0)) { // Lookup in cache if ((!empty($action)) && (isset($GLOBALS['cache_array']['admin_acls']['action_menu'][$adminId])) & (in_array($action, $GLOBALS['cache_array']['admin_acls']['action_menu'][$adminId]))) { // Search for it $key = array_search($action, $GLOBALS['cache_array']['admin_acls']['action_menu'][$adminId]); // Main menu line found $aclMode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$adminId][$key]; // Log debug message //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'action=' . $action . ',key=' . $key . ',acl_mode=' . $aclMode); // Count cache hits incrementStatsEntry('cache_hits'); } elseif ((!empty($what)) && (isset($GLOBALS['cache_array']['admin_acls']['what_menu'][$adminId])) && (in_array($what, $GLOBALS['cache_array']['admin_acls']['what_menu'][$adminId]))) { // Search for it $key = array_search($action, $GLOBALS['cache_array']['admin_acls']['what_menu'][$adminId]); // Check sub menu $aclMode = $GLOBALS['cache_array']['admin_acls']['access_mode'][$adminId][$key]; // Log debug message //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'what=' . $what . ',key=' . $key . ',acl_mode=' . $aclMode); // Count cache hits incrementStatsEntry('cache_hits'); } } elseif (!isExtensionActive('cache')) { // Extension ext-cache is absent, so load it from database $result = false; if (!empty($action)) { // Main menu $result = SQL_QUERY_ESC("SELECT `access_mode` FROM `{?_MYSQL_PREFIX?}_admins_acls` WHERE `admin_id`=%s AND `action_menu`='%s' LIMIT 1", array(bigintval($adminId), $action), __FUNCTION__, __LINE__); } elseif (!empty($what)) { // Sub menu $result = SQL_QUERY_ESC("SELECT `access_mode` FROM `{?_MYSQL_PREFIX?}_admins_acls` WHERE `admin_id`=%s AND `what_menu`='%s' LIMIT 1", array(bigintval($adminId), $what), __FUNCTION__, __LINE__); } // Is an entry found? if (SQL_NUMROWS($result) == 1) { // Load ACL list($aclMode) = SQL_FETCHROW($result); } // END - if // Free memory SQL_FREERESULT($result); } // Check ACL and (maybe) allow //* DEBUG: */ debugOutput('default='.$default.',acl_mode='.$aclMode.',parent='.intval($parent)); if ((($default == 'allow') && ($aclMode != 'deny')) || (($default == 'deny') && ($aclMode == 'allow')) || ($parent === true) || (($default == 'NO-ACL') && ($aclMode == 'failed') && ($parent === false))) { // Access is granted $GLOBALS[__FUNCTION__][$adminId][$action][$what] = true; } // END - if // Return value //* DEBUG: */ debugOutput(__FUNCTION__.'['.__LINE__.']:act='.$action.',wht='.$what.',default='.$default.',aclMode='.$aclMode); return $GLOBALS[__FUNCTION__][$adminId][$action][$what]; } // Create email link to admins's account function generateAdminEmailLink ($email, $mod = 'admin') { // Is it an email? if (strpos($email, '@') !== false) { // Create email link $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1", array($email), __FUNCTION__, __LINE__); // Is there an entry? if (SQL_NUMROWS($result) == 1) { // Load userid list($adminId) = SQL_FETCHROW($result); // Rewrite email address to contact link $email = '{%url=modules.php?module=' . $mod . '&what=admins_contct&admin=' . bigintval($adminId) . '%}'; } // END - if // Free memory SQL_FREERESULT($result); } elseif ((is_int($email)) && ($email > 0)) { // Direct id given $email = '{%url=modules.php?module=' . $mod . '&what=admins_contct&admin=' . bigintval($email) . '%}'; } // Return rewritten (?) email address return $email; } // Change a lot admin account function adminsChangeAdminAccount ($postData, $element = '', $displayMessage = true) { // Begin the update $cache_update = '0'; $message = ''; foreach ($postData['login'] as $id => $login) { // Secure id number $id = bigintval($id); /* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'id=' . $id . ',login=' . $login); // When both passwords match update admin account if ((!empty($element)) && (isset($postData[$element]))) { // Save this setting SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `%s`='%s' WHERE `id`=%s LIMIT 1", array($element, $postData[$element][$id], $id), __FUNCTION__, __LINE__); // Admin account saved $message = '{--ADMIN_ACCOUNT_SAVED--}'; } elseif ((!empty($postData['pass1'])) && (!empty($postData['pass2']))) { // Update only if both passwords match if (($postData['pass1'][$id] == $postData['pass2'][$id])) { // Save only when both passwords are the same (also when they are empty) $add = ''; $cache_update = 1; // Generate hash $hash = generateHash($postData['pass1'][$id]); // Save password