0)) { // Lookup in cache if ((!empty($action)) && (isset($GLOBALS['cache_array']['admin_acls']['action_menu'][$adminId])) & ($GLOBALS['cache_array']['admin_acls']['action_menu'][$adminId] == $action)) { // Main menu line found $acl_mode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$adminId]; // Count cache hits incrementStatsEntry('cache_hits'); } elseif ((!empty($what)) && (isset($GLOBALS['cache_array']['admin_acls']['what_menu'][$adminId])) && ($GLOBALS['cache_array']['admin_acls']['what_menu'][$adminId] == $what)) { // Check sub menu $acl_mode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$adminId]; // Count cache hits incrementStatsEntry('cache_hits'); } } elseif (!isExtensionActive('cache')) { // Old version, so load it from database $result = false; if (!empty($action)) { // Main menu $result = SQL_QUERY_ESC("SELECT `access_mode` FROM `{?_MYSQL_PREFIX?}_admins_acls` WHERE `admin_id`=%s AND `action_menu`='%s' LIMIT 1", array(bigintval($adminId), $action), __FUNCTION__, __LINE__); } elseif (!empty($what)) { // Sub menu $result = SQL_QUERY_ESC("SELECT `access_mode` FROM `{?_MYSQL_PREFIX?}_admins_acls` WHERE `admin_id`=%s AND `what_menu`='%s' LIMIT 1", array(bigintval($adminId), $what), __FUNCTION__, __LINE__); } // Is an entry found? if (SQL_NUMROWS($result) == 1) { // Load ACL list($acl_mode) = SQL_FETCHROW($result); } // END - if // Free memory SQL_FREERESULT($result); } // Check ACL and (maybe) allow //* DEBUG: */ print 'default='.$default.',acl_mode='.$acl_mode.',parent='.intval($parent).'
'; if (($default == 'allow') || (($default == 'deny') && ($acl_mode == 'allow')) || ($parent === true) || (($default == '***') && ($acl_mode == 'failed') && ($parent === false))) { // Access is granted $ret = true; } // END - if // Return value //* DEBUG: */ outputHtml(__FUNCTION__."[".__LINE__."]:act={$action},wht={$whatOR},default={$default},acl_mode={$acl_mode}
"); return $ret; } // Create email link to admins's account function generateAdminEmailLink ($email, $mod = 'admin') { // Is it an email? if (strpos($email, '@') !== false) { // Create email link $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1", array($email), __FUNCTION__, __LINE__); // Is there an entry? if (SQL_NUMROWS($result) == 1) { // Load userid list($adminId) = SQL_FETCHROW($result); // Rewrite email address to contact link $email = '{%url=modules.php?module=' . $mod . '&what=admins_contct&admin=' . bigintval($adminId) . '%}'; } // END - if // Free memory SQL_FREERESULT($result); } elseif ((is_int($email)) && ($email > 0)) { // Direct id given $email = '{%url=modules.php?module=' . $mod . '&what=admins_contct&admin=' . bigintval($email) . '%}'; } // Return rewritten (?) email address return $email; } // Change a lot admin account function adminsChangeAdminAccount ($postData, $element = '') { // Begin the update $cache_update = '0'; foreach ($postData['login'] as $id => $login) { // Secure id number $id = bigintval($id); // When both passwords match update admin account if ((!empty($element)) && (isset($postData[$element]))) { // Save this setting SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `%s`='%s' WHERE `id`=%s LIMIT 1", array($element, $postData[$element][$id], $id), __FILE__, __LINE__); // Admin account saved $message = getMessage('ADMIN_ACCOUNT_SAVED'); } elseif ((isset($postData['pass1'])) && (isset($postData['pass2']))) { // Update only if both passwords match if (($postData['pass1'][$id] == $postData['pass2'][$id])) { // Save only when both passwords are the same (also when they are empty) $add = ''; $cache_update = 1; // Generate hash $hash = generateHash($postData['pass1'][$id]); // Save password when set if (!empty($postData['pass1'][$id])) $add = sprintf(", `password`='%s'", SQL_ESCAPE($hash)); // Get admin's id $adminId = getCurrentAdminId(); $salt = substr(getAdminHash(getAdminLogin($adminId)), 0, -40); // Rewrite cookie when it's own account if ($adminId == $id) { // Set timeout cookie setSession('admin_last', time()); if ($login != getSession('admin_login')) { // Update login cookie setSession('admin_login', $login); // Update password cookie as well? if (!empty($add)) setSession('admin_md5', $hash); } elseif (generateHash($postData['pass1'][$id], $salt) != getSession('admin_md5')) { // Update password cookie setSession('admin_md5', $hash); } } // END - if // Get default ACL from admin to check if we can allow him to change the default ACL $default = getAdminDefaultAcl(getCurrentAdminId()); // Update admin account if ($default == 'allow') { // Allow changing default ACL SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login`='%s'".$add.", `email`='%s', `default_acl`='%s', `la_mode`='%s' WHERE `id`=%s LIMIT 1", array( $login, $postData['email'][$id], $postData['mode'][$id], $postData['la_mode'][$id], $id ), __FUNCTION__, __LINE__); } else { // Do not allow it here SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login`='%s'".$add.", `email`='%s', `la_mode`='%s' WHERE `id`=%s LIMIT 1", array( $login, $postData['email'][$id], $postData['la_mode'][$id], $id ), __FUNCTION__, __LINE__); } // Admin account saved $message = getMessage('ADMIN_ACCOUNT_SAVED'); } else { // Passwords did not match $message = getMessage('ADMINS_ERROR_PASS_MISMATCH'); } } else { // Update whole array $SQL = 'UPDATE `{?_MYSQL_PREFIX?}_admins` SET '; foreach ($postData as $entry => $value) { // Skip login/id entry if (in_array($entry, array('login', 'id'))) continue; // Do we have a non-string (e.g. number, NOW() or back-tick at the beginning? if ((bigintval($value[$id], true, false) === $value[$id]) || ($value[$id] == 'NOW()') || (substr($value[$id], 0, 1) == '`')) { // No need for ticks (') $SQL .= '`' . $entry . '`=' . $value[$id] . ','; } else { // Strings need ticks (') around them $SQL .= '`' . $entry . "`='" . SQL_ESCAPE($value[$id]) . "',"; } } // END - foreach // Remove last tick and finish query $SQL = substr($SQL, 0, -1) . ' WHERE `id`=%s LIMIT 1'; // Run it SQL_QUERY_ESC($SQL, array(bigintval($id)), __FUNCTION__, __LINE__); } } // END - foreach // Display message if (!empty($message)) { loadTemplate('admin_settings_saved', false, $message); } // END - if // Remove cache file runFilterChain('post_admin_edited', postRequestArray()); } // Make admin accounts editable function adminsEditAdminAccount ($postData) { // "Resolve" current's admin access mode $currMode = getAdminDefaultAcl(getCurrentAdminId()); // Begin the edit loop $OUT = ''; $SW = 2; foreach ($postData['sel'] as $id => $selected) { // Secure id number $id = bigintval($id); // Get the admin's data $result = SQL_QUERY_ESC("SELECT `login`, `email`, `default_acl` AS mode, `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($id), __FUNCTION__, __LINE__); if ((SQL_NUMROWS($result) == 1) && ($selected == 1)) { // Entry found $content = SQL_FETCHARRAY($result); SQL_FREERESULT($result); // Prepare some more data for the template $content['sw'] = $SW; $content['id'] = $id; // Shall we allow changing default ACL? if ($currMode == 'allow') { // Allow chaning it $content['mode'] = generateOptionList('/ARRAY/', array('allow', 'deny'), array(getMessage('ADMINS_ALLOW_MODE'), getMessage('ADMINS_DENY_MODE')), $content['mode']); } else { // Don't allow it $content['mode'] = ' '; } $content['la_mode'] = generateOptionList('/ARRAY/', array('global', 'OLD', 'NEW'), array(getMessage('ADMINS_GLOBAL_LA_SETTING'), getMessage('ADMINS_OLD_LA_SETTING'), getMessage('ADMINS_NEW_LA_SETTING')), $content['la_mode']); // Load row template and switch color $OUT .