inc/modules/admin/what-admins_edit.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 04/18/2004 *
   4  * ================                             Last change: 04/18/2004 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File              : what-admins_edit.php                             *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Edit admin accounts                              *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Admin-Account editieren                          *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software; you can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License, or    *
  21  * (at your option) any later version.                                  *
  22  *                                                                      *
  23  * This program is distributed in the hope that it will be useful,      *
  24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  26  * GNU General Public License for more details.                         *
  27  *                                                                      *
  28  * You should have received a copy of the GNU General Public License    *
  29  * along with this program; if not, write to the Free Software          *
  30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  31  * MA  02110-1301  USA                                                  *
  32  ************************************************************************/
  33
  34 // Some security stuff...
  35 if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
  36 {
  37         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
  38         require($INC);
  39 }
  40 // Add description as navigation point
  41 ADD_DESCR("admin", basename(__FILE__));
  42
  43 // Instance for the cache extension
  44 global $CACHE;
  45
  46 // Set selection data to empty array when it is empty
  47 if (empty($_POST['sel'])) $_POST['sel'] = array();
  48
  49 // Check if direct admin account was selected
  50 if (!empty($_GET['admin']))
  51 {
  52         // Secure ID number
  53         $aid = bigintval($_GET['admin']);
  54         $_POST['edit'] = "1";
  55         $_POST['sel'][$aid] = array("1");
  56 }
  57
  58 if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
  59 {
  60         // Edit account(s)
  61         $SW = 2; $OUT = "";
  62         foreach ($_POST['sel'] as $id=>$sel)
  63         {
  64                 $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
  65                  array(bigintval($id)), __FILE__, __LINE__);
  66                 if (SQL_NUMROWS($result) == 1)
  67                 {
  68                         // Entry found
  69                         $content = SQL_FETCHARRAY($result);
  70                         SQL_FREERESULT($result);
  71                         $content['mode']    = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
  72                         $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
  73
  74                         // Prepare some more data for the template
  75                         $content['sw'] = $SW;
  76                         $content['id'] = $id;
  77
  78                         // Load row template and switch color
  79                         $OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);
  80                         $SW = 3 - $SW;
  81                 }
  82         }
  83         define('__ADMINS_ROWS', $OUT);
  84
  85         // Load template
  86         LOAD_TEMPLATE("admin_edit_admins");
  87 }
  88  elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0))
  89 {
  90         // Change admin accounts
  91         $CACHE_UPDATE = "0";
  92         foreach ($_POST['login'] as $id=>$login)
  93         {
  94                 // Secure ID number
  95                 $id = bigintval($id);
  96
  97                 // When both passwords match update admin account
  98                 if ($_POST['pass1'][$id] == $_POST['pass2'][$id])
  99                 {
 100                         // Save only when both passwords are the same (also when they are empty)
 101                         $ADD = ""; $CACHE_UPDATE = "1";
 102
 103                         // Generate hash
 104                         $hash = generateHash($_POST['pass1'][$id]);
 105
 106                         // Save password when set
 107                         if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";
 108
 109                         // Get admin's ID
 110                         $salt = substr(GET_ADMIN_HASH($_SESSION['admin_login']), 0, -40);
 111                         $aid = GET_ADMIN_ID($_SESSION['admin_login']);
 112
 113                         // Rewrite cookie when it's own account
 114                         if ($aid == $id)
 115                         {
 116                                 // Timeout
 117                                 $TIMEOUT = time() + bigintval($_SESSION['admin_to']);
 118
 119                                 // Set timeout cookie
 120                                 set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH);
 121
 122                                 if ($login != $_SESSION['admin_login'])
 123                                 {
 124                                         // Update login cookie
 125                                         set_session("admin_login", $login, $TIMEOUT, COOKIE_PATH);
 126
 127                                         // Update password cookie as well?