when set if (!empty($postData['pass1'][$id])) { $add = sprintf(", `password`='%s'", SQL_ESCAPE($hash)); } // END - if // Get admin's id $adminId = getCurrentAdminId(); $salt = substr(getAdminHash(getAdminLogin($adminId)), 0, -40); // Rewrite cookie when it's own account if ($adminId == $id) { // Set timeout cookie setAdminLast(time()); if ($adminId != getCurrentAdminId()) { // Update login cookie setAdminId($adminId); // Update password cookie as well? if (!empty($add)) { setAdminMd5($hash); } // END - if } elseif (generateHash($postData['pass1'][$id], $salt) != getAdminMd5()) { // Update password cookie setAdminMd5($hash); } } // END - if // Get default ACL from admin to check if we can allow him to change the default ACL $default = getAdminDefaultAcl(getCurrentAdminId()); // Update admin account if ($default == 'allow') { // Allow changing default ACL SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login`='%s'" . $add . ", `email`='%s', `default_acl`='%s', `la_mode`='%s' WHERE `id`=%s LIMIT 1", array( $login, $postData['email'][$id], $postData['mode'][$id], $postData['la_mode'][$id], $id ), __FUNCTION__, __LINE__); } else { // Do not allow it here SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login`='%s'" . $add . ", `email`='%s', `la_mode`='%s' WHERE `id`=%s LIMIT 1", array( $login, $postData['email'][$id], $postData['la_mode'][$id], $id ), __FUNCTION__, __LINE__); } // Admin account saved $message = '{--ADMIN_ACCOUNT_SAVED--}'; } else { // Passwords did not match $message = '{--ADMIN_ADMINS_ERROR_PASS_MISMATCH--}'; } } else { // Update whole array $SQL = 'UPDATE `{?_MYSQL_PREFIX?}_admins` SET '; foreach ($postData as $entry => $value) { // Skip login/id entry if (in_array($entry, array('login', 'id'))) { continue; } // END - if // Do we have a non-string (e.g. number, NULL, NOW() or back-tick at the beginning? if (is_null($value[$id])) { // NULL detected $SQL .= '`' . $entry . '`=NULL, '; } elseif ((bigintval($value[$id], true, false) === $value[$id]) || ($value[$id] == 'NOW()') || (substr($value[$id], 0, 1) == '`')) { // No need for ticks (') $SQL .= '`' . $entry . '`=' . $value[$id] . ', '; } else { // Strings need ticks (') around them $SQL .= '`' . $entry . "`='" . SQL_ESCAPE($value[$id]) . "', "; } } // END - foreach // Remove last 2 chars and finish query $SQL = substr($SQL, 0, -2) . ' WHERE `id`=%s LIMIT 1'; // Run it SQL_QUERY_ESC($SQL, array(bigintval($id)), __FUNCTION__, __LINE__); // Was it updated? if (SQL_AFFECTEDROWS() == 1) { // Admin account saved $message = '{--ADMIN_ACCOUNT_SAVED--}'; } else { // Passwords did not match $message = '{--ADMIN_ADMINS_ERROR_PASS_MISMATCH--}'; } } } // END - foreach // Display message if (!empty($message)) { if ($displayMessage === true) { displayMessage($message); } // END - if } // END - if // Remove cache file runFilterChain('post_form_submited', postRequestArray()); // Return message return $message; } // Make admin accounts editable function adminsEditAdminAccount ($postData) { // "Resolve" current's admin access mode $currMode = getAdminDefaultAcl(getCurrentAdminId()); // Begin the edit loop $OUT = ''; foreach ($postData['sel'] as $id => $selected) { // Secure id number $id = bigintval($id); // Get the admin's data $result = SQL_QUERY_ESC("SELECT `login`, `email`, `default_acl` AS mode, `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($id), __FUNCTION__, __LINE__); if ((SQL_NUMROWS($result) == 1) && ($selected == 1)) { // Entry found $content = SQL_FETCHARRAY($result); SQL_FREERESULT($result); // Prepare some more data for the template $content['id'] = $id; // Shall we allow changing default ACL? if ($currMode == 'allow') { // Allow chaning it $content['mode'] = generateOptionList('/ARRAY/', array('allow', 'deny'), array('{--ADMIN_ADMINS_ACCESS_MODE_ALLOW--}', '{--ADMIN_ADMINS_ACCESS_MODE_DENY--}'), $content['mode']); } else { // Don't allow it $content['mode'] = ' '; } $content['la_mode'] = generateOptionList('/ARRAY/', array('global', 'OLD', 'NEW'), array('{--ADMIN_ADMINS_LA_MODE_GLOBAL--}', '{--ADMIN_ADMINS_LA_MODE_OLD--}', '{--ADMIN_ADMINS_LA_MODE_NEW--}'), $content['la_mode']); // Load row template and switch color $OUT .