More improved SQL queries
[mailer.git] / inc / libs / admins_functions.php
index f0cdd75..e23ef16 100644 (file)
@@ -39,7 +39,7 @@ if (!defined('__SECURITY')) {
 
 // Check ACL for menu combination
 function ADMINS_CHECK_ACL($act, $wht) {
-       global $cacheArray, $_CONFIG, $cacheInstance;
+       global $cacheArray, $cacheInstance;
        // If action is login or logout allow allways!
        $default = "allow";
        if (($act == "login") || ($act == "logout")) return true;
@@ -48,12 +48,11 @@ function ADMINS_CHECK_ACL($act, $wht) {
        $ret = false;
 
        // Get admin's ID
-       $aid = GET_ADMIN_ID(get_session('admin_login'));
+       $aid = GET_CURRENT_ADMIN_ID();
 
        // Get admin's defult access right
        $default = GET_ADMIN_DEFAULT_ACL($aid);
 
-
        if (!empty($wht)) {
                // Check for parent menu:
                // First get it's action value
@@ -87,7 +86,7 @@ function ADMINS_CHECK_ACL($act, $wht) {
                                        }
                                        if ($lines == 1) {
                                                // Count cache hits
-                                               if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; }
+                                               incrementConfigEntry('cache_hits');
                                                break;
                                        }
                                }
@@ -107,11 +106,11 @@ function ADMINS_CHECK_ACL($act, $wht) {
                if (!empty($act))
                {
                        // Main menu
-                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND action_menu='%s' LIMIT 1",
                         array(bigintval($aid), $act), __FILE__, __LINE__);
                } elseif (!empty($wht)) {
                        // Sub menu
-                       $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND what_menu='%s' LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT access_mode FROM `{!_MYSQL_PREFIX!}_admins_acls` WHERE admin_id=%s AND what_menu='%s' LIMIT 1",
                         array(bigintval($aid), $wht), __FILE__, __LINE__);
                }
 
@@ -132,12 +131,12 @@ function ADMINS_CHECK_ACL($act, $wht) {
 
 // Create email link to admins's account
 function ADMINS_CREATE_EMAIL_LINK($email, $mod="admin") {
-       $locked = " AND status='CONFIRMED'";
+       $locked = " AND `status`='CONFIRMED'";
        if (IS_ADMIN()) $locked = "";
        if (strpos("@", $email) > 0) {
                // Create email link
                $result = SQL_QUERY_ESC("SELECT id
-FROM "._MYSQL_PREFIX."_admins
+FROM `{!_MYSQL_PREFIX!}_admins`
 WHERE email='%s'".$locked." LIMIT 1",
  array($email), __FILE__, __LINE__);
 
@@ -147,14 +146,14 @@ WHERE email='%s'".$locked." LIMIT 1",
                        list($uid) = SQL_FETCHROW($result);
 
                        // Rewrite email address to contact link
-                       $email = URL."/modules.php?module=".$mod."&what=user_contct&u_id=".bigintval($uid);
+                       $email = "{!URL!}/modules.php?module=".$mod."&what=user_contct&u_id=".bigintval($uid);
                }
 
                // Free memory
                SQL_FREERESULT($result);
        } elseif (bigintval($email) > 0) {
                // Direct ID given
-               $email = URL."/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($email);
+               $email = "{!URL!}/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($email);
        }
 
        // Return rewritten (?) email address
@@ -183,58 +182,58 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) {
                        if (!empty($POST['pass1'][$id])) $ADD = sprintf(", password='%s'", SQL_ESCAPE($hash));
 
                        // Get admin's ID
-                       $aid = GET_ADMIN_ID(get_session('admin_login'));
+                       $aid = GET_CURRENT_ADMIN_ID();
                        $salt = substr(GET_ADMIN_HASH($aid), 0, -40);
 
                        // Rewrite cookie when it's own account
                        if ($aid == $id) {
                                // Set timeout cookie
-                               set_session("admin_last", time());
+                               set_session('admin_last', time());
 
