<?php
/************************************************************************
 * MXChange v0.2.1                                    Start: 04/18/2004 *
 * ================                             Last change: 04/18/2004 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : what-admins_edit.php                             *
 * -------------------------------------------------------------------- *
 * Short description : Edit admin accounts                              *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Admin-Account editieren                          *
 * -------------------------------------------------------------------- *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2008 by Roland Haeder                           *
 * For more information visit: http://www.mxchange.org                  *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License, or    *
 * (at your option) any later version.                                  *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

// Some security stuff...
if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
{
	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
	require($INC);
}
// Add description as navigation point
ADD_DESCR("admin", basename(__FILE__));

// Instance for the cache extension
global $CACHE;

// Set selection data to empty array when it is empty
if (empty($_POST['sel'])) $_POST['sel'] = array();

// Check if direct admin account was selected
if (!empty($_GET['admin']))
{
	// Secure ID number
	$aid = bigintval($_GET['admin']);
	$_POST['edit'] = "1";
	$_POST['sel'][$aid] = array("1");
}

if ((isset($_POST['edit'])) && (SELECTION_COUNT($_POST['sel']) > 0))
{
	// Edit account(s)
	$SW = 2; $OUT = "";
	foreach ($_POST['sel'] as $id=>$sel)
	{
		$result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
		 array(bigintval($id)), __FILE__, __LINE__);
		if (SQL_NUMROWS($result) == 1)
		{
			// Entry found
			$content = SQL_FETCHARRAY($result);
			SQL_FREERESULT($result);
			$content['mode']    = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
			$content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);

			// Prepare some more data for the template
			$content['sw'] = $SW;
			$content['id'] = $id;

			// Load row template and switch color
			$OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);
			$SW = 3 - $SW;
		}
	}
	define('__ADMINS_ROWS', $OUT);

	// Load template
	LOAD_TEMPLATE("admin_edit_admins");
}
 elseif ((isset($_POST['change'])) && (sizeof($_POST['login']) > 0))
{
	// Change admin accounts
	$CACHE_UPDATE = "0";
	foreach ($_POST['login'] as $id=>$login)
	{
		// Secure ID number
		$id = bigintval($id);

		// When both passwords match update admin account
		if ($_POST['pass1'][$id] == $_POST['pass2'][$id])
		{
			// Save only when both passwords are the same (also when they are empty)
			$ADD = ""; $CACHE_UPDATE = "1";

			// Generate hash
			$hash = generateHash($_POST['pass1'][$id]);

			// Save password when set
			if (!empty($_POST['pass1'][$id])) $ADD = ", password='".$hash."'";

			// Get admin's ID
			$salt = substr(GET_ADMIN_HASH($_SESSION['admin_login']), 0, -40);
			$aid = GET_ADMIN_ID($_SESSION['admin_login']);

			// Rewrite cookie when it's own account
			if ($aid == $id)
			{
				// Timeout
				$TIMEOUT = time() + bigintval($_SESSION['admin_to']);

				// Set timeout cookie
				set_session("admin_last", time(), $TIMEOUT, COOKIE_PATH);

				if ($login != $_SESSION['admin_login'])
				{
					// Update login cookie
					set_session("admin_login", $login, $TIMEOUT, COOKIE_PATH);

					// Update password cookie as well?
					if (!empty($ADD)) set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
				}
				 elseif (generateHash($_POST['pass1'][$id], $salt) != $_SESSION['admin_md5'])
				{
					// Update password cookie
					set_session("admin_md5", $hash, $TIMEOUT, COOKIE_PATH);
				}

			}

			// Update admin account
			$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
login='%s'".$ADD.",
email='%s',
default_acl='%s',
la_mode='%s'
WHERE id=%d LIMIT 1",
 array(
	$login,
	$_POST['email'][$id],
	$_POST['mode'][$id],
	$_POST['la_mode'][$id],
	$id
), __FILE__, __LINE__);

			// Admin account saved
			$MSG = ADMIN_ACCOUNT_SAVED;
		}
		 else
		{
			// Passwords did not match
			$MSG = ADMINS_ERROR_PASS_MISMATCH;
		}
	}

	// Remove cache file
	if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
	{
		if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
	}

	// Display message
	if (!empty($MSG))
	{
		LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");
	}
}
 elseif ((isset($_POST['del'])) && (SELECTION_COUNT($_POST['sel']) > 0))
{
	// Check if this account is the last one which cannot be deleted...
	$result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);
	$accounts = SQL_NUMROWS($result_main);
	SQL_FREERESULT($result_main);
	if ($accounts > 1)
	{
		// Delete accounts
		$SW = 2; $OUT = "";
		foreach ($_POST['sel'] as $id=>$sel)
		{
			$result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
			 array(bigintval($id)), __FILE__, __LINE__);
			if (SQL_NUMROWS($result) == 1)
			{
				// Entry found
				$content = SQL_FETCHARRAY($result);
				SQL_FREERESULT($result);
				$eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
				eval($eval);
				$eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
				eval($eval);

				// Prepare some more data
				$content['sw'] = $SW;
				$content['id'] = $id;

				// Load row template and switch color
				$OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);
				$SW = 3 - $SW;
			}
		}
		define('__ADMINS_ROWS', $OUT);

		// Load template
		LOAD_TEMPLATE("admin_del_admins");
	}
	 else
	{
		// Cannot delete last account!
		LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);
	}
}
 else
{
	if ((isset($_POST['remove'])) && (SELECTION_COUNT($_POST['sel']) > 0))
	{
		// Remove accounts now
		$CACHE_UPDATE = "0";
		foreach ($_POST['sel'] as $id=>$del)
		{
			// Delete only when it's not your own account!
			if (($del == 1) && (GET_ADMIN_ID($_SESSION['admin_login']) != $id))
			{
				// Rewrite his tasks to all admins
				$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",
				 array(bigintval($id)), __FILE__, __LINE__);

				// Remove account
				$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
				 array(bigintval($id)), __FILE__, __LINE__);

				$CACHE_UPDATE = "1";
			}
		}

		// Remove cache if cache system is activated
		if ((EXT_IS_ACTIVE("cache")) && ($CACHE_UPDATE == "1"))
		{
			if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy();
		}
	}

	// List all admin accounts
	$result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login", __FILE__, __LINE__);
	$SW = 2; $OUT = "";
	while ($content = SQL_FETCHARRAY($result))
	{
		// Compile some variables
		$eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
		eval($eval);
		$eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
		eval($eval);

		// Prepare some more data
		$content['sw']         = $SW;
		$content['email_link'] = CREATE_EMAIL_LINK($content['id']);

		// Load row template and switch color
		$OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);
		$SW = 3 - $SW;
	}

	// Free memory
	SQL_FREERESULT($result);
	define('__ADMINS_ROWS', $OUT);

	// Load template
	LOAD_TEMPLATE("admin_list_admins");
}
//
?>