 128                                         if (!empty($ADD)) set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
 129                                 }
 130                                  elseif (generateHash($_POST['pass1'][$id], $salt) != $_SESSION['admin_md5'])
 131                                 {
 132                                         // Update password cookie
 133                                         set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
 134                                 }
 135
 136                         }
 137
 138                         // Update admin account
 139                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
 140 login='%s'".$ADD.",
 141 email='%s',
 142 default_acl='%s',
 143 la_mode='%s'
 144 WHERE id=%d LIMIT 1",
 145  array(
 146         $login,
 147         $_POST['email'][$id],
 148         $_POST['mode'][$id],
 149         $_POST['la_mode'][$id],
 150         $id
 151 ), __FILE__, __LINE__);
 152
 153                         // Admin account saved
 154                         $MSG = ADMIN_ACCOUNT_SAVED;
 155                 }
 156                  else
 157                 {
 158                         // Passwords did not match
 159                         $MSG = ADMINS_ERROR_PASS_MISMATCH;
 160                 }
 161         }
 162
 163         // Remove cache file
 164         if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
 165         {
 166                 if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
 167         }
 168
 169         // Display message
 170         if (!empty($MSG))
 171         {
 172                 LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");
 173         }
 174 }
 175  elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0))
 176 {
 177         // Check if this account is the last one which cannot be deleted...
 178         $result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);
 179         $accounts = SQL_NUMROWS($result_main);
 180         SQL_FREERESULT($result_main);
 181         if ($accounts > 1)
 182         {
 183                 // Delete accounts
 184                 $SW = 2; $OUT = "";
 185                 foreach ($_POST['sel'] as $id=>$sel)
 186                 {
 187                         $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
 188                          array(bigintval($id)), __FILE__, __LINE__);
 189                         if (SQL_NUMROWS($result) == 1)
 190                         {
 191                                 // Entry found
 192                                 $content = SQL_FETCHARRAY($result);
 193                                 SQL_FREERESULT($result);
 194                                 $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
 195                                 eval($eval);
 196                                 $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
 197                                 eval($eval);
 198
 199                                 // Prepare some more data
 200                                 $content['sw'] = $SW;
 201                                 $content['id'] = $id;
 202
 203                                 // Load row template and switch color
 204                                 $OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);
 205                                 $SW = 3 - $SW;
 206                         }
 207                 }
 208                 define('__ADMINS_ROWS', $OUT);
 209
 210                 // Load template
 211                 LOAD_TEMPLATE("admin_del_admins");
 212         }
 213          else
 214         {
 215                 // Cannot delete last account!
 216                 LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);
 217         }
 218 }
 219  else
 220 {
 221         if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0))
 222         {
 223                 // Remove accounts now
 224                 $CACHE_UPDATE = "0";
 225                 foreach ($_POST['sel'] as $id=>$del)
 226                 {
 227                         // Delete only when it's not your own account!
 228                         if (($del == 1) && (GET_ADMIN_ID($_SESSION['admin_login']) != $id))
 229                         {
 230                                 // Rewrite his tasks to all admins
 231                                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",
 232                                  array(bigintval($id)), __FILE__, __LINE__);
 233
 234                                 // Remove account
 235                                 $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
 236                                  array(bigintval($id)), __FILE__, __LINE__);
 237
 238                                 $CACHE_UPDATE = "1";
 239                         }
 240                 }
 241
 242                 // Remove cache if cache system is activated
 243                 if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
 244                 {
 245                         if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
 246                 }
 247         }
 248
 249         // List all admin accounts
 250         $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login", __FILE__, __LINE__);
 251         $SW = 2; $OUT = "";
 252         while ($content = SQL_FETCHARRAY($result))
 253         {
 254                 // Compile some variables
 255                 $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
 256                 eval($eval);
 257                 $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
 258                 eval($eval);
 259
 260                 // Prepare some more data
 261                 $content['sw']         = $SW;
 262                 $content['email_link'] = CREATE_EMAIL_LINK($content['id']);
 263
 264                 // Load row template and switch color
 265                 $OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);
 266                 $SW = 3 - $SW;
 267         }
 268
 269         // Free memory
 270         SQL_FREERESULT($result);
 271         define('__ADMINS_ROWS', $OUT);
 272
 273         // Load template
 274         LOAD_TEMPLATE("admin_list_admins");
 275 }
 276 //
 277 ?>