projects / mailer.git / blob
? search:


bc63f76e2c97f45dd44c7f363a24644818c6f6e4
[mailer.git] / inc / libs / admins_functions.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 06/30/2003 *
4  * ===============                              Last change: 11/27/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : admins_functions.php                             *
8  * -------------------------------------------------------------------- *
9  * Short description : Functions for the admins extension               *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Funktionen fuer die admins-Erweiterung           *
12  * -------------------------------------------------------------------- *
13  * $Revision::                                                        $ *
14  * $Date::                                                            $ *
15  * $Tag:: 0.2.1-FINAL                                                 $ *
16  * $Author::                                                          $ *
17  * Needs to be in all Files and every File needs "svn propset           *
18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
19  * -------------------------------------------------------------------- *
20  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
21  * For more information visit: http://www.mxchange.org                  *
22  *                                                                      *
23  * This program is free software; you can redistribute it and/or modify *
24  * it under the terms of the GNU General Public License as published by *
25  * the Free Software Foundation; either version 2 of the License, or    *
26  * (at your option) any later version.                                  *
27  *                                                                      *
28  * This program is distributed in the hope that it will be useful,      *
29  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
30  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
31  * GNU General Public License for more details.                         *
32  *                                                                      *
33  * You should have received a copy of the GNU General Public License    *
34  * along with this program; if not, write to the Free Software          *
35  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
36  * MA  02110-1301  USA                                                  *
37  ************************************************************************/
38
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
41         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php';
42         require($INC);
43 }
44
45 // Check ACL for menu combination
46 function adminsCheckAdminAcl ($act, $wht) {
47         // If action is login or logout allow allways!
48         $default = "allow";
49         if (($act == "login") || ($act == "logout")) return true;
50
51         // Default is deny
52         $ret = false;
53
54         // Get admin's ID
55         $aid = getCurrentAdminId();
56
57         // Get admin's defult access right
58         $default = getAdminDefaultAcl($aid);
59
60         if (!empty($wht)) {
61                 // Check for parent menu:
62                 // First get it's action value
63                 $parent_action = getModeAction('admin', $wht);
64
65                 // Check with this function...
66                 $parent = adminsCheckAdminAcl($parent_action, '');
67         } else {
68                 // Anything else is true!
69                 $parent = false;
70         }
71
72         // Shall I test for a main or sub menu? (action or what?)
73         $acl_mode = 'failed';
74         if ((GET_EXT_VERSION('cache') >= '0.1.2') && (count($GLOBALS['cache_array']['admin_acls']) > 0)) {
75                 // Lookup in cache
76                 if ((!empty($act)) && (isset($GLOBALS['cache_array']['admin_acls']['action_menu'][$aid])) & ($GLOBALS['cache_array']['admin_acls']['action_menu'][$aid] == $act)) {
77                         // Main menu line found
78                         $acl_mode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$aid];
79
80                         // Count cache hits
81                         incrementConfigEntry('cache_hits');
82                 } elseif ((!empty($wht)) && (isset($GLOBALS['cache_array']['admin_acls']['what_menu'][$aid])) && ($GLOBALS['cache_array']['admin_acls']['what_menu'][$aid] == $wht)) {
83                         // Check sub menu
84                         $acl_mode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$aid];
85
86                         // Count cache hits
87                         incrementConfigEntry('cache_hits');
88                 }
89         } elseif (!EXT_IS_ACTIVE('cache')) {
90                 // Old version, so load it from database
91                 if (!empty($act)) {
92                         // Main menu
93                         $result = SQL_QUERY_ESC("SELECT access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND action_menu='%s' LIMIT 1",
94                         array(bigintval($aid), $act), __FUNCTION__, __LINE__);
95                 } elseif (!empty($wht)) {
96                         // Sub menu
97                         $result = SQL_QUERY_ESC("SELECT access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND what_menu='%s' LIMIT 1",
98                         array(bigintval($aid), $wht), __FUNCTION__, __LINE__);
99                 }
100
101                 // Is an entry found?
102                 if (SQL_NUMROWS($result) == 1) {
103                         // Load ACL
104                         list($acl_mode) = SQL_FETCHROW($result);
105                 } // END - if
106
107                 // Free memory
108                 SQL_FREERESULT($result);
109         }
110
111         // Check ACL and (maybe) allow
112         if (($default == "allow") || (($default == "deny") && ($acl_mode == "allow")) || ($parent === true)) {
113                 // Access is granted
114                 $ret = true;
115         } // END - if
116
117         // Return value
118         //* DEBUG: */ print __FUNCTION__."[".__LINE__."]:act={$act},wht={$wht},default={$default},acl_mode={$acl_mode}<br />\n";
119         return $ret;
120 }
121
122 // Create email link to admins's account
123 function adminsCreateEmailLink ($email, $mod='admin') {
124         // Is it an email?
125         if (strpos($email, "@") !== false) {
126                 // Create email link
127                 $result = SQL_QUERY_ESC("SELECT `id`
128 FROM `{!_MYSQL_PREFIX!}_admins`
129 WHERE `email`='%s' LIMIT 1",
130                 array($email), __FUNCTION__, __LINE__);
131
132                 // Is there an entry?
