Security line in all includes changed
[mailer.git] / inc / modules / admin / overview-inc.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 07/13/2004 *
4  * ===============                              Last change: 08/02/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : overview-inc.php                                 *
8  * -------------------------------------------------------------------- *
9  * Short description : Output standard task management                  *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Standart-Aufgaben-Management ausgeben            *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software; you can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License, or    *
21  * (at your option) any later version.                                  *
22  *                                                                      *
23  * This program is distributed in the hope that it will be useful,      *
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
26  * GNU General Public License for more details.                         *
27  *                                                                      *
28  * You should have received a copy of the GNU General Public License    *
29  * along with this program; if not, write to the Free Software          *
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
31  * MA  02110-1301  USA                                                  *
32  ************************************************************************/
33
34 // Some security stuff...
35 if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
37         require($INC);
38 }
39
40 function OUTPUT_STANDARD_OVERVIEW(&$result_tasks)
41 {
42         global $cacheArray, $cacheArray;
43
44         // First check for solved and not assigned tasks and assign them to current admin
45         $result_task = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE assigned_admin < 1 AND status != 'NEW'",
46          array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
47
48         // We currently don't want to install an extension so let's find out if we need...
49         $EXT_LOAD_MODE = "register";
50         $JOBS_DONE = true;
51
52         // Open the extension directory
53         $handle = opendir(PATH."inc/extensions/") or mxchange_die("Cannot read extension directory!");
54         while ($file = readdir($handle)) {
55                 // Is this file an extension?
56                 if ((substr($file, 0, 4) == "ext-") && (substr($file, -4) == ".php")) {
57                         //* DEBUG: */ echo $file."<br />\n";
58                         // Possible newly installed extension found so we extract extension's name
59                         $ext = strtolower(substr($file, 4, -4)); // Keep always extension names on lower case!!!
60
61                         // Init variables
62                         $ext_ver = "";
63                         $result = false;
64
65                         // Check if extension is installed or not
66                         if ((is_array($cacheArray['extensions']['ext_version'])) && (isset($cacheArray['extensions']['ext_version'][$ext]))) {
67                                 // Load version from cache
68                                 if (!empty($cacheArray['extensions']['ext_version'][$ext])) {
69                                         // Extension is installed so we can get it's version number
70                                         $ext_ver = $cacheArray['extensions']['ext_version'][$ext];
71                                 } else {
72                                         // Extension is not installed so no version number was found
73                                         $ext_ver = "";
74                                 }
75
76                                 // Disable load from database
77                                 $result = false;
78                         } elseif (!EXT_IS_ACTIVE("cache")) {
79                                 // Load data from database
80                                 $result = SQL_QUERY_ESC("SELECT id, ext_version FROM "._MYSQL_PREFIX."_extensions WHERE ext_name='%s' LIMIT 1",
81                                  array($ext), __FILE__, __LINE__);
82                         }
83
84                         // Is the extension not yet installed?
85                         if ((SQL_NUMROWS($result) == 0) && (empty($ext_ver))) {
86                                 // Generate subject line
87                                 $ext_subj = sprintf("[%s:]", $ext);
88
89                                 // Create a task for newly installed extension
90                                 CREATE_NEW_EXTENSION_TASK(GET_ADMIN_ID(get_session('admin_login')), $ext_subj, $ext);
91
92                                 // We maybe want to install an extension so let's test-drive it...
93                                 include(PATH."inc/extensions/".$file);
94                         } else {
95                                 // Maybe we want to update?
96                                 if ((empty($cacheArray['extensions']['ext_version'][$ext])) && (SQL_NUMROWS($result) == 1)) {
97                                         list($dummy, $ext_ver) = SQL_FETCHROW($result);
98                                         SQL_FREERESULT($result);
99                                 }
100
101                                 // Update extension
102                                 if (!empty($ext_ver)) EXTENSION_UPDATE($file, $ext, $ext_ver);
103
104                                 if (!empty($cacheArray['active_extensions'][$ext])) {
105                                         // Maybe we want to keept the current extension active?
106                                         if (($cacheArray['active_extensions'][$ext] == "Y") && (!EXT_IS_ACTIVE($ext))) {
107                                                 // Reactivate this extension!
108                                                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_extensions SET ext_active='Y' WHERE ext_name='%s' LIMIT 1",
109                                                  array($ext), __FILE__, __LINE__);
110
111                                                 // Extension has been activated?
