From 2305bb069ede07db6227ab5e51960e501e75d7e6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Wed, 22 Oct 2008 18:57:40 +0000 Subject: [PATCH] Now all admin functions depend on admin id, before login/aid mixed --- inc/databases.php | 2 +- inc/functions.php | 5 ++- inc/loader/load_cache-admin.php | 24 +++++++++----- inc/modules/admin/admin-inc.php | 40 +++++++++++++---------- inc/modules/admin/what-admins_contct.php | 2 +- inc/modules/admin/what-unlock_sponsor.php | 11 +++---- inc/mysql-manager.php | 20 ++++++------ 7 files changed, 60 insertions(+), 44 deletions(-) diff --git a/inc/databases.php b/inc/databases.php index d169b1e0ac..af9a585292 100644 --- a/inc/databases.php +++ b/inc/databases.php @@ -114,7 +114,7 @@ define('USAGE_BASE', "usage"); define('SERVER_URL', "http://www.mxchange.org"); // This current patch level -define('CURR_SVN_REVISION', "518"); +define('CURR_SVN_REVISION', "519"); // Take a prime number which is long (if you know a longer one please try it out!) define('_PRIME', 591623); diff --git a/inc/functions.php b/inc/functions.php index 291d865adb..73b15f5515 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -749,8 +749,11 @@ function LOAD_EMAIL_TEMPLATE($template, $content=array(), $UID="0") { // Is the admin logged in? if (IS_ADMIN()) { + // Get admin id + $aid = GET_ADMIN_ID(get_session('admin_login')); + // Load Admin data - $ADMIN = GET_ADMIN_EMAIL(get_session('admin_login')); + $ADMIN = GET_ADMIN_EMAIL($aid); } // END - if // Neutral email address is default diff --git a/inc/loader/load_cache-admin.php b/inc/loader/load_cache-admin.php index 59d7a09812..2de94871bc 100644 --- a/inc/loader/load_cache-admin.php +++ b/inc/loader/load_cache-admin.php @@ -52,19 +52,27 @@ if (($cacheInstance->cache_file("admins", true) == true) && ($cacheInstance->ext // The cache file seems to be fine foreach ($cacheArray['admins']['login'] as $k => $login) { - // Rewrite default_acl - $cacheArray['admins']['aid'][$login] = $cacheArray['admins']['aid'][$k]; - $cacheArray['admins']['password'][$login] = $cacheArray['admins']['password'][$k]; - $cacheArray['admins']['email'][$login] = $cacheArray['admins']['email'][$k]; + // Rewrite admin id + $cacheArray['admins']['aid'][$login] = $cacheArray['admins']['aid'][$k]; + + // Shortcut admin id + $aid = $cacheArray['admins']['aid'][$login]; + + // Rewrite others... + $cacheArray['admins']['password'][$aid] = $cacheArray['admins']['password'][$k]; + $cacheArray['admins']['email'][$aid] = $cacheArray['admins']['email'][$k]; // Some extra data depending on version if (GET_EXT_VERSION("admins") >= "0.3") { - $cacheArray['admins']['def_acl'][$login] = $cacheArray['admins']['def_acl'][$k]; + // Default ACL + $cacheArray['admins']['def_acl'][$aid] = $cacheArray['admins']['def_acl'][$k]; if (GET_EXT_VERSION("admins") >= "0.6.7") { - $cacheArray['admins']['la_mode'][$login] = $cacheArray['admins']['la_mode'][$k]; + // "Logical Area" mode + $cacheArray['admins']['la_mode'][$aid] = $cacheArray['admins']['la_mode'][$k]; if (GET_EXT_VERSION("admins") >= "0.7.0") { - $cacheArray['admins']['login_failtures'][$login] = $cacheArray['admins']['login_failtures'][$k]; - $cacheArray['admins']['last_failture'][$login] = $cacheArray['admins']['last_failture'][$k]; + // Login failtures + $cacheArray['admins']['login_failtures'][$aid] = $cacheArray['admins']['login_failtures'][$k]; + $cacheArray['admins']['last_failture'][$aid] = $cacheArray['admins']['last_failture'][$k]; } // END - if } // END - if } // END - if diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index c0ba4d31da..395bc3e64e 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -66,18 +66,21 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) $ret = "404"; $data = array(); + // Get admin id + $aid = GET_ADMIN_ID($admin_login); + // Is the cache valid? - if (!empty($cacheArray['admins']['password'][$admin_login])) { + if (!empty($cacheArray['admins']['password'][$aid])) { // Get password from cache - $data['password'] = $cacheArray['admins']['password'][$admin_login]; + $data['password'] = $cacheArray['admins']['password'][$aid]; $ret = "pass"; if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; } // Include more admins data? if (GET_EXT_VERSION("admins") >= "0.7.0") { // Load them here - $data['login_failtures'] = $cacheArray['admins']['login_failtures'][$admin_login]; - $data['last_failture'] = $cacheArray['admins']['last_failture'][$admin_login]; + $data['login_failtures'] = $cacheArray['admins']['login_failtures'][$aid]; + $data['last_failture'] = $cacheArray['admins']['last_failture'][$aid]; } // END - if } elseif (!EXT_IS_ACTIVE("cache")) { $ADD = ""; @@ -87,8 +90,8 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) } // END - if // Get password from DB - $result = SQL_QUERY_ESC("SELECT password".$ADD." FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array($admin_login), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT password".$ADD." FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", + array($aid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Login password found $ret = "pass"; @@ -134,12 +137,12 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) set_session('mxchange_admin_last_fail', $data['last_failture']); // Update password and reset login failtures - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s',login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1", - array($data['password'], $admin_login), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s',login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE id=%s LIMIT 1", + array($data['password'], $aid), __FILE__, __LINE__); } else { // Update password - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", - array($data['password'], $admin_login), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE id=%s LIMIT 1", + array($data['password'], $aid), __FILE__, __LINE__); } // Rebuild cache @@ -167,8 +170,8 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) // Count login failture if admins extension version is 0.7.0+ if (($ret == "pass") && (GET_EXT_VERSION("admins") >= "0.7.0")) { // Update counter - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=login_failtures+1,last_failture=NOW() WHERE login='%s' LIMIT 1", - array($admin_login), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=login_failtures+1,last_failture=NOW() WHERE id=%s LIMIT 1", + array($aid), __FILE__, __LINE__); // Rebuild cache REBUILD_CACHE("admins", "admin"); @@ -213,7 +216,7 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { $ret = "404"; $pass = ""; // Get hash - $pass = GET_ADMIN_HASH($admin_login); + $pass = GET_ADMIN_HASH(GET_ADMIN_ID($admin_login)); if ($pass != "-1") $ret = "pass"; //* DEBUG: */ print __FUNCTION__."(".__LINE__."):".generatePassString($pass)."(".strlen($pass).")/".$password."(".strlen($password).")
\n"; @@ -767,15 +770,18 @@ function ADMIN_CHECK_MENU_MODE() { // Set the global mode as the mode for all admins $MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE; + // Get admin id + $aid = GET_ADMIN_ID(get_session('admin_login')); + // Check individual settings of current admin - if (isset($cacheArray['admins']['la_mode'][get_session('admin_login')])) { + if (isset($cacheArray['admins']['la_mode'][$aid])) { // Load from cache - $ADMIN = $cacheArray['admins']['la_mode'][get_session('admin_login')]; + $ADMIN = $cacheArray['admins']['la_mode'][$aid]; if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; } } elseif (GET_EXT_VERSION("admins") >= "0.6.7") { // Load from database when version of "admins" is enough - $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array(get_session('admin_login')), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", + array($aid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load data