= loadTemplate('admin_edit_admins_row', true, $content); } // END - if } // END - foreach // Load template loadTemplate('admin_edit_admins', false, $OUT); } // Delete given admin accounts function adminsDeleteAdminAccount ($postData) { // Check if this account is the last one which cannot be deleted... if (countSumTotalData('', 'admins', 'id', '', true) > 1) { // Delete accounts $OUT = ''; foreach ($postData['sel'] as $id => $selected) { // Secure id number $id = bigintval($id); // Get the admin's data $result = SQL_QUERY_ESC("SELECT `login`, `email`, `default_acl` AS `mode`, `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($id), __FUNCTION__, __LINE__); // Do we have an entry? if (SQL_NUMROWS($result) == 1) { // Entry found, so load data $content = SQL_FETCHARRAY($result); $content['mode'] = '{--ADMIN_ADMINS_ACCESS_MODE_' . strtoupper($content['mode']) . '--}'; $content['la_mode'] = '{--ADMIN_ADMINS_LA_MODE_' . strtoupper($content['la_mode']) . '--}'; // Prepare some more data $content['id'] = $id; // Load row template and switch color $OUT .= loadTemplate('admin_delete_admins_row', true, $content); } // END - if // Free result SQL_FREERESULT($result); } // END - foreach // Load template loadTemplate('admin_delete_admins', false, $OUT); } else { // Cannot delete last account! displayMessage('{--ADMIN_ADMINS_CANNOT_DELETE_LAST--}'); } } // Remove the given accounts function adminsRemoveAdminAccount ($postData) { // Begin removal $cache_update = '0'; foreach ($postData['sel'] as $id => $del) { // Secure id number $id = bigintval($id); // Delete only when it's not your own account! if (($del == 1) && (getCurrentAdminId() != $id)) { // Rewrite his tasks to all admins SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_task_system` SET `assigned_admin`=NULL WHERE `assigned_admin`=%s", array($id), __FUNCTION__, __LINE__); // Remove account SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($id), __FUNCTION__, __LINE__); } } // Remove cache if cache system is activated runFilterChain('post_form_deleted', postRequestArray()); } // List all admin accounts function adminsListAdminAccounts() { // Select all admin accounts $result = SQL_QUERY('SELECT `id`, `login`, `email`, `default_acl` AS mode, `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` ORDER BY `login` ASC', __FUNCTION__, __LINE__); $OUT = ''; while ($content = SQL_FETCHARRAY($result)) { // Compile some variables $content['mode'] = '{--ADMIN_ADMINS_ACCESS_MODE_' . strtoupper($content['mode']) . '--}'; $content['la_mode'] = '{--ADMIN_ADMINS_LA_MODE_' . strtoupper($content['la_mode']) . '--}'; // Load row template and switch color $OUT .= loadTemplate('admin_list_admins_row', true, $content); } // END - while // Free memory SQL_FREERESULT($result); // Load template loadTemplate('admin_list_admins', false, $OUT); } // Sends out mail to all administrators // IMPORTANT: Please use sendAdminNotification() instead of calling this function directly function sendAdminsEmails ($subj, $template, $content, $userid) { // Trim template name $template = trim($template); // Load email template $message = loadEmailTemplate($template, $content, $userid); // Check which admin shall receive this mail $result = SQL_QUERY_ESC("SELECT `admin_id` FROM `{?_MYSQL_PREFIX?}_admins_mails` WHERE `mail_template`='%s' ORDER BY `admin_id` ASC", array($template), __FUNCTION__, __LINE__); // No entries found? if (SQL_HASZERONUMS($result)) { // Create new entry (to all admins) SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins_mails` (`admin_id`, `mail_template`) VALUES (0, '%s')", array($template), __FUNCTION__, __LINE__); } else { // Load admin ids... // @TODO This can be, somehow, rewritten $adminIds = array(); while ($content = SQL_FETCHARRAY($result)) { $adminIds[] = $content['admin_id']; } // END - while // Free memory SQL_FREERESULT($result); // Init result $result = false; // "implode" ids and query string $adminId = implode(',', $adminIds); if ($adminId == '-1') { if (isExtensionActive('events')) { // Add line to user events EVENTS_ADD_LINE($subj, $message, $userid); } else { // Log error for debug logDebugMessage(__FUNCTION__, __LINE__, sprintf("Extension 'events' missing: tpl=%s,subj=%s,userid=%s", $template, $subj, $userid )); } } elseif (($adminId == '0') || (empty($adminId))) { // Select all email adresses $result = SQL_QUERY('SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` ORDER BY `id` ASC', __FUNCTION__, __LINE__); } else { // If Admin-Id is not "to-all" select $result = SQL_QUERY_ESC("SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id` IN (%s) ORDER BY `id` ASC", array($adminId), __FUNCTION__, __LINE__); } } // Load email addresses and send away while ($content = SQL_FETCHARRAY($result)) { sendEmail($content['email'], $subj, $message); } // END - while // Free memory SQL_FREERESULT($result); } // "Getter" for current admin's expert settings function getAminsExpertSettings () { // Default is has not the right $data['expert_settings'] = 'N'; // Get current admin Id $adminId = getCurrentAdminId(); // Lookup settings in cache if (isset($GLOBALS['cache_array']['admin']['expert_settings'][$adminId])) { // Use cache $data['expert_settings'] = $GLOBALS['cache_array']['admin']['expert_settings'][$adminId]; // Update cache hits incrementStatsEntry('cache_hits'); } elseif (!isExtensionInstalled('cache')) { // Load from database $result = SQL_QUERY_ESC("SELECT `expert_settings` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($adminId), __FUNCTION__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { // Fetch data $data = SQL_FETCHARRAY($result); // Set cache $GLOBALS['cache_array']['admin']['expert_settings'][$adminId] = $data['expert_settings']; } // END - if // Free memory SQL_FREERESULT($result); } // Return the result return $data['expert_settings']; } // "Getter" for current admin's expert warning (if he wants to see them or not function getAminsExpertWarning () { // Default is has not the right $data['expert_warning'] = 'N'; // Get current admin id $adminId = getCurrentAdminId(); // Lookup warning in cache if (isset($GLOBALS['cache_array']['admin']['expert_warning'][$adminId])) { // Use cache $data['expert_warning'] = $GLOBALS['cache_array']['admin']['expert_warning'][$adminId]; // Update cache hits incrementStatsEntry('cache_hits'); } elseif (!isExtensionInstalled('cache')) { // Load from database $result = SQL_QUERY_ESC("SELECT `expert_warning` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($adminId), __FUNCTION__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { // Fetch data $data = SQL_FETCHARRAY($result); // Set cache $GLOBALS['cache_array']['admin']['expert_warning'][$adminId] = $data['expert_warning']; } // END - if // Free memory SQL_FREERESULT($result); } // Return the result return $data['expert_warning']; } // Get login_failures number from administrator's login name function getAdminLoginFailures ($adminId) { // Admin login should not be empty if (empty($adminId)) { debug_report_bug(__FUNCTION__, __LINE__, 'adminId is empty.'); } // END - if // By default no admin is found $data['login_failures'] = -1; // Check cache if (isset($GLOBALS['cache_array']['admin']['login_failures'][$adminId])) { // Use it if found to save SQL queries $data['login_failures'] = $GLOBALS['cache_array']['admin']['login_failures'][$adminId]; // Update cache hits incrementStatsEntry('cache_hits'); } elseif (!isExtensionActive('cache')) { // Load from database $result = SQL_QUERY_ESC("SELECT `login_failures` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($adminId), __FUNCTION__, __LINE__); // Do we have an entry? if (SQL_NUMROWS($result) == 1) { // Get it $data = SQL_FETCHARRAY($result); } // END - if // Free result SQL_FREERESULT($result); } // Return the login_failures return $data['login_failures']; } // Get last_failure number from administrator's login name function getAdminLastFailure ($adminId) { // Admin login should not be empty if (empty($adminId)) { debug_report_bug(__FUNCTION__, __LINE__, 'adminId is empty.'); } // END - if // By default no admin is found $data['last_failure'] = -1; // Check cache if (isset($GLOBALS['cache_array']['admin']['last_failure'][$adminId])) { // Use it if found to save SQL queries $data['last_failure'] = $GLOBALS['cache_array']['admin']['last_failure'][$adminId]; // Update cache hits incrementStatsEntry('cache_hits'); } elseif (!isExtensionActive('cache')) { // Load from database $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`last_failure`) AS `last_failure` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($adminId), __FUNCTION__, __LINE__); // Do we have an entry? if (SQL_NUMROWS($result) == 1) { // Get it $data = SQL_FETCHARRAY($result); } // END - if // Free result SQL_FREERESULT($result); } // Return the last_failure return $data['last_failure']; } //----------------------------------------------------------------------------- // Wrapper functions //----------------------------------------------------------------------------- // Wrapper function to check wether expert setting warning is enabled function isAdminsExpertWarningEnabled () { return (getAminsExpertWarning() == 'Y'); } // [EOF] ?>