112                                                 if (SQL_AFFECTEDROWS() == 1) {
113                                                         // Then run all queries
114                                                         EXTENSION_RUN_SQLS(GET_EXT_ID($ext), "activate");
115                                                 } // END - if
116                                         } // END - if
117                                 }
118                         }
119                 }
120         }
121
122         // Close directory handle
123         closedir($handle);
124
125         // At last - but not least - check for own and new unassigned tasks...
126         $result_tasks = SQL_QUERY_ESC("SELECT id, assigned_admin, userid, task_type, subject, text, task_created
127 FROM "._MYSQL_PREFIX."_task_system
128 WHERE assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')
129 ORDER BY userid DESC, task_type DESC, subject, task_created DESC",
130          array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
131
132         if (SQL_NUMROWS($result_tasks) > 0) {
133                 // New jobs found!
134                 $JOBS_DONE = false;
135         }
136
137         // Free the result
138         SQL_FREERESULT($result);
139
140         // Return status
141         return $JOBS_DONE;
142 }
143
144 //
145 function OUTPUT_SELECTED_TASKS($_POST, $result_tasks) {
146         global $_CONFIG, $NOTES;
147         if ((isset($_POST['assign'])) && (count($_POST['task']) > 0)) {
148                 // Assign / do tasks
149                 $OUT = ""; $SW = 2;
150                 foreach ($_POST['task'] as $id => $sel) {
151                         $result_task = SQL_QUERY_ESC("SELECT id, userid, task_type, subject, text, task_created, status, assigned_admin FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND (assigned_admin='%s' OR (assigned_admin='0' AND status='NEW')) LIMIT 1",
152                          array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
153                         if (SQL_NUMROWS($result_task) == 1) {
154                                 // Task is valid...
155                                 list($tid, $uid, $type, $subj, $text, $created, $status, $aid) = SQL_FETCHROW($result_task);
156                                 SQL_FREERESULT($result_task);
157
158                                 if ($aid == "0") {
159                                         // Assgin current admin to unassgigned task
160                                         $result_assign = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='%s' WHERE id=%s LIMIT 1",
161                                          array(GET_ADMIN_ID(get_session('admin_login')), bigintval($tid)), __FILE__, __LINE__);
162                                 }
163
164                                 $ADD = "";
165                                 if ($type == "SUPPORT_MEMBER") {
166                                         $mode = substr($text, 0, strpos($text, ":"));
167                                         $text = substr($text, strpos($text, ":") + 1);
168                                         $ADD = "<LI>".ADMIN_TASK_SUPPORT_MODE.": <STRONG>".$mode."</STRONG></LI>";
169                                 }
170
171                                 if ($uid > 0) {
172                                         $result_user = SQL_QUERY_ESC("SELECT gender, surname, family, email FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
173                                          array(bigintval($uid)), __FILE__, __LINE__);
174                                         if (SQL_NUMROWS($result_user) == 1)
175                                         {
176                                                 list($gender, $sname, $fname, $email) = SQL_FETCHROW($result_user);
177                                                 SQL_FREERESULT($result_user);
178                                                 $ADD = "<LI>".ADMIN_MEMBER_UID.": <STRONG>".ADMIN_USER_PROFILE_LINK($uid)." (<A href=\"".CREATE_EMAIL_LINK($email, "user_data")."\">".TRANSLATE_GENDER($gender)." ".$sname." ".$fname."</A>)</STRONG></LI>";
179                                         }
180                                 }
181
182                                 // Compile and insert text from task into table template
183                                 $text = LOAD_TEMPLATE("admin_extensions_text", true, COMPILE_CODE($text));
184
185                                 // Initialize variables (no title for SQL commands by default)
186                                 $ext_name = "";
187                                 $title = TASK_NO_TITLE;
188
189                                 // Shall I list SQL commands assigned to an extension installation or update task?
190                                 if (((GET_EXT_VERSION("sql_patches") != '') && ($_CONFIG['verbose_sql'] == "Y")) || (!EXT_IS_ACTIVE("sql_patches"))) {
191                                         $ext_name = substr($subj, 1, strpos($subj, ":") - 1);
192                                         if ($type == "EXTENSION") {
193                                                 // Load SQL commands for registering
194                                                 $SQLs = EXTENSION_REGISTER($ext_name, $id, true);
195
196                                                 // Add notes to text
197                                                 $text .= $NOTES;
198
199                                                 // Set title
200                                                 $title = ADMIN_SQLS_EXECUTED_ON_REGISTER;
201                                         } elseif ($type == "EXTENSION_UPDATE") {
202                                                 // Load SQL commands for update (already done!)
