inc/modules/admin/what-config_admins.php

   1 <?php
   2 /************************************************************************
   3  * MXChange v0.2.1                                    Start: 06/30/2004 *
   4  * ================                             Last change: 07/02/2004 *
   5  *                                                                      *
   6  * -------------------------------------------------------------------- *
   7  * File: what-config_admins.php                                         *
   8  * -------------------------------------------------------------------- *
   9  * Short description : Configure admin ACLs                             *
  10  * -------------------------------------------------------------------- *
  11  * Kurzbeschreibung  : Admin-ACLs einstellen                            *
  12  * -------------------------------------------------------------------- *
  13  *                                                                      *
  14  * -------------------------------------------------------------------- *
  15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
  16  * For more information visit: http://www.mxchange.org                  *
  17  *                                                                      *
  18  * This program is free software; you can redistribute it and/or modify *
  19  * it under the terms of the GNU General Public License as published by *
  20  * the Free Software Foundation; either version 2 of the License, or    *
  21  * (at your option) any later version.                                  *
  22  *                                                                      *
  23  * This program is distributed in the hope that it will be useful,      *
  24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
  25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
  26  * GNU General Public License for more details.                         *
  27  *                                                                      *
  28  * You should have received a copy of the GNU General Public License    *
  29  * along with this program; if not, write to the Free Software          *
  30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
  31  * MA  02110-1301  USA                                                  *
  32  ************************************************************************/
  33
  34 // Some security stuff...
  35 if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
  36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
  37         require($INC);
  38 }
  39
  40 // Add description as navigation point
  41 ADD_DESCR("admin", __FILE__);
  42
  43 $SEL = 0;
  44 if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
  45
  46 if ((isset($_POST['edit'])) && ($SEL > 0)) {
  47         // Edit ACLs
  48         $SW = 2; $OUT = "";
  49         foreach ($_POST['sel'] as $id => $sel) {
  50                 // Load data for the ID
  51                 $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
  52                  array(bigintval($id)), __FILE__, __LINE__);
  53                 list($aid, $act, $wht, $mode) = SQL_FETCHROW($result);
  54                 SQL_FREERESULT($result);
  55
  56                 // Prepare data for the row template
  57                 $content = array(
  58                         'sw'               => $SW,
  59                         'id'               => $id,
  60                         'admins_selection' => ADD_OPTION_LINES("admins", "id", "login", $aid, "default_acl"),
  61                         'action_selection' => ADMIN_MENU_SELECTION("action", $act, $id),
  62                         'what_selection'   => ADMIN_MENU_SELECTION("what", $wht, $id),
  63                         'mode_options'     => ADD_OPTION_LINES(
  64                                 "/ARRAY/",
  65                                 array("allow", "deny"),
  66                                 array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE),
  67                                 $mode
  68                         ),
  69                 );
  70
  71                 // Load row template
  72                 $OUT .= LOAD_TEMPLATE("admin_config_admins_edit_row", true, $content);
  73                 $SW = 3 - $SW;
  74         }
  75         define('__ACL_ROWS', $OUT);
  76
  77         // Load main template
  78         LOAD_TEMPLATE("admin_config_admins_edit");
  79 } elseif ((isset($_POST['change'])) && ($SEL > 0)) {
  80         // Change entries
  81         foreach ($_POST['sel'] as $id => $sel) {
  82                 // Secure ID
  83                 $id = bigintval($id);
  84
  85                 // Update entries
  86                 $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
  87                  array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
  88         }
  89
  90         // Update cache when installed
  91         if (EXT_IS_ACTIVE("cache")) {
  92                 if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
  93
  94                 // Purge menu cache
  95                 CACHE_PURGE_ADMIN_MENU($_POST['admin'][$id]);
  96         }
  97
  98         // Entries changed
  99         LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_ENTRIES_CHANGED);
 100 } elseif ((isset($_POST['del'])) && ($SEL > 0)) {
 101         // Delete ACLs
 102         $SW = 2; $OUT = "";
 103         foreach ($_POST['sel'] as $id => $sel) {
 104                 // Load data for the ID
 105                 $result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
 106                  array(bigintval($id)), __FILE__, __LINE__);
 107                 list($admin, $act, $wht, $mode) = SQL_FETCHROW($result);
 108                 SQL_FREERESULT($result);
 109
 110                 // Prepare variables
 111                 if (empty($act)) $act = "---";
 112                 if (empty($wht)) $wht   = "---";
 113                 $eval = "\$mode = ADMINS_".strtoupper($mode)."_MODE;";
 114                 eval($eval);
 115
 116                 // Load admin's data
 117                 $login = GET_ADMIN_LOGIN($admin);
 118                 if ($login != "***") {
 119                         // Admin found
 120                         $admin = "<A href=\"".URL."/modules.php?module=admin&amp;what=admins_contct&amp;admin=".$admin."\">".$login."</A>";
 121                 } else {
 122                         // Maybe deleted?
