inc/libs/admins_functions.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 06/30/2003 *
   4  * ===============                              Last change: 11/27/2004 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : admins_functions.php                             *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Functions for the admins extension               *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Funktionen fuer die admins-Erweiterung           *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software; you can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License, or    *
  21  * (at your option) any later version.                                  *
  22  *                                                                      *
  23  * This program is distributed in the hope that it will be useful,      *
  24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  26  * GNU General Public License for more details.                         *
  27  *                                                                      *
  28  * You should have received a copy of the GNU General Public License    *
  29  * along with this program; if not, write to the Free Software          *
  30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  31  * MA  02110-1301  USA                                                  *
  32  ************************************************************************/
  33
  34 // Some security stuff...
  35 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
  36 {
  37         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
  38         require($INC);
  39 }
  40 //
  41 function ADMINS_CHECK_ACL($act, $wht)
  42 {
  43         global $ADMINS, $ADMINS_ACLS, $CONFIG, $CACHE;
  44         // If action is login or logout allow allways!
  45         $default = "allow";
  46         if (($act == "login") || ($act == "logout")) return true;
  47
  48         // Default is deny
  49         $ret = false;
  50
  51         // Get admin's defult access right
  52         if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']])) {
  53                 // Load from cache
  54                 $default = $ADMINS['def_acl'][$_COOKIE['admin_login']];
  55
  56                 // Count cache hits
  57                 $CONFIG['cache_hits']++;
  58         } elseif (!is_object($CACHE)) {
  59                 // Load from database
  60                 $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
  61                  array($_COOKIE['admin_login']), __FILE__, __LINE__);
  62                 list($default) = SQL_FETCHROW($result);
  63                 SQL_FREERESULT($result);
  64         }
  65
  66         // Get admin's ID
  67         $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
  68
  69         if (!empty($wht))
  70         {
  71                 // Check for parent menu:
  72                 // First get it's action value
  73                 $parent_action = GET_ACTION("admin", $wht);
  74
  75                 // Check with this function...
  76                 $parent = ADMINS_CHECK_ACL($parent_action, "");
  77         }
  78          else
  79         {
  80                 // Anything else is true!
  81                 $parent = false;
  82         }
  83
  84         // Shall I test for a main or sub menu? (action or what?)
  85         $lines = 0; $acl_mode = "failed";
  86         if (GET_EXT_VERSION("cache") >= "0.1.2")
  87         {
  88                 // Load only from array when there are lines!
  89                 if (count($ADMINS_ACLS) > 0)
  90                 {
  91                         // Load ACL from array
  92                         foreach ($ADMINS_ACLS['admin_id'] as $id=>$aid_acls)
  93                         {
  94                                 if ($aid == $aid_acls)
  95                                 {
  96                                         // Okay, one line was found!
  97                                         if ((!empty($act)) && ($ADMINS_ACLS['action_menu'][$id] == $act))
  98                                         {
  99                                                 // Main menu line found
 100                                                 $acl_mode = $ADMINS_ACLS['access_mode'][$id];
 101                                                 $lines = 1;
 102                                         }
 103                                          elseif ((!empty($wht)) && ($ADMINS_ACLS['what_menu'][$id] == $wht))
 104                                         {
 105                                                 // Check sub menu
 106                                                 $acl_mode = $ADMINS_ACLS['access_mode'][$id];
 107                                                 $lines = 1;
 108                                         }
 109                                         if ($lines == 1)
 110                                         {
 111                                                 // Count cache hits
 112                                                 $CONFIG['cache_hits']++;
 113                                                 break;
 114                                         }
 115                                 }
 116                         }
 117
 118                         // No ACL found?
 119                         if ($acl_mode == "failed")
 120                         {
 121                                 $acl_mode = "";
 122                                 $lines = 0;
 123                         }
 124                 }
 125                  else
 126                 {
 127                         // No lines here
 128                         $lines = 0;
 129                 }
 130         }
 131          else
 132         {
 133                 // Old version, so load it from database
 134                 if (!empty($act))
 135                 {
 136                         // Main menu
 137                         $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1",
 138                          array(bigintval($aid), $act), __FILE__, __LINE__);
 139                 }
 140                  elseif (!empty($wht))
 141                 {
 142                         // Sub menu
 143                         $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1",
 144                          array(bigintval($aid), $wht), __FILE__, __LINE__);
 145                 }
 146
 147                 // Get number of lines
 148                 $lines = SQL_NUMROWS($result);
 149
 150                 // Load ACL
 151                 list($acl_mode) = SQL_FETCHROW($result);
 152                 SQL_FREERESULT($result);
 153         }
 154
 155         // Check ACL and (maybe) allow
 156         if ((($default == "allow") && ($lines == 0)) || (($default == "deny") && ($lines == "1") && ($acl_mode == "allow")) || (($lines == 0) && ($parent))) $ret = true;
 157
 158         // Return value
 159         return $ret;
 160 }
 161 // Create email link to admins's account
 162 function ADMINS_CREATE_EMAIL_LINK($email, $mod="admin")
 163 {
 164         $locked = " AND status='CONFIRMED'";
 165         if (IS_ADMIN()) $locked = "";
 166         if (strpos("@", $email) > 0)
 167         {
 168                 // Create email link
 169                 $result = SQL_QUERY_ESC("SELECT id
 170 FROM "._MYSQL_PREFIX."_admins
 171 WHERE email='%s'".$locked." LIMIT 1",
 172  array($email), __FILE__, __LINE__);
 173                 if (SQL_NUMROWS($result) == 1)
 174                 {
 175                         // Load userid
 176                         list($uid) = SQL_FETCHROW($result);
 177
 178                         // Rewrite email address to contact link
 179                         $email = URL."/modules.php?module=".$mod."&amp;what=user_contct&amp;u_id=".bigintval($uid);
 180                 }
 181
 182                 // Free memory
 183                 SQL_FREERESULT($result);
 184         }
 185          elseif (bigintval($email) > 0)
 186         {
 187                 // Direct ID given
 188                 $email = URL."/modules.php?module=".$mod."&amp;what=admins_contct&amp;admin=".bigintval($email);
 189         }
 190
 191         // Return rewritten (?) email address
 192         return $email;
 193 }
 194 //
 195 ?>