203                                                 $ext_name = substr($ext_name, 7);
204                                                 $ext_name = substr($ext_name, 0, strpos($ext_name, "-"));
205                                                 $test = "[UPDATE-".$ext_name."-";
206                                                 $ext_ver = substr($subj, strlen($test));
207                                                 $ext_ver = substr($ext_ver, 0, strpos($ext_ver, ":"));
208
209                                                 // Load SQLs from file
210                                                 $SQLs = EXTENSION_UPDATE("ext-".$ext_name.".php", $ext_name, $ext_ver, true);
211
212                                                 // Add notes to text
213                                                 $text .= $NOTES;
214
215                                                 // Set title
216                                                 $title = ADMIN_SQLS_EXECUTED_ON_UPDATE;
217                                         } else {
218                                                 // Remove extension's name
219                                                 $ext_name = "";
220                                         }
221
222                                         // Add SQLs to a table
223                                         if (empty($SQLs)) $SQLs = array();
224                                         if (empty($title)) $title = "";
225                                         if ((!empty($ext_name)) && (GET_EXT_VERSION("sql_patches")) && ($_CONFIG['verbose_sql'] == "Y")) {
226                                                 // Add verbose SQL table
227                                                 $text .= EXTENSION_VERBOSE_TABLE($SQLs, $title, " class=\"admin_table top2 left2 right2\"", true, "100%")."<br />\n";
228                                         }
229                                 } else {
230                                         // Run SQL commands in dry mode but only return the notes
231                                         $SQLs = EXTENSION_UPDATE("ext-".$ext_name.".php", $ext_name, $ext_ver, true);
232                                         $text .= $NOTES;
233                                 }
234
235                                 // Prepare array for the template
236                                 $content = array(
237                                         'sw'        => $SW,
238                                         'subj'      => $subj,
239                                         'add'       => $ADD,
240                                         'text'      => $text,
241                                         'created'   => MAKE_DATETIME($created, "1"),
242                                         'extension' => $ext_name
243                                 );
244
245                                 // Load template
246                                 $OUT .= LOAD_TEMPLATE("admin_overview_row", true, $content);
247
248                                 // Which task do we actually have here?
249                                 switch ($type)
250                                 {
251                                 case "EXTENSION": // Install new extensions
252                                         $ext_name = substr($subj, 1, strpos($subj, ":") - 1);
253                                         $result_lines = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_extensions WHERE ext_name='%s' LIMIT 1",
254                                          array($ext_name), __FILE__, __LINE__);
255                                         $lines = SQL_NUMROWS($result_lines);
256                                         SQL_FREERESULT($result_lines);
257                                         if ($lines == "0") {
258                                                 // New extension found
259                                                 $OUT .= LOAD_TEMPLATE("admin_ext_reg_form", true, array(
260                                                         'id'       => bigintval($id),
261                                                         'ext_name' => $ext_name
262                                                 ));
263                                         } else {
264                                                 // Task is closed so nothing is todo
265                                                 $OUT .= "<FONT class=\"admin_failed\">".ADMIN_EXT_ALREADY_REGISTERED."</FONT>\n";
266
267                                                 // Close task but not already closes or deleted or update tasks
268                                                 if (($status != "CLOSED") && ($status != "DELETED") && ($type != "EXTENSION_UPDATE")) {
269                                                         ADMIN_SOLVE_TASK($tid);
270                                                 }
271                                         }
272                                         break;
273
274                                 case "EXTENSION_UPDATE":
275                                         // Extension updates are installed automatically
276                                         $OUT .= "<FONT class=\"admin_failed medium\">".ADMIN_EXTENSION_UPDATED."</FONT>\n";
277
278                                         // Close task
279                                         if (($status != "CLOSED") && ($status != "DELETED")) {
280                                                 // Solve the task
281                                                 ADMIN_SOLVE_TASK($tid);
282                                         }
283                                         break;
284
285                                 case "SUPPORT_MEMBER": // Assign on member's support request
286                                         switch ($mode)
287                                         {
288                                         default: // Unknown support mode
289                                                 $OUT .= "<FONT class=\"admin_failed medium\">".ADMIN_UNKNOWN_SUPPORT_MODE_1.$mode.ADMIN_UNKNOWN_SUPPORT_MODE_2."</FONT>\n";
290                                                 break;
291                                         }
