Fix in CREATE_EXTENSION_DEACTIVATION_TASK() and coding-style updated
[mailer.git] / inc / libs / admins_functions.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 06/30/2003 *
4  * ===============                              Last change: 11/27/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : admins_functions.php                             *
8  * -------------------------------------------------------------------- *
9  * Short description : Functions for the admins extension               *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Funktionen fuer die admins-Erweiterung           *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software; you can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License, or    *
21  * (at your option) any later version.                                  *
22  *                                                                      *
23  * This program is distributed in the hope that it will be useful,      *
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
26  * GNU General Public License for more details.                         *
27  *                                                                      *
28  * You should have received a copy of the GNU General Public License    *
29  * along with this program; if not, write to the Free Software          *
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
31  * MA  02110-1301  USA                                                  *
32  ************************************************************************/
33
34 // Some security stuff...
35 if (!defined('__SECURITY')) {
36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
37         require($INC);
38 }
39
40 // Check ACL for menu combination
41 function ADMINS_CHECK_ACL($act, $wht) {
42         global $cacheArray, $_CONFIG, $cacheInstance;
43         // If action is login or logout allow allways!
44         $default = "allow";
45         if (($act == "login") || ($act == "logout")) return true;
46
47         // Default is deny
48         $ret = false;
49
50         // Get admin's ID
51         $aid = GET_CURRENT_ADMIN_ID();
52
53         // Get admin's defult access right
54         $default = GET_ADMIN_DEFAULT_ACL($aid);
55
56
57         if (!empty($wht)) {
58                 // Check for parent menu:
59                 // First get it's action value
60                 $parent_action = GET_ACTION("admin", $wht);
61
62                 // Check with this function...
63                 $parent = ADMINS_CHECK_ACL($parent_action, "");
64         } else {
65                 // Anything else is true!
66                 $parent = false;
67         }
68
69         // Shall I test for a main or sub menu? (action or what?)
70         $lines = 0; $acl_mode = "failed";
71         if (GET_EXT_VERSION("cache") >= "0.1.2") {
72                 // Load only from array when there are lines!
73                 if ((isset($cacheArray['admin_acls'])) && (is_array($cacheArray['admin_acls'])) && (count($cacheArray['admin_acls']) > 0)) {
74                         // Load ACL from array
75                         foreach ($cacheArray['admin_acls']['admin_id'] as $id => $aid_acls) {
76                                 if ($aid == $aid_acls) {
77                                         // Okay, one line was found!
78                                         if ((!empty($act)) && ($cacheArray['admin_acls']['action_menu'][$id] == $act)) {
79                                                 // Main menu line found
80                                                 $acl_mode = $cacheArray['admin_acls']['access_mode'][$id];
81                                                 $lines = 1;
82                                         }
83                                          elseif ((!empty($wht)) && ($cacheArray['admin_acls']['what_menu'][$id] == $wht)) {
84                                                 // Check sub menu
85                                                 $acl_mode = $cacheArray['admin_acls']['access_mode'][$id];
86                                                 $lines = 1;
87                                         }
88                                         if ($lines == 1) {
89                                                 // Count cache hits
90                                                 if (getConfig('cache_hits') > 0) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; }
91                                                 break;
92                                         }
93                                 }
94                         }
95
96                         // No ACL found?
97                         if ($acl_mode == "failed") {
98                                 $acl_mode = "";
99                                 $lines = 0;
100                         }
101                 } else {
102                         // No lines here
103                         $lines = 0;
104                 }
105         } else {
106                 // Old version, so load it from database
107                 if (!empty($act))
108                 {
109                         // Main menu
110                         $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' LIMIT 1",
111                          array(bigintval($aid), $act), __FILE__, __LINE__);
112                 } elseif (!empty($wht)) {
113                         // Sub menu
114                         $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND what_menu='%s' LIMIT 1",
115                          array(bigintval($aid), $wht), __FILE__, __LINE__);
116                 }
117
118                 // Get number of lines
119                 $lines = SQL_NUMROWS($result);
120
121                 // Load ACL
122                 list($acl_mode) = SQL_FETCHROW($result);
123                 SQL_FREERESULT($result);
124         }
125
126         // Check ACL and (maybe) allow
127         if ((($default == "allow") && ($lines == 0)) || (($default == "deny") && ($lines == "1") && ($acl_mode == "allow")) || (($lines == 0) && ($parent))) $ret = true;
128
129         // Return value
130         return $ret;
131 }
132
133 // Create email link to admins's account
134 function ADMINS_CREATE_EMAIL_LINK($email, $mod="admin") {
135         $locked = " AND status='CONFIRMED'";
136         if (IS_ADMIN()) $locked = "";
137         if (strpos("@", $email) > 0) {
138                 // Create email link
139                 $result = SQL_QUERY_ESC("SELECT id
140 FROM "._MYSQL_PREFIX."_admins
141 WHERE email='%s'".$locked." LIMIT 1",
142  array($email), __FILE__, __LINE__);
143
144                 // Is there an entry?