= loadTemplate('admin_edit_admins_row', true, $content); $SW = 3 - $SW; } } // Load template loadTemplate('admin_edit_admins', false, $OUT); } // Delete given admin accounts function adminsDeleteAdminAccount ($postData) { // Check if this account is the last one which cannot be deleted... $result_main = SQL_QUERY("SELECT `id` FROM `{?_MYSQL_PREFIX?}_admins`", __FUNCTION__, __LINE__); $accounts = SQL_NUMROWS($result_main); SQL_FREERESULT($result_main); if ($accounts > 1) { // Delete accounts $OUT = ''; $SW = 2; foreach ($postData['sel'] as $id => $selected) { // Secure id number $id = bigintval($id); // Get the admin's data $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($id), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Entry found $content = SQL_FETCHARRAY($result); SQL_FREERESULT($result); $content['mode'] = getMessage('ADMINS_'.strtoupper($content['mode']).'_MODE'); $content['la_mode'] = getMessage('ADMINS_'.strtoupper($content['la_mode']).'_LA_SETTING'); // Prepare some more data $content['sw'] = $SW; $content['id'] = $id; // Load row template and switch color $OUT .= loadTemplate('admin_del_admins_row', true, $content); $SW = 3 - $SW; } } // Load template loadTemplate('admin_del_admins', false, $OUT); } else { // Cannot delete last account! loadTemplate('admin_settings_saved', false, getMessage('ADMIN_ADMINS_CANNOT_DELETE_LAST')); } } // Remove the given accounts function adminsRemoveAdminAccount ($postData) { // Begin removal $cache_update = '0'; foreach ($postData['sel'] as $id => $del) { // Secure id number $id = bigintval($id); // Delete only when it's not your own account! if (($del == 1) && (getCurrentAdminId() != $id)) { // Rewrite his tasks to all admins SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_task_system` SET `assigned_admin`=0 WHERE `assigned_admin`=%s", array($id), __FUNCTION__, __LINE__); // Remove account SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($id), __FUNCTION__, __LINE__); } } // Remove cache if cache system is activated runFilterChain('post_admin_deleted', postRequestArray()); } // List all admin accounts function adminsListAdminAccounts() { // Select all admin accounts $result = SQL_QUERY("SELECT `id`, `login`, `email`, `default_acl` AS mode, `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` ORDER BY `login` ASC", __FUNCTION__, __LINE__); $OUT = ''; $SW = 2; while ($content = SQL_FETCHARRAY($result)) { // Compile some variables $content['mode'] = getMessage('ADMINS_'.strtoupper($content['mode']).'_MODE'); $content['la_mode'] = getMessage('ADMINS_'.strtoupper($content['la_mode']).'_LA_SETTING'); // Prepare some more data $content['sw'] = $SW; $content['email_link'] = generateEmailLink($content['id'], 'admins'); // Load row template and switch color $OUT .= loadTemplate('admin_list_admins_row', true, $content); $SW = 3 - $SW; } // Free memory SQL_FREERESULT($result); // Load template loadTemplate('admin_list_admins', false, $OUT); } // Sends out mail to all administrators // IMPORTANT: Please use sendAdminNotification() instead of calling this function directly function sendAdminsEmails ($subj, $template, $content, $userid) { // Trim template name $template = trim($template); // Load email template $message = loadEmailTemplate($template, $content, $userid); // Check which admin shall receive this mail $result = SQL_QUERY_ESC("SELECT `admin_id` FROM `{?_MYSQL_PREFIX?