292                                         break;
293
294                                 case "PAYOUT_REQUEST": // Payout requests
295                                         if (EXT_IS_ACTIVE("payout"))
296                                         {
297                                                 // Extension is installed so let him send a notification to the user
298                                                 $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_payouts WHERE userid=%s AND payout_timestamp=%s LIMIT 1",
299                                                  array(bigintval($uid), bigintval($created)), __FILE__, __LINE__);
300                                                 list($pid) = SQL_FETCHROW($result_pay);
301                                                 SQL_FREERESULT($result_pay);
302
303                                                 if ((!empty($pid)) && ($pid > 0))
304                                                 {
305                                                         // Payout ID can be obtained
306                                                         $content = array(
307                                                                 'pid' => $pid,
308                                                                 'tid' => $tid,
309                                                         );
310                                                         $OUT .= LOAD_TEMPLATE("admin_payout_overview_form", true, $content);
311                                                 }
312                                                  else
313                                                 {
314                                                         // Problem obtaining payout ID
315                                                         $OUT .= "<FONT class=\"admin_failed medium\">".PAYOUT_OBTAIN_ID_FAILED."</FONT>\n";
316                                                 }
317                                         }
318                                          else
319                                         {
320                                                 // Extension is not installed
321                                                 $OUT .= "<FONT class=\"admin_failed medium\">".ADMIN_PAYOUT_NOT_INSTALLED."</FONT>\n";
322                                         }
323                                         break;
324
325                                 case "WERNIS_REQUEST": // Wernis requests
326                                         if (EXT_IS_ACTIVE("wernis"))
327                                         {
328                                                 // Extension is installed so let him send a notification to the user
329                                                 $result_pay = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_user_wernis WHERE userid=%s AND wernis_timestamp=%s LIMIT 1",
330                                                  array(bigintval($uid), bigintval($created)), __FILE__, __LINE__);
331                                                 list($pid) = SQL_FETCHROW($result_pay);
332                                                 SQL_FREERESULT($result_pay);
333
334                                                 if ((!empty($pid)) && ($pid > 0))
335                                                 {
336                                                         // Payout ID can be obtained
337                                                         $content = array(
338                                                                 'pid' => $pid,
339                                                                 'tid' => $tid,
340                                                         );
341                                                         $OUT .= LOAD_TEMPLATE("admin_wernis_overview_form", true, $content);
342                                                 }
343                                                  else
344                                                 {
345                                                         // Problem obtaining wernis ID
346                                                         $OUT .= "<FONT class=\"admin_failed medium\">".WERNIS_OBTAIN_ID_FAILED."</FONT>\n";
347                                                 }
348                                         }
349                                          else
350                                         {
351                                                 // Extension is not installed
352                                                 $OUT .= "<FONT class=\"admin_failed medium\">".ADMIN_WERNIS_NOT_INSTALLED."</FONT>\n";
353                                         }
354                                         break;
355
356                                 case "HOLIDAY_REQUEST": // Holiday requests
357                                         $OUT .= LOAD_TEMPLATE("admin_task_holiday", true, $uid);
358                                         break;
359
360                                 case "NL_UNSUBSCRIBE": // Newsletter unsubscriptions
361                                         $result = SQL_QUERY_ESC("SELECT nl_timespan FROM "._MYSQL_PREFIX."_user_data WHERE userid=%s LIMIT 1",
362                                          array(bigintval($uid)), __FILE__, __LINE__);
363                                         list($span) = SQL_FETCHROW($result);
364                                         SQL_FREERESULT($result);
365
366                                         if ($span > 0)
367                                         {
368                                                 // Undone unscubscribe request
369                                                 $content = array(
370                                                         'uid' => $uid,
371                                                         'id'  => $tid
372                                                 );
373                                                 $OUT .= LOAD_TEMPLATE("admin_newsletter_tsk", true, $content);
374                                         }
375                                          else
376                                         {
377                                                 // Already unsubscribed