                                if ($login != get_session('admin_login')) {
                                        // Update login cookie
-                                       set_session("admin_login", $login);
+                                       set_session('admin_login', $login);
 
                                        // Update password cookie as well?
-                                       if (!empty($ADD)) set_session("admin_md5", $hash);
+                                       if (!empty($ADD)) set_session('admin_md5', $hash);
                                } elseif (generateHash($POST['pass1'][$id], $salt) != get_session('admin_md5')) {
                                        // Update password cookie
-                                       set_session("admin_md5", $hash);
+                                       set_session('admin_md5', $hash);
                                }
                        } // END - if
 
                        // Get default ACL from admin to check if we can allow him to change the default ACL
-                       $default = GET_ADMIN_DEFAULT_ACL(GET_ADMIN_ID(get_session('admin_login')));
+                       $default = GET_ADMIN_DEFAULT_ACL(GET_CURRENT_ADMIN_ID());
 
                        // Update admin account
                        if ($default == "allow") {
                                // Allow changing default ACL
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
+                               SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET
 login='%s'".$ADD.",
 email='%s',
 default_acl='%s',
 la_mode='%s'
 WHERE id=%s LIMIT 1",
- array(
-       $login,
-       $POST['email'][$id],
-       $POST['mode'][$id],
-       $POST['la_mode'][$id],
-       $id
-), __FILE__, __LINE__);
                                      array(
+                                               $login,
+                                               $POST['email'][$id],
+                                               $POST['mode'][$id],
+                                               $POST['la_mode'][$id],
+                                               $id
+                                       ), __FILE__, __LINE__);
                        } else {
                                // Do not allow it here
-                               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
+                               SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET
 login='%s'".$ADD.",
 email='%s',
 la_mode='%s'
 WHERE id=%s LIMIT 1",
- array(
-       $login,
-       $POST['email'][$id],
-       $POST['la_mode'][$id],
-       $id
-), __FILE__, __LINE__);
                                      array(
+                                               $login,
+                                               $POST['email'][$id],
+                                               $POST['la_mode'][$id],
+                                               $id
+                                       ), __FILE__, __LINE__);
                        }
 
                        // Purge cache
@@ -249,18 +248,19 @@ WHERE id=%s LIMIT 1",
 
                // Display message
                if (!empty($MSG)) {
-                       LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");
+                       LOAD_TEMPLATE("admin_settings_saved", false, $MSG);
                }
        }
 
        // Remove cache file
-       if ((EXT_IS_ACTIVE("cache")) && ($cache_update == "1")) {
-               if ($cacheInstance->loadCacheFile("admins")) $cacheInstance->destroyCacheFile();
-       }
+       RUN_FILTER('post_admin_edited', $_POST);
 }
 
 // Make admin accounts editable
 function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) {
+       // "Resolve" current's admin access mode
+       $currMode = GET_ADMIN_DEFAULT_ACL(GET_CURRENT_ADMIN_ID());
+
        // Begin the edit loop
        $SW = 2; $OUT = "";
        foreach ($POST['sel'] as $id => $sel) {
@@ -268,8 +268,8 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) {
                $id = bigintval($id);
 
                // Get the admin's data
-               $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
-                array($id), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM `{!_MYSQL_PREFIX!}_admins` WHERE id=%s LIMIT 1",
+                       array($id), __FILE__, __LINE__);
                if ((SQL_NUMROWS($result) == 1) && ($sel == 1)) {
                        // Entry found
                        $content = SQL_FETCHARRAY($result);
@@ -280,9 +280,9 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) {
                        $content['id'] = $id;
 