 123                         $admin = "<FONT class=\"admin_note\">".ADMIN_ID_404_1.$admin.ADMIN_ID_404_2."</FONT>";
 124                 }
 125
 126                 // Prepare data for the row template
 127                 $content = array(
 128                         'sw'     => $SW,
 129                         'id'     => $id,
 130                         'admin'  => $admin,
 131                         'action' => $act,
 132                         'what'   => $wht,
 133                         'mode'   => $mode,
 134                 );
 135
 136                 // Load row template and switch colors
 137                 $OUT .= LOAD_TEMPLATE("admin_config_admins_del_row", true, $content);
 138                 $SW = 3 - $SW;
 139         }
 140         define('__ACL_ROWS', $OUT);
 141
 142         // Load main template
 143         LOAD_TEMPLATE("admin_config_admins_del");
 144 } elseif ((isset($_POST['remove'])) && ($SEL > 0)) {
 145         // Remove entries
 146         foreach ($_POST['sel'] as $id => $sel) {
 147                 $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
 148                  array(bigintval($id)),__FILE__, __LINE__);
 149         }
 150
 151         // Update cache when installed
 152         if (EXT_IS_ACTIVE("cache")) {
 153                 if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
 154
 155                 // @TODO This causes the whole (!) menu cache being rebuild
 156                 CACHE_PURGE_ADMIN_MENU();
 157         }
 158
 159         // Entries deleted
 160         LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_ENTRIES_DELETED);
 161 } elseif (isset($_POST['add'])) {
 162         // Check if everything is fine...
 163         $mode = GET_ADMIN_DEFAULT_ACL(GET_ADMIN_LOGIN(bigintval($_POST['admin_id'])));
 164
 165         // Default ACL is false
 166         $ACL = false;
 167         if (!empty($_POST['what_menu'])) {
 168                 // Check parent ACL
 169                 $ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", $_POST['what_menu']), "");
 170         }
 171
 172         if ($mode != $_POST['mode'] || ($ACL)) {
 173                 // Mode is fine
 174                 $BOTH = ((!empty($_POST['action_menu'])) && (!empty($_POST['what_menu'])));
 175                 if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH)) {
 176                         // Main or sub menu selected
 177                         $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
 178                          array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
 179                         if (SQL_NUMROWS($result) == 0) {
 180                                 // Finally add the new ACL
 181                                 $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins_acls (admin_id, action_menu, what_menu, access_mode)
 182 VALUES ('%s','%s','%s','%s')",
 183  array(
 184         bigintval($_POST['admin_id']),
 185         $_POST['action_menu'],
 186         $_POST['what_menu'],
 187         $_POST['mode']
 188 ), __FILE__, __LINE__);
 189                                 $content = ADMIN_ADMINS_ACL_SAVED;
 190
 191                                 // Update cache when installed
 192                                 if (EXT_IS_ACTIVE("cache")) {
 193                                         if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
 194
 195                                         // Purge cache
 196                                         CACHE_PURGE_ADMIN_MENU($_POST['admin_id'], $_POST['action_menu'], $_POST['what_menu']);
 197                                 } // END - if
 198                         } else {
 199                                 // ACL does already exist!
 200                                 $content = ADMIN_ADMINS_ACL_ALREADY_ADDED;
 201                         }
 202
 203                         // Free memory
 204                         SQL_FREERESULT($result);
 205                 } else {
 206                         // No menu selected makes also no sence...
 207                         $content = ADMIN_ADMINS_SELECT_ACTION_WHAT;
 208                 }
 209         } else {
 210                 // Same mode makes no sence...
 211                 $content = ADMIN_ADMINS_SAME_MODE_SELECTED;
 212         }
 213
 214         // Display message
 215         LOAD_TEMPLATE("admin_settings_saved", false, $content);
 216 } else {
 217         // List all ACLs
 218         $result_acls = SQL_QUERY("SELECT id, admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls ORDER BY admin_id, id", __FILE__, __LINE__);
 219         if (SQL_NUMROWS($result_acls) > 0)
 220         {
 221                 // List ACLs
 222                 $SW = 2; $OUT = "";
 223                 while(list($id, $admin, $act, $wht, $mode) = SQL_FETCHROW($result_acls))
 224                 {
 225                         // Prepare variables
 226                         if (empty($act)) $act = "---";
 227                         if (empty($wht))   $wht   = "---";
 228                         $eval = "\$mode = ADMINS_".strtoupper($mode)."_MODE;";
 229                         eval($eval);
 230
 231                         // Load admin's data
 232                         $login = GET_ADMIN_LOGIN($admin);
 233                         if ($login != "***")
 234                         {
 235                                 // Admin found
 236                                 $admin = "<A href=\"".URL."/modules.php?module=admin&amp;what=admins_contct&amp;admin=".$admin."\">".$login."</A>";
 237                         }
 238                          else
 239                         {
 240                                 // Maybe deleted?
 241                                 $admin = "<FONT class=\"admin_note\">".ADMIN_ID_404_1.$admin.ADMIN_ID_404_2."</FONT>";
 242                         }
 243
 244                         // Prepare data for the row template
 245                         $content = array(
 246                                 'sw'     => $SW,
 247                                 'id'     => $id,
 248                                 'admin'  => $admin,
 249                                 'action' => $act,
 250                                 'what'   => $wht,
 251                                 'mode'   => $mode,
 252                         );
 253
 254                         // Load row template and switch colors
 255                         $OUT .= LOAD_TEMPLATE("admin_config_admins_row", true, $content);
 256                         $SW = 3 - $SW;
 257                 }
 258
 259                 // Free memory
 260                 SQL_FREERESULT($result);
 261                 define('__ACL_ROWS', $OUT);
 262
 263                 // Load main template
 264                 LOAD_TEMPLATE("admin_config_admins");
 265         }
 266
 267         // Prepare some constants for the template
 268         define('_ADMINS_SELECTION', ADD_OPTION_LINES("admins", "id", "login", "", "default_acl"));
 269         define('_ACTION_SELECTION', ADMIN_MENU_SELECTION("action"));
 270         define('_WHAT_SELECTION'  , ADMIN_MENU_SELECTION("what"));
 271         define('_MODE_OPTIONS'    , ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE)));
 272
 273         // Load template for adding new ACL
 274         LOAD_TEMPLATE("admin_admins_add_acl");
 275 }
 276
 277 //
 278 ?>