378                                                 $OUT .= "<FONT class=\"admin_failed medium\">".ADMIN_NL_UNSUBSCRIBE_ALREADY."</FONT>\n";
379                                         }
380                                         break;
381
382                                 default: // Unknown task type
383                                         $OUT .= "<FONT class=\"admin_failed medium\">".ADMIN_UNKNOWN_TASK_TYPE_1.$type.ADMIN_UNKNOWN_TASK_TYPE_2.$id.ADMIN_UNKNOWN_TASK_TYPE_3."</FONT>\n";
384                                         break;
385                                 }
386                                 $OUT .= "  </TD>
387   <TD width=\"1%\" class=\"switch_sw".$SW." bottom2 right2\">&nbsp;</TD>
388 </TR>\n";
389                         }
390                         $SW = 3 - $SW;
391                 }
392                 define('__TASK_ROWS', $OUT);
393
394                 // Load final template
395                 LOAD_TEMPLATE("admin_overview_list");
396         }
397          else
398         {
399                 if ((isset($_POST['task'])) && ((sizeof($_POST['task']) > 0) || ($_POST['task'][0] == "1")))
400                 {
401                         // Only unassign / delete tasks when there are selected tasks posted
402                         if (!empty($_POST['unassign']))
403                         {
404                                 // Unassign from tasks
405                                 foreach ($_POST['task'] as $id => $sel)
406                                 {
407                                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin=0 WHERE id=%s AND assigned_admin=%s LIMIT 1",
408                                          array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
409                                 }
410                         }
411                          elseif (isset($_POST['del']))
412                         {
413                                 // Delete tasks
414                                 foreach ($_POST['task'] as $id => $sel)
415                                 {
416                                         $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_task_system WHERE id=%s AND assigned_admin IN (%s,0) LIMIT 1",
417                                          array(bigintval($id), GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
418                                 }
419                         }
420
421                         // Update query
422                         $result_tasks = SQL_QUERY_ESC("SELECT id, assigned_admin, userid, task_type, subject, text, task_created FROM "._MYSQL_PREFIX."_task_system WHERE assigned_admin=%s OR (assigned_admin=0 AND status='NEW') ORDER BY task_created DESC",
423                          array(GET_ADMIN_ID(get_session('admin_login'))), __FILE__, __LINE__);
424                 }
425
426                 // There are uncompleted jobs!
427                 LOAD_TEMPLATE("admin_overview_header");
428                 $SW = 2;
429                 while (list($id, $admin, $uid, $type, $subj, $text, $created) = SQL_FETCHROW($result_tasks))
430                 {
431                         $infos = "---";
432                         if ($admin == "0")
433                         {
434                                 // No admin currently is assigned
435                                 $admin = "<FONT class=\"admin_note\">".ADMIN_NO_ADMIN_ASSIGNED."</FONT>";
436                         }
437                          else
438                         {
439                                 // Load admin's data
440                                 $login = GET_ADMIN_LOGIN($admin);
441                                 if ($login != "***")
442                                 {
443                                         // Admin found
444                                         $admin = "<A href=\"".URL."/modules.php?module=admin&amp;what=admins_contct&amp;admin=".$admin."\">".$login."</A>";
445                                 }
446                                  else
447                                 {
448                                         // Maybe deleted?
449                                         $admin = "<FONT class=\"admin_note\">".ADMIN_ID_404_1.$admin.ADMIN_ID_404_2."</FONT>";
450                                 }
451                         }
452                         $evl = "\$type_out = ADMIN_TASK_IS_".strtoupper($type).";";
453                         eval($evl);
454                         $type2 = substr($text, 0, strpos($text, ":"));
455                         // Generate infos
456                         switch ($type)
457                         {
458                         case "EXTENSION":
459                         case "EXTENSION_UPDATE":
460                                 $infos = substr($subj, 1, strpos($subj, ":") - 1);
461                                 break;
462                         }
463                         if ($uid > 0)
464                         {
465                                 // Member found otherwise it's a system task
466                                 $uid = ADMIN_USER_PROFILE_LINK($uid);
467                         }
468                          else
469                         {
470                                 $uid = "<I>".ADMIN_IS_SYSTEM_TASK."</I>";
471                         }
472
473                         $content = array(
474                                 'sw'      => $SW,
475                                 'id'      => $id,
476                                 'admin'   => $admin,
477                                 'infos'   => $infos,
478                                 'uid'     => $uid,
479                                 'type'    => $type_out,
480                                 'created' => MAKE_DATETIME($created, "2")
481                         );
482
483                         LOAD_TEMPLATE("admin_overview_list_rows", false, $content);
484                         $SW = 3 - $SW;
485                 }
486                 // Free memory
487                 SQL_FREERESULT($result_tasks);
488
489                 // Load footer template
490                 LOAD_TEMPLATE("admin_overview_footer");
491         }
492 }
493 //
494 ?>