                        // Shall we allow changing default ACL?
-                       if ($content['mode'] == "allow") {
+                       if ($currMode == "allow") {
                                // Allow chaning it
-                               $content['mode']    = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
+                               $content['mode']    = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(constant('ADMINS_ALLOW_MODE'), constant('ADMINS_DENY_MODE')), $content['mode']);
                        } else {
                                // Don't allow it
                                $content['mode'] = "&nbsp;";
@@ -303,7 +303,7 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) {
 // Delete given admin accounts
 function ADMINS_DELETE_ADMIN_ACCOUNTS ($POST) {
        // Check if this account is the last one which cannot be deleted...
-       $result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);
+       $result_main = SQL_QUERY("SELECT id FROM `{!_MYSQL_PREFIX!}_admins`", __FILE__, __LINE__);
        $accounts = SQL_NUMROWS($result_main);
        SQL_FREERESULT($result_main);
        if ($accounts > 1) {
@@ -314,7 +314,7 @@ function ADMINS_DELETE_ADMIN_ACCOUNTS ($POST) {
                        $id = bigintval($id);
 
                        // Get the admin's data
-                       $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
+                       $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM `{!_MYSQL_PREFIX!}_admins` WHERE id=%s LIMIT 1",
                         array($id), __FILE__, __LINE__);
                        if (SQL_NUMROWS($result) == 1) {
                                // Entry found
@@ -338,7 +338,7 @@ function ADMINS_DELETE_ADMIN_ACCOUNTS ($POST) {
                LOAD_TEMPLATE("admin_del_admins");
        } else {
                // Cannot delete last account!
-               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);
+               LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_ADMINS_CANNOT_DELETE_LAST'));
        }
 }
 
@@ -351,14 +351,14 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) {
                $id = bigintval($id);
 
                // Delete only when it's not your own account!
-               if (($del == 1) && (GET_ADMIN_ID(get_session('admin_login')) != $id)) {
+               if (($del == 1) && (GET_CURRENT_ADMIN_ID() != $id)) {
                        // Rewrite his tasks to all admins
-                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin=0 WHERE assigned_admin=%s",
+                       SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_task_system` SET assigned_admin=0 WHERE assigned_admin=%s",
                         array($id), __FILE__, __LINE__);
 
                        // Remove account
-                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
-                        array($id), __FILE__, __LINE__);
+                       SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{!_MYSQL_PREFIX!}_admins` WHERE id=%s LIMIT 1",
+                               array($id), __FILE__, __LINE__);
 
                        // Purge cache
                        CACHE_PURGE_ADMIN_MENU($id);
@@ -367,15 +367,13 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) {
        }
 
        // Remove cache if cache system is activated
-       if ((EXT_IS_ACTIVE("cache")) && ($cache_update == "1")) {
-               if ($cacheInstance->loadCacheFile("admins")) $cacheInstance->destroyCacheFile();
-       }
+       RUN_FILTER('post_admin_deleted', $_POST);
 }
 
 // List all admin accounts
 function ADMINS_LIST_ADMIN_ACCOUNTS() {
        // Select all admin accounts
-       $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login ASC", __FILE__, __LINE__);
+       $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM `{!_MYSQL_PREFIX!}_admins` ORDER BY login ASC", __FILE__, __LINE__);
        $SW = 2; $OUT = "";
        while ($content = SQL_FETCHARRAY($result)) {
                // Compile some variables
@@ -399,5 +397,16 @@ function ADMINS_LIST_ADMIN_ACCOUNTS() {
        LOAD_TEMPLATE("admin_list_admins");
 }
 
+// Filter for adding extra data to the query
+function FILTER_ADD_EXTRA_SQL_DATA ($ADD = "") {
+       // Is the admins extension updated? (should be!)
+       if (GET_EXT_VERSION("admins") >= "0.3")   $ADD .= ", default_acl AS def_acl";
+       if (GET_EXT_VERSION("admins") >= "0.6.7") $ADD .= ", la_mode";
+       if (GET_EXT_VERSION("admins") >= "0.7.2") $ADD .= ", login_failures, UNIX_TIMESTAMP(last_failure) AS last_failure";
+
+       // Return it
+       return $ADD;
+}
+
 //
 ?>