Checking for admin ACL now as filter

[mailer.git] / inc / filters.php

diff --git a/inc/filters.php b/inc/filters.php
index fe843fb8f0a74f9ad1c1835985e69490ba1bea1d..4a1575815672ad5022034245dd0f59035746f7dc 100644 (file)
--- a/inc/filters.php
+++ b/inc/filters.php
@@ -125,6 +125,9 @@ ORDER BY `filter_id` ASC", __FILE__, __LINE__);
        // Run SQLs
        REGISTER_FILTER('run_sqls', 'RUN_SQLS');
 
        // Run SQLs
        REGISTER_FILTER('run_sqls', 'RUN_SQLS');
 

+       // Admin ACL check
+       REGISTER_FILTER('check_admin_acl', 'CHECK_ADMIN_ACL');
+

        // Register shutdown filters
        REGISTER_FILTER('shutdown', 'FLUSH_FILTERS');
 }
        // Register shutdown filters
        REGISTER_FILTER('shutdown', 'FLUSH_FILTERS');
 }


@@ -474,7 +477,7 @@ function FILTER_UPDATE_LOGIN_DATA () {
 
                        // Update last module / online time
                        $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",
 
                        // Update last module / online time
                        $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",

-                        array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);
+                               array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);

                }
        }  else {
                // Destroy session, we cannot update!
                }
        }  else {
                // Destroy session, we cannot update!


@@ -482,5 +485,27 @@ function FILTER_UPDATE_LOGIN_DATA () {
        }
 }
 
        }
 }
 

+// Filter for checking admin ACL
+function FILTER_CHECK_ADMIN_ACL () {
+       // Extension not installed so it's always allowed to access everywhere!
+       $ret = true;
+
+       // Ok, Cookie-Update done
+       if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) {
+               // Check if action GET variable was set
+               $action = SQL_ESCAPE($GLOBALS['action']);
+               if (!empty($GLOBALS['what'])) {
+                       // Get action value by what-value
+                       $action = GET_ACTION("admin", $GLOBALS['what']);
+               } // END - if
+
+               // Check for access control line of current menu entry
+               $ret = ADMINS_CHECK_ACL($action, $GLOBALS['what']);
+       } // END - if
+
+       // Return result
+       return $ret;
+}
+

 //
 ?>
 //
 ?>