133                 if (SQL_NUMROWS($result) == 1) {
134                         // Load userid
135                         list($aid) = SQL_FETCHROW($result);
136
137                         // Rewrite email address to contact link
138                         $email = "{!URL!}/modules.php?module=".$mod."&amp;what=admins_contct&amp;admin=".bigintval($aid);
139                 } // END - if
140
141                 // Free memory
142                 SQL_FREERESULT($result);
143         } elseif ((is_int($email)) && ($email > 0)) {
144                 // Direct ID given
145                 $email = "{!URL!}/modules.php?module=".$mod."&amp;what=admins_contct&amp;admin=".bigintval($email);
146         }
147
148         // Return rewritten (?) email address
149         return $email;
150 }
151
152 // Change a lot admin account
153 function adminsChangeAdminAccount ($POST) {
154         // Begin the update
155         $cache_update = 0;
156         foreach ($POST['login'] as $id => $login) {
157                 // Secure ID number
158                 $id = bigintval($id);
159
160                 // When both passwords match update admin account
161                 if ($POST['pass1'][$id] == $POST['pass2'][$id]) {
162                         // Save only when both passwords are the same (also when they are empty)
163                         $add = ''; $cache_update = '1';
164
165                         // Generate hash
166                         $hash = generateHash($POST['pass1'][$id]);
167
168                         // Save password when set
169                         if (!empty($POST['pass1'][$id])) $add = sprintf(", password='%s'", SQL_ESCAPE($hash));
170
171                         // Get admin's ID
172                         $aid = getCurrentAdminId();
173                         $salt = substr(GET_ADMIN_HASH($aid), 0, -40);
174
175                         // Rewrite cookie when it's own account
176                         if ($aid == $id) {
177                                 // Set timeout cookie
178                                 setSession('admin_last', time());
179
180                                 if ($login != getSession('admin_login')) {
181                                         // Update login cookie
182                                         setSession('admin_login', $login);
183
184                                         // Update password cookie as well?
185                                         if (!empty($add)) setSession('admin_md5', $hash);
186                                 } elseif (generateHash($POST['pass1'][$id], $salt) != getSession('admin_md5')) {
187                                         // Update password cookie
188                                         setSession('admin_md5', $hash);
189                                 }
190                         } // END - if
191
192                         // Get default ACL from admin to check if we can allow him to change the default ACL
193                         $default = getAdminDefaultAcl(getCurrentAdminId());
194
195                         // Update admin account
196                         if ($default == "allow") {
197                                 // Allow changing default ACL
198                                 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET
199 login='%s'".$add.",
200 email='%s',
201 default_acl='%s',
202 la_mode='%s'
203 WHERE `id`=%s LIMIT 1",
204                                 array(
205                                 $login,
206                                 $POST['email'][$id],
207                                 $POST['mode'][$id],
208                                 $POST['la_mode'][$id],
209                                 $id
210                                 ), __FUNCTION__, __LINE__);
211                         } else {
212                                 // Do not allow it here
213                                 SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET
214 login='%s'".$add.",
215 email='%s',
216 la_mode='%s'
217 WHERE `id`=%s LIMIT 1",
218                                 array(
219                                 $login,
220                                 $POST['email'][$id],
221                                 $POST['la_mode'][$id],
222                                 $id
223                                 ), __FUNCTION__, __LINE__);
224                         }
225
226                         // Purge cache
227                         cachePurgeAdminMenu($id);
228
229                         // Admin account saved
230                         $message = ADMIN_ACCOUNT_SAVED;
231                 } else {
232                         // Passwords did not match
233                         $message = ADMINS_ERROR_PASS_MISMATCH;
234                 }
235
236                 // Display message
237                 if (!empty($message)) {
238                         LOAD_TEMPLATE('admin_settings_saved', false, $message);
239                 }
240         }
241
242         // Remove cache file
243         runFilterChain('post_admin_edited', REQUEST_POST_ARRAY());
244 }
245
246 // Make admin accounts editable
247 function adminsEditAdminAccount ($POST) {
248         // "Resolve" current's admin access mode
249         $currMode = getAdminDefaultAcl(getCurrentAdminId());
250
251         // Begin the edit loop
252         $OUT = ''; $SW = 2;
253         foreach ($POST['sel'] as $id => $selected) {
254                 // Secure ID number
255                 $id = bigintval($id);
256
257                 // Get the admin's data
258                 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM `{!_MYSQL_PREFIX!}_admins` WHERE `id`=%s LIMIT 1",
259                 array($id), __FUNCTION__, __LINE__);
260                 if ((SQL_NUMROWS($result) == 1) && ($selected == 1)) {
261                         // Entry found
262                         $content = SQL_FETCHARRAY($result);
263                         SQL_FREERESULT($result);
264
265                         // Prepare some more data for the template
266                         $content['sw'] = $SW;
267                         $content['id'] = $id;
268
269                         // Shall we allow changing default ACL?