145                 if (SQL_NUMROWS($result) == 1) {
146                         // Load userid
147                         list($uid) = SQL_FETCHROW($result);
148
149                         // Rewrite email address to contact link
150                         $email = URL."/modules.php?module=".$mod."&amp;what=user_contct&amp;u_id=".bigintval($uid);
151                 }
152
153                 // Free memory
154                 SQL_FREERESULT($result);
155         } elseif (bigintval($email) > 0) {
156                 // Direct ID given
157                 $email = URL."/modules.php?module=".$mod."&amp;what=admins_contct&amp;admin=".bigintval($email);
158         }
159
160         // Return rewritten (?) email address
161         return $email;
162 }
163
164 // Change a lot admin account
165 function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) {
166         global $cacheInstance;
167
168         // Begin the update
169         $cache_update = 0;
170         foreach ($POST['login'] as $id => $login) {
171                 // Secure ID number
172                 $id = bigintval($id);
173
174                 // When both passwords match update admin account
175                 if ($POST['pass1'][$id] == $POST['pass2'][$id]) {
176                         // Save only when both passwords are the same (also when they are empty)
177                         $ADD = ""; $cache_update = "1";
178
179                         // Generate hash
180                         $hash = generateHash($POST['pass1'][$id]);
181
182                         // Save password when set
183                         if (!empty($POST['pass1'][$id])) $ADD = sprintf(", password='%s'", SQL_ESCAPE($hash));
184
185                         // Get admin's ID
186                         $aid = GET_CURRENT_ADMIN_ID();
187                         $salt = substr(GET_ADMIN_HASH($aid), 0, -40);
188
189                         // Rewrite cookie when it's own account
190                         if ($aid == $id) {
191                                 // Set timeout cookie
192                                 set_session("admin_last", time());
193
194                                 if ($login != get_session('admin_login')) {
195                                         // Update login cookie
196                                         set_session("admin_login", $login);
197
198                                         // Update password cookie as well?
199                                         if (!empty($ADD)) set_session("admin_md5", $hash);
200                                 } elseif (generateHash($POST['pass1'][$id], $salt) != get_session('admin_md5')) {
201                                         // Update password cookie
202                                         set_session("admin_md5", $hash);
203                                 }
204                         } // END - if
205
206                         // Get default ACL from admin to check if we can allow him to change the default ACL
207                         $default = GET_ADMIN_DEFAULT_ACL(GET_CURRENT_ADMIN_ID());
208
209                         // Update admin account
210                         if ($default == "allow") {
211                                 // Allow changing default ACL
212                                 SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
213 login='%s'".$ADD.",
214 email='%s',
215 default_acl='%s',
216 la_mode='%s'
217 WHERE id=%s LIMIT 1",
218  array(
219         $login,
220         $POST['email'][$id],
221         $POST['mode'][$id],
222         $POST['la_mode'][$id],
223         $id
224 ), __FILE__, __LINE__);
225                         } else {
226                                 // Do not allow it here
227                                 SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
228 login='%s'".$ADD.",
229 email='%s',
230 la_mode='%s'
231 WHERE id=%s LIMIT 1",
232  array(
233         $login,
234         $POST['email'][$id],
235         $POST['la_mode'][$id],
236         $id
237 ), __FILE__, __LINE__);
238                         }
239
240                         // Purge cache
241                         CACHE_PURGE_ADMIN_MENU($id);
242
243                         // Admin account saved
244                         $MSG = ADMIN_ACCOUNT_SAVED;
245                 } else {
246                         // Passwords did not match
247                         $MSG = ADMINS_ERROR_PASS_MISMATCH;
248                 }
249
250                 // Display message
251                 if (!empty($MSG)) {
252                         LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");
253                 }
254         }
255
256         // Remove cache file
257         RUN_FILTER('post_admin_edited', $_POST);
258 }
259
260 // Make admin accounts editable
261 function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) {
262         // Begin the edit loop
263         $SW = 2; $OUT = "";
264         foreach ($POST['sel'] as $id => $sel) {
265                 // Secure ID number
266                 $id = bigintval($id);
267
268                 // Get the admin's data
269                 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
270                  array($id), __FILE__, __LINE__);
271                 if ((SQL_NUMROWS($result) == 1) && ($sel == 1)) {
272                         // Entry found
273                         $content = SQL_FETCHARRAY($result);
274                         SQL_FREERESULT($result);
275
276                         // Prepare some more data for the template
277                         $content['sw'] = $SW;
278                         $content['id'] = $id;
279
280                         // Shall we allow changing default ACL?