list($ADMIN) = SQL_FETCHROW($result); diff --git a/inc/modules/admin/what-admins_contct.php b/inc/modules/admin/what-admins_contct.php index 9b525cc5e5..c6341ea4f1 100644 --- a/inc/modules/admin/what-admins_contct.php +++ b/inc/modules/admin/what-admins_contct.php @@ -48,7 +48,7 @@ if ((isset($_POST['ok'])) && (!empty($_GET['admin']))) { SEND_ADMIN_MESSAGE($_GET['admin'], ADMINS_MSG_FROM_ADMIN, $msg); } else { // Load admin's email address - $email = GET_ADMIN_EMAIL(GET_ADMIN_LOGIN(bigintval($_GET['admin']))); + $email = GET_ADMIN_EMAIL(bigintval($_GET['admin'])); // Load email template and send the mail to the admin $msg = LOAD_EMAIL_TEMPLATE("admins_mail_contct_admin", $_POST['text'], "0"); diff --git a/inc/modules/admin/what-unlock_sponsor.php b/inc/modules/admin/what-unlock_sponsor.php index 0aaba4551f..81328dc904 100644 --- a/inc/modules/admin/what-unlock_sponsor.php +++ b/inc/modules/admin/what-unlock_sponsor.php @@ -72,17 +72,16 @@ ORDER BY sp.pay_name", // Payment does exist while(list($aid, $count, $ordered, $status, $pname, $prate, $pcurr) = SQL_FETCHROW($result)) { - if ($aid == "0") { - // No admin assigned! - $aid = SPONSOR_NO_ADMIN; - } else { + // Set default email + $email = SPONSOR_NO_ADMIN; + if ($aid > "0") { // Load admin's email address for contact - $aid = GET_ADMIN_EMAIL(GET_ADMIN_LOGIN(($aid)); + $email = GET_ADMIN_EMAIL($aid); } // Transfer data to array $content = array( - 'aid' => $aid, + 'aid' => $email, 'order' => ($count * $prate)." ".$pcurr, 'stamp' => MAKE_DATETIME($ordered, "2"), 'pname' => $pname, diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index b47722f6d9..00f7d155e3 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -1390,7 +1390,7 @@ WHERE sid='%s' LIMIT 1", array($_CONFIG['online_timeout']), __FILE__, __LINE__); } // OBSULETE: Sends out mail to all administrators -function SEND_ADMIN_EMAILS($subj, $msg) { +function SEND_ADMIN_EMAILS ($subj, $msg) { // Load all admin email addresses $result = SQL_QUERY("SELECT email FROM "._MYSQL_PREFIX."_admins ORDER BY id ASC", __FILE__, __LINE__); while (list($email) = SQL_FETCHROW($result)) { @@ -1404,7 +1404,7 @@ function SEND_ADMIN_EMAILS($subj, $msg) { // Really simple... ;-) } // Get ID number from administrator's login name -function GET_ADMIN_ID($login) { +function GET_ADMIN_ID ($login) { global $cacheArray, $_CONFIG; $ret = "-1"; if (!empty($cacheArray['admins']['aid'][$login])) { @@ -1428,26 +1428,26 @@ function GET_ADMIN_ID($login) { } // // Get password hash from administrator's login name -function GET_ADMIN_HASH($login) +function GET_ADMIN_HASH ($aid) { global $cacheArray, $_CONFIG; $ret = "-1"; - if (!empty($cacheArray['admins']['password'][$login])) { + if (!empty($cacheArray['admins']['password'][$aid])) { // Check cache - $ret = $cacheArray['admins']['password'][$login]; + $ret = $cacheArray['admins']['password'][$aid]; // Update cache hits if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; } } elseif (!EXT_IS_ACTIVE("cache")) { // Load from database - $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array($login), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", + array($aid), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Fetch data list($ret) = SQL_FETCHROW($result); // Set cache - $cacheArray['admins']['password'][$login] = $ret; + $cacheArray['admins']['password'][$aid] = $ret; } // Free result @@ -1487,7 +1487,7 @@ function GET_ADMIN_EMAIL ($aid) { global $cacheArray, $_CONFIG; $ret = "***"; - if (!empty($cacheArray['admins']['email'])) { + if (!empty($cacheArray['admins']['email'][$aid])) { // Get cache $ret = $cacheArray['admins']['email'][$aid]; @@ -1517,7 +1517,7 @@ function GET_ADMIN_DEFAULT_ACL ($aid) { global $cacheArray, $_CONFIG; $ret = "***"; - if (!empty($cacheArray['admins']['def_acl'])) { + if (!empty($cacheArray['admins']['def_acl'][$aid])) { // Use cache $ret = $cacheArray['admins']['def_acl'][$aid]; -- 2.39.5