270                         if ($currMode == "allow") {
271                                 // Allow chaning it
272                                 $content['mode']    = generateOptionList('/ARRAY/', array("allow", "deny"), array(constant('ADMINS_ALLOW_MODE'), constant('ADMINS_DENY_MODE')), $content['mode']);
273                         } else {
274                                 // Don't allow it
275                                 $content['mode'] = '&nbsp;';
276                         }
277                         $content['la_mode'] = generateOptionList('/ARRAY/', array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
278
279                         // Load row template and switch color
280                         $OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);
281                         $SW = 3 - $SW;
282                 }
283         }
284         define('__ADMINS_ROWS', $OUT);
285
286         // Load template
287         LOAD_TEMPLATE("admin_edit_admins");
288 }
289
290 // Delete given admin accounts
291 function adminsDeleteAdminAccount ($POST) {
292         // Check if this account is the last one which cannot be deleted...
293         $result_main = SQL_QUERY("SELECT `id` FROM `{!_MYSQL_PREFIX!}_admins`", __FUNCTION__, __LINE__);
294         $accounts = SQL_NUMROWS($result_main);
295         SQL_FREERESULT($result_main);
296         if ($accounts > 1) {
297                 // Delete accounts
298                 $OUT = ''; $SW = 2;
299                 foreach ($POST['sel'] as $id => $selected) {
300                         // Secure ID number
301                         $id = bigintval($id);
302
303                         // Get the admin's data
304                         $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM `{!_MYSQL_PREFIX!}_admins` WHERE `id`=%s LIMIT 1",
305                         array($id), __FUNCTION__, __LINE__);
306                         if (SQL_NUMROWS($result) == 1) {
307                                 // Entry found
308                                 $content = SQL_FETCHARRAY($result);
309                                 SQL_FREERESULT($result);
310                                 $content['mode'] = constant('ADMINS_'.strtoupper($content['mode']).'_MODE');
311                                 $content['la_mode'] = constant('ADMINS_'.strtoupper($content['la_mode']).'_LA_SETTING');
312
313                                 // Prepare some more data
314                                 $content['sw'] = $SW;
315                                 $content['id'] = $id;
316
317                                 // Load row template and switch color
318                                 $OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);
319                                 $SW = 3 - $SW;
320                         }
321                 }
322                 define('__ADMINS_ROWS', $OUT);
323
324                 // Load template
325                 LOAD_TEMPLATE("admin_del_admins");
326         } else {
327                 // Cannot delete last account!
328                 LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_ADMINS_CANNOT_DELETE_LAST'));
329         }
330 }
331
332 // Remove the given accounts
333 function adminsRemoveAdminAccount ($POST) {
334         // Begin removal
335         $cache_update = 0;
336         foreach ($POST['sel'] as $id => $del) {
337                 // Secure ID number
338                 $id = bigintval($id);
339
340                 // Delete only when it's not your own account!
341                 if (($del == 1) && (getCurrentAdminId() != $id)) {
342                         // Rewrite his tasks to all admins
343                         SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_task_system` SET `assigned_admin`=0 WHERE `assigned_admin`=%s",
344                         array($id), __FUNCTION__, __LINE__);
345
346                         // Remove account
347                         SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins` WHERE `id`=%s LIMIT 1",
348                         array($id), __FUNCTION__, __LINE__);
349
350                         // Purge cache
351                         cachePurgeAdminMenu($id);
352                         $cache_update = '1';
353                 }
354         }
355
356         // Remove cache if cache system is activated
357         runFilterChain('post_admin_deleted', REQUEST_POST_ARRAY());
358 }
359
360 // List all admin accounts
361 function adminsListAdminAccounts() {
362         // Select all admin accounts
363         $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM `{!_MYSQL_PREFIX!}_admins` ORDER BY login ASC", __FUNCTION__, __LINE__);
364         $OUT = ''; $SW = 2;
365         while ($content = SQL_FETCHARRAY($result)) {
366                 // Compile some variables
367                 $content['mode'] = constant('ADMINS_'.strtoupper($content['mode']).'_MODE');
368                 $content['la_mode'] = constant('ADMINS_'.strtoupper($content['la_mode']).'_LA_SETTING');
369
370                 // Prepare some more data
371                 $content['sw']         = $SW;
372                 $content['email_link'] = generateMemberEmailLink($content['id']);
373
374                 // Load row template and switch color
375                 $OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);
376                 $SW = 3 - $SW;
377         }
378
379         // Free memory
380         SQL_FREERESULT($result);
381         define('__ADMINS_ROWS', $OUT);
382
383         // Load template
384         LOAD_TEMPLATE("admin_list_admins");
385 }
386
387 // Filter for adding extra data to the query
388 function FILTER_ADD_EXTRA_SQL_DATA ($add = '') {
389         // Is the admins extension updated? (should be!)
390         if (GET_EXT_VERSION('admins') >= '0.3.0')   $add .= ", default_acl AS def_acl";
391         if (GET_EXT_VERSION('admins') >= '0.6.7') $add .= ", la_mode";
392         if (GET_EXT_VERSION('admins') >= '0.7.2') $add .= ", login_failures, UNIX_TIMESTAMP(last_failure) AS last_failure";
393
394         // Return it
395         return $add;
396 }
397
398 //
399 ?>
Mailer-Project repository