projects / mailer.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
List active/inactive extensions
[mailer.git] / 0.2.1 / inc / modules / admin / what-admins_edit.php
1 <?php\r
2 /************************************************************************\r
3  * MXChange v0.2.1                                    Start: 04/18/2004 *\r
4  * ================                             Last change: 04/18/2004 *\r
5  *                                                                      *\r
6  * -------------------------------------------------------------------- *\r
7  * File              : what-admins_edit.php                             *\r
8  * -------------------------------------------------------------------- *\r
9  * Short description : Edit admin accounts                              *\r
10  * -------------------------------------------------------------------- *\r
11  * Kurzbeschreibung  : Admin-Account editieren                          *\r
12  * -------------------------------------------------------------------- *\r
13  *                                                                      *\r
14  * -------------------------------------------------------------------- *\r
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *\r
16  * For more information visit: http://www.mxchange.org                  *\r
17  *                                                                      *\r
18  * This program is free software; you can redistribute it and/or modify *\r
19  * it under the terms of the GNU General Public License as published by *\r
20  * the Free Software Foundation; either version 2 of the License, or    *\r
21  * (at your option) any later version.                                  *\r
22  *                                                                      *\r
23  * This program is distributed in the hope that it will be useful,      *\r
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *\r
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *\r
26  * GNU General Public License for more details.                         *\r
27  *                                                                      *\r
28  * You should have received a copy of the GNU General Public License    *\r
29  * along with this program; if not, write to the Free Software          *\r
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *\r
31  * MA  02110-1301  USA                                                  *\r
32  ************************************************************************/\r
33 \r
34 // Some security stuff...\r
35 if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))\r
36 {\r
37         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";\r
38         require($INC);\r
39 }\r
40 // Add description as navigation point\r
41 ADD_DESCR("admin", basename(__FILE__));\r
42 \r
43 // Instance for the cache extension\r
44 global $CACHE;\r
45 \r
46 // Set selection data to empty array when it is empty\r
47 if (empty($_POST['sel'])) $_POST['sel'] = array();\r
48 \r
49 // Check if direct admin account was selected\r
50 if (!empty($_GET['admin']))\r
51 {\r
52         // Secure ID number\r
53         $aid = bigintval($_GET['admin']);\r
54         $_POST['edit'] = "1";\r
55         $_POST['sel'][$aid] = array("1");\r
56 }\r
57 \r
58 if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))\r
59 {\r
60         // Edit account(s)\r
61         $SW = 2; $OUT = "";\r
62         foreach ($_POST['sel'] as $id=>$sel)\r
63         {\r
64                 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",\r
65                  array(bigintval($id)), __FILE__, __LINE__);\r
66                 if (SQL_NUMROWS($result) == 1)\r
67                 {\r
68                         // Entry found\r
69                         $content = SQL_FETCHARRAY($result);\r
70                         SQL_FREERESULT($result);\r
71                         $content['mode']    = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);\r
72                         $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);\r
73 \r
74                         // Prepare some more data for the template\r
75                         $content['sw'] = $SW;\r
76                         $content['id'] = $id;\r
77 \r
78                         // Load row template and switch color\r
79                         $OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);\r
80                         $SW = 3 - $SW;\r
81                 }\r
82         }\r
83         define('__ADMINS_ROWS', $OUT);\r
84 \r
85         // Load template\r
86         LOAD_TEMPLATE("admin_edit_admins");\r
87 }\r
88  elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0))\r
89 {\r
90         // Change admin accounts\r
91         $CACHE_UPDATE = "0";\r
92         foreach ($_POST['login'] as $id=>$login)\r
93         {\r
94                 // Secure ID number\r
95                 $id = bigintval($id);\r
96 \r
97                 // When both passwords match update admin account\r
98                 if ($_POST['pass1'][$id] == $_POST['pass2'][$id])\r
99                 {\r
100                         // Save only when both passwords are the same (also when they are empty)\r
101                         $ADD = ""; $CACHE_UPDATE = "1";\r
102 \r
103                         // Generate hash\r
104                         $hash = generateHash($_POST['pass1'][$id]);\r
105 \r
106                         // Save password when set\r
107                         if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";\r
108 \r
109                         // Get admin's ID\r
110                         $salt = substr(GET_ADMIN_HASH($_COOKIE['admin_login']), 0, -40);\r
111                         $aid = GET_ADMIN_ID($_COOKIE['admin_login']);\r
112 \r
113                         // Rewrite cookie when it's own account\r
114                         if ($aid == $id)\r
115                         {\r
116                                 // Timeout\r
117                                 $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);\r
118 \r
119                                 // Set timeout cookie\r
120                                 @setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH);\r
121 \r
122                                 if ($login != $_COOKIE['admin_login'])\r
123                                 {\r
124                                         // Update login cookie\r
125                                         @setcookie("admin_login", $login, $TIMEOUT, COOKIE_PATH);\r
126 \r
