' . $row . ',data=' . $data . ' - isAdmin()=false'); + } elseif ($id <= 0) { // Initiate backtrace debug_report_bug(__FUNCTION__, __LINE__, sprintf("id is invalid: %s. row=%s, data=%s", $id, @@ -1271,11 +1578,11 @@ function generateAdminLink ($adminId) { $adminLink = '' . $login . ''; } else { // Extension not found - $adminLink = getMaskedMessage('ADMIN_TASK_ROW_EXTENSION_NOT_INSTALLED', 'admins'); + $adminLink = '{%message,ADMIN_TASK_ROW_EXTENSION_NOT_INSTALLED=admins%}'; } } else { // Maybe deleted? - $adminLink = '