281                         if ($content['mode'] == "allow") {
282                                 // Allow chaning it
283                                 $content['mode']    = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
284                         } else {
285                                 // Don't allow it
286                                 $content['mode'] = "&nbsp;";
287                         }
288                         $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
289
290                         // Load row template and switch color
291                         $OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);
292                         $SW = 3 - $SW;
293                 }
294         }
295         define('__ADMINS_ROWS', $OUT);
296
297         // Load template
298         LOAD_TEMPLATE("admin_edit_admins");
299 }
300
301 // Delete given admin accounts
302 function ADMINS_DELETE_ADMIN_ACCOUNTS ($POST) {
303         // Check if this account is the last one which cannot be deleted...
304         $result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);
305         $accounts = SQL_NUMROWS($result_main);
306         SQL_FREERESULT($result_main);
307         if ($accounts > 1) {
308                 // Delete accounts
309                 $SW = 2; $OUT = "";
310                 foreach ($POST['sel'] as $id => $sel) {
311                         // Secure ID number
312                         $id = bigintval($id);
313
314                         // Get the admin's data
315                         $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
316                          array($id), __FILE__, __LINE__);
317                         if (SQL_NUMROWS($result) == 1) {
318                                 // Entry found
319                                 $content = SQL_FETCHARRAY($result);
320                                 SQL_FREERESULT($result);
321                                 $content['mode'] = constant('ADMINS_'.strtoupper($content['mode']).'_MODE');
322                                 $content['la_mode'] = constant('ADMINS_'.strtoupper($content['la_mode']).'_LA_SETTING');
323
324                                 // Prepare some more data
325                                 $content['sw'] = $SW;
326                                 $content['id'] = $id;
327
328                                 // Load row template and switch color
329                                 $OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);
330                                 $SW = 3 - $SW;
331                         }
332                 }
333                 define('__ADMINS_ROWS', $OUT);
334
335                 // Load template
336                 LOAD_TEMPLATE("admin_del_admins");
337         } else {
338                 // Cannot delete last account!
339                 LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);
340         }
341 }
342
343 // Remove the given accounts
344 function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) {
345         // Begin removal
346         $cache_update = 0;
347         foreach ($POST['sel'] as $id => $del) {
348                 // Secure ID number
349                 $id = bigintval($id);
350
351                 // Delete only when it's not your own account!
352                 if (($del == 1) && (GET_CURRENT_ADMIN_ID() != $id)) {
353                         // Rewrite his tasks to all admins
354                         SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin=0 WHERE assigned_admin=%s",
355                          array($id), __FILE__, __LINE__);
356
357                         // Remove account
358                         SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
359                                 array($id), __FILE__, __LINE__);
360
361                         // Purge cache
362                         CACHE_PURGE_ADMIN_MENU($id);
363                         $cache_update = "1";
364                 }
365         }
366
367         // Remove cache if cache system is activated
368         RUN_FILTER('post_admin_deleted', $_POST);
369 }
370
371 // List all admin accounts
372 function ADMINS_LIST_ADMIN_ACCOUNTS() {
373         // Select all admin accounts
374         $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login ASC", __FILE__, __LINE__);
375         $SW = 2; $OUT = "";
376         while ($content = SQL_FETCHARRAY($result)) {
377                 // Compile some variables
378                 $content['mode'] = constant('ADMINS_'.strtoupper($content['mode']).'_MODE');
379                 $content['la_mode'] = constant('ADMINS_'.strtoupper($content['la_mode']).'_LA_SETTING');
380
381                 // Prepare some more data
382                 $content['sw']         = $SW;
383                 $content['email_link'] = CREATE_EMAIL_LINK($content['id']);
384
385                 // Load row template and switch color
386                 $OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);
387                 $SW = 3 - $SW;
388         }
389
390         // Free memory
391         SQL_FREERESULT($result);
392         define('__ADMINS_ROWS', $OUT);
393
394         // Load template
395         LOAD_TEMPLATE("admin_list_admins");
396 }
397
398 // Filter for adding extra data to the query
399 function FILTER_ADD_EXTRA_SQL_DATA () {
400         // Init extra data
401         $ADD = "";
402
403         // Is the admins extension updated? (should be!)
404         if (GET_EXT_VERSION("admins") >= "0.3")   $ADD .= ", default_acl AS def_acl";
405         if (GET_EXT_VERSION("admins") >= "0.6.7") $ADD .= ", la_mode";
406         if (GET_EXT_VERSION("admins") >= "0.7.0") $ADD .= ", login_failtures, UNIX_TIMESTAMP(last_failture) AS last_failture";
407
408         // Return it
409         return $ADD;
410 }
411
412 //
413 ?>