}_admins_mails` WHERE `mail_template`='%s' ORDER BY `admin_id` ASC", array($template), __FUNCTION__, __LINE__); if (SQL_HASZERONUMS($result)) { // Create new entry (to all admins) SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins_mails` (`admin_id`, `mail_template`) VALUES (0, '%s')", array($template), __FUNCTION__, __LINE__); } else { // Load admin ids... // @TODO This can be, somehow, rewritten $adminIds = array(); while ($content = SQL_FETCHARRAY($result)) { $adminIds[] = $content['admin_id']; } // END - while // Free memory SQL_FREERESULT($result); // Init result $result = false; // "implode" ids and query string $adminId = implode(',', $adminIds); if ($adminId == '-1') { if (isExtensionActive('events')) { // Add line to user events EVENTS_ADD_LINE($subj, $message, $userid); } else { // Log error for debug logDebugMessage(__FUNCTION__, __LINE__, sprintf("Extension 'events' missing: tpl=%s,subj=%s,userid=%s", $template, $subj, $userid )); } } elseif (($adminId == '0') || (empty($adminId))) { // Select all email adresses $result = SQL_QUERY("SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` ORDER BY `id` ASC", __FUNCTION__, __LINE__); } else { // If Admin-Id is not "to-all" select $result = SQL_QUERY_ESC("SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id` IN (%s) ORDER BY `id` ASC", array($adminId), __FUNCTION__, __LINE__); } } // Load email addresses and send away while ($content = SQL_FETCHARRAY($result)) { sendEmail($content['email'], $subj, $message); } // END - while // Free memory SQL_FREERESULT($result); } // "Getter" for current admin's expert settings function getAminsExpertSettings () { // Default is has not the right $data['expert_settings'] = 'N'; // Get current admin login $admin = getAdminLogin(getCurrentAdminId()); // Lookup settings in cache if (isset($GLOBALS['cache_array']['admin']['expert_settings'][$admin])) { // Use cache $data['expert_settings'] = $GLOBALS['cache_array']['admin']['expert_settings'][$admin]; // Update cache hits incrementStatsEntry('cache_hits'); } elseif (!isExtensionInstalled('cache')) { // Load from database $result = SQL_QUERY_ESC("SELECT `expert_settings` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", array($admin), __FUNCTION__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { // Fetch data $data = SQL_FETCHARRAY($result); // Set cache $GLOBALS['cache_array']['admin']['expert_settings'][$admin] = $data['expert_settings']; } // END - if // Free memory SQL_FREERESULT($result); } // Return the result return $data['expert_settings']; } // "Getter" for current admin's expert warning (if he wants to see them or not function getAminsExpertWarning () { // Default is has not the right $data['expert_warning'] = 'N'; // Get current admin login $admin = getAdminLogin(getCurrentAdminId()); // Lookup warning in cache if (isset($GLOBALS['cache_array']['admin']['expert_warning'][$admin])) { // Use cache $data['expert_warning'] = $GLOBALS['cache_array']['admin']['expert_warning'][$admin]; // Update cache hits incrementStatsEntry('cache_hits'); } elseif (!isExtensionInstalled('cache')) { // Load from database $result = SQL_QUERY_ESC("SELECT `expert_warning` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", array($admin), __FUNCTION__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { // Fetch data $data = SQL_FETCHARRAY($result); // Set cache $GLOBALS['cache_array']['admin']['expert_warning'][$admin] = $data['expert_warning']; } // END - if // Free memory SQL_FREERESULT($result); } // Return the result return $data['expert_warning']; } // Get login_failures number from administrator's login name function getAdminLoginFailures ($adminLogin) { // Admin login should not be empty if (empty($adminLogin)) { debug_report_bug('adminLogin is empty.'); } // END - if // By default no admin is found $data['login_failures'] = '-1'; // Check cache if (isset($GLOBALS['cache_array']['admin']['login_failures'][$adminLogin])) { // Use it if found to save SQL queries $data['login_failures'] = $GLOBALS['cache_array']['admin']['login_failures'][$adminLogin]; // Update cache hits incrementStatsEntry('cache_hits'); } elseif (!isExtensionActive('cache')) { // Load from database $result = SQL_QUERY_ESC("SELECT `login_failures` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", array($adminLogin), __FUNCTION__, __LINE__); // Do