127                                         // Update password cookie as well?\r
128                                         if (!empty($ADD)) @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);\r
129                                 }\r
130                                  elseif (generateHash($_POST['pass1'][$id], $salt) != $_COOKIE['admin_md5'])\r
131                                 {\r
132                                         // Update password cookie\r
133                                         @setcookie("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);\r
134                                 }\r
135 \r
136                         }\r
137 \r
138                         // Update admin account\r
139                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET\r
140 login='%s'".$ADD.",\r
141 email='%s',\r
142 default_acl='%s',\r
143 la_mode='%s'\r
144 WHERE id=%d LIMIT 1",\r
145  array(\r
146         $login,\r
147         $_POST['email'][$id],\r
148         $_POST['mode'][$id],\r
149         $_POST['la_mode'][$id],\r
150         $id\r
151 ), __FILE__, __LINE__);\r
152 \r
153                         // Admin account saved\r
154                         $MSG = ADMIN_ACCOUNT_SAVED;\r
155                 }\r
156                  else\r
157                 {\r
158                         // Passwords did not match\r
159                         $MSG = ADMINS_ERROR_PASS_MISMATCH;\r
160                 }\r
161         }\r
162 \r
163         // Remove cache file\r
164         if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))\r
165         {\r
166                 if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();\r
167         }\r
168 \r
169         // Display message\r
170         if (!empty($MSG))\r
171         {\r
172                 LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");\r
173         }\r
174 }\r
175  elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0))\r
176 {\r
177         // Check if this account is the last one which cannot be deleted...\r
178         $result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);\r
179         $accounts = SQL_NUMROWS($result_main);\r
180         SQL_FREERESULT($result_main);\r
181         if ($accounts > 1)\r
182         {\r
183                 // Delete accounts\r
184                 $SW = 2; $OUT = "";\r
185                 foreach ($_POST['sel'] as $id=>$sel)\r
186                 {\r
187                         $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",\r
188                          array(bigintval($id)), __FILE__, __LINE__);\r
189                         if (SQL_NUMROWS($result) == 1)\r
190                         {\r
191                                 // Entry found\r
192                                 $content = SQL_FETCHARRAY($result);\r
193                                 SQL_FREERESULT($result);\r
194                                 $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";\r
195                                 eval($eval);\r
196                                 $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";\r
197                                 eval($eval);\r
198 \r
199                                 // Prepare some more data\r
200                                 $content['sw'] = $SW;\r
201                                 $content['id'] = $id;\r
202 \r
203                                 // Load row template and switch color\r
204                                 $OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);\r
205                                 $SW = 3 - $SW;\r
206                         }\r
207                 }\r
208                 define('__ADMINS_ROWS', $OUT);\r
209 \r
210                 // Load template\r
211                 LOAD_TEMPLATE("admin_del_admins");\r
212         }\r
213          else\r
214         {\r
215                 // Cannot delete last account!\r
216                 LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);\r
217         }\r
218 }\r
219  else\r
220 {\r
221         if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0))\r
222         {\r
223                 // Remove accounts now\r
224                 $CACHE_UPDATE = "0";\r
225                 foreach ($_POST['sel'] as $id=>$del)\r
226                 {\r
227                         // Delete only when it's not your own account!\r
228                         if (($del == 1) && (GET_ADMIN_ID($_COOKIE['admin_login']) != $id))\r
229                         {\r
230                                 // Rewrite his tasks to all admins\r
231                                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",\r
232                                  array(bigintval($id)), __FILE__, __LINE__);\r
233 \r
234                                 // Remove account\r
235                                 $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",\r
236                                  array(bigintval($id)), __FILE__, __LINE__);\r
237 \r
238                                 $CACHE_UPDATE = "1";\r
239                         }\r
240                 }\r
241 \r
242                 // Remove cache if cache system is activated\r
243                 if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))\r
244                 {\r
245                         if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();\r
246                 }\r
247         }\r
248 \r
249         // List all admin accounts\r
250         $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login", __FILE__, __LINE__);\r
251         $SW = 2; $OUT = "";\r
252         while ($content = SQL_FETCHARRAY($result))\r
253         {\r
254                 // Compile some variables\r
255                 $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";\r
256                 eval($eval);\r
257                 $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";\r
258                 eval($eval);\r
259 \r
260                 // Prepare some more data\r
261                 $content['sw']         = $SW;\r
262                 $content['email_link'] = CREATE_EMAIL_LINK($content['id']);\r
263 \r
264                 // Load row template and switch color\r
265                 $OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);\r
266                 $SW = 3 - $SW;\r
267         }\r
268 \r
269         // Free memory\r
270         SQL_FREERESULT($result);\r
271         define('__ADMINS_ROWS', $OUT);\r
272 \r
273         // Load template\r
274         LOAD_TEMPLATE("admin_list_admins");\r
275 }\r
276 //\r
277 ?>\r
Mailer-Project repository