we have an entry? if (SQL_NUMROWS($result) == 1) { // Get it $data = SQL_FETCHARRAY($result); } // END - if // Free result SQL_FREERESULT($result); } // Return the login_failures return $data['login_failures']; } // Get last_failure number from administrator's login name function getAdminLastFailure ($adminLogin) { // Admin login should not be empty if (empty($adminLogin)) { debug_report_bug('adminLogin is empty.'); } // END - if // By default no admin is found $data['last_failure'] = '-1'; // Check cache if (isset($GLOBALS['cache_array']['admin']['last_failure'][$adminLogin])) { // Use it if found to save SQL queries $data['last_failure'] = $GLOBALS['cache_array']['admin']['last_failure'][$adminLogin]; // Update cache hits incrementStatsEntry('cache_hits'); } elseif (!isExtensionActive('cache')) { // Load from database $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`last_failure`) AS `last_failure` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", array($adminLogin), __FUNCTION__, __LINE__); // Do we have an entry? if (SQL_NUMROWS($result) == 1) { // Get it $data = SQL_FETCHARRAY($result); } // END - if // Free result SQL_FREERESULT($result); } // Return the last_failure return $data['last_failure']; } //***************************************************************************** // Below only filter functions //***************************************************************************** // Filter for adding extra data to the query function FILTER_ADD_EXTRA_SQL_DATA ($add = '') { // Is the admins extension updated? (should be!) if (getExtensionVersion('admins') >= '0.3.0') $add .= ', `default_acl` AS def_acl'; if (getExtensionVersion('admins') >= '0.6.7') $add .= ', `la_mode`'; if (getExtensionVersion('admins') >= '0.7.2') $add .= ', `login_failures`, UNIX_TIMESTAMP(`last_failure`) AS last_failure'; if (getExtensionVersion('admins') >= '0.7.3') $add .= ', `expert_settings`, `expert_warning`'; // Return it return $add; } // Reset the login failures function FILTER_RESET_ADMINS_LOGIN_FAILURES ($data) { // Store it in session setSession('mxchange_admin_failures' , getAdminLoginFailures($data['login'])); setSession('mxchange_admin_last_failure', getAdminLastFailure($data['login'])); // Prepare update data $postData['login'][getCurrentAdminId()] = $data['login']; $postData['login_failures'][getCurrentAdminId()] = '0'; $postData['last_failure'][getCurrentAdminId()] = '0000-00-00 00:00:00'; // Change it in the admin adminsChangeAdminAccount($postData); // Always make sure the cache is destroyed rebuildCache('admin'); // Return the data for further processing return $data; } // Count the login failure function FILTER_COUNT_ADMINS_LOGIN_FAILURE ($data) { // Prepare update data $postData['login'][getCurrentAdminId()] = $data['login']; $postData['login_failures'][getCurrentAdminId()] = '`login_failures`+1'; $postData['last_failure'][getCurrentAdminId()] = 'NOW()'; // Change it in the admin adminsChangeAdminAccount($postData); // Always make sure the cache is destroyed rebuildCache('admin'); // Return the data for further processing return $data; } // Rehashes the given plain admin password and stores it the database function FILTER_REHASH_ADMINS_PASSWORD ($data) { // Generate new hash $newHash = generateHash($data['plain_pass']); // Prepare update data $postData['login'][getCurrentAdminId()] = $data['login']; $postData['password'][getCurrentAdminId()] = $newHash; // Change it in the admin adminsChangeAdminAccount($postData); // Update cookie/session and data array setSession('admin_md5', encodeHashForCookie($newHash)); $data['pass_hash'] = $newHash; // Always make sure the cache is destroyed rebuildCache('admin'); // Return the data for further processing return $data; } // [EOF] ?>