notice fix
[mailer.git] / inc / libs / admins_functions.php
index eb79a8c..fa205b2 100644 (file)
@@ -37,10 +37,10 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
-//
-function ADMINS_CHECK_ACL($act, $wht)
-{
-       global $ADMINS, $ADMINS_ACLS, $CONFIG, $CACHE;
+
+// Check ACL for menu combination
+function ADMINS_CHECK_ACL($act, $wht) {
+       global $cacheArray, $_CONFIG, $cacheInstance;
        // If action is login or logout allow allways!
        $default = "allow";
        if (($act == "login") || ($act == "logout")) return true;
@@ -49,96 +49,79 @@ function ADMINS_CHECK_ACL($act, $wht)
        $ret = false;
 
        // Get admin's defult access right
-       if (!empty($ADMINS['def_acl'][$_COOKIE['admin_login']])) {
+       if (!empty($cacheArray['admins']['def_acl'][$_SESSION['admin_login']])) {
                // Load from cache
-               $default = $ADMINS['def_acl'][$_COOKIE['admin_login']];
+               $default = $cacheArray['admins']['def_acl'][$_SESSION['admin_login']];
 
                // Count cache hits
-               $CONFIG['cache_hits']++;
-       } elseif (!is_object($CACHE)) {
+               $_CONFIG['cache_hits']++;
+       } elseif (!is_object($cacheInstance)) {
                // Load from database
                $result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                array($_COOKIE['admin_login']), __FILE__, __LINE__);
+                array($_SESSION['admin_login']), __FILE__, __LINE__);
                list($default) = SQL_FETCHROW($result);
                SQL_FREERESULT($result);
        }
 
        // Get admin's ID
-       $aid = GET_ADMIN_ID($_COOKIE['admin_login']);
+       $aid = GET_ADMIN_ID($_SESSION['admin_login']);
 
-       if (!empty($wht))
-       {
+       if (!empty($wht)) {
                // Check for parent menu:
                // First get it's action value
                $parent_action = GET_ACTION("admin", $wht);
 
                // Check with this function...
                $parent = ADMINS_CHECK_ACL($parent_action, "");
-       }
-        else
-       {
+       } else {
                // Anything else is true!
                $parent = false;
        }
 
        // Shall I test for a main or sub menu? (action or what?)
        $lines = 0; $acl_mode = "failed";
-       if (GET_EXT_VERSION("cache") >= "0.1.2")
-       {
+       if (GET_EXT_VERSION("cache") >= "0.1.2") {
                // Load only from array when there are lines!
-               if (count($ADMINS_ACLS) > 0)
-               {
+               if ((isset($cacheArray['admin_acls'])) && (is_array($cacheArray['admin_acls'])) && (count($cacheArray['admin_acls']) > 0)) {
                        // Load ACL from array
-                       foreach ($ADMINS_ACLS['admin_id'] as $id=>$aid_acls)
-                       {
-                               if ($aid == $aid_acls)
-                               {
+                       foreach ($cacheArray['admin_acls']['admin_id'] as $id=>$aid_acls) {
+                               if ($aid == $aid_acls) {
                                        // Okay, one line was found!
-                                       if ((!empty($act)) && ($ADMINS_ACLS['action_menu'][$id] == $act))
-                                       {
+                                       if ((!empty($act)) && ($cacheArray['admin_acls']['action_menu'][$id] == $act)) {
                                                // Main menu line found
-                                               $acl_mode = $ADMINS_ACLS['access_mode'][$id];
+                                               $acl_mode = $cacheArray['admin_acls']['access_mode'][$id];
                                                $lines = 1;
                                        }
-                                        elseif ((!empty($wht)) && ($ADMINS_ACLS['what_menu'][$id] == $wht))
-                                       {
+                                        elseif ((!empty($wht)) && ($cacheArray['admin_acls']['what_menu'][$id] == $wht)) {
                                                // Check sub menu
-                                               $acl_mode = $ADMINS_ACLS['access_mode'][$id];
+                                               $acl_mode = $cacheArray['admin_acls']['access_mode'][$id];
                                                $lines = 1;
                                        }
-                                       if ($lines == 1)
-                                       {
+                                       if ($lines == 1) {
                                                // Count cache hits
-                                               $CONFIG['cache_hits']++;
+                                               $_CONFIG['cache_hits']++;
                                                break;
                                        }
                                }
                        }
 
                        // No ACL found?
-                       if ($acl_mode == "failed")
-                       {
+                       if ($acl_mode == "failed") {
                                $acl_mode = "";
                                $lines = 0;
                        }
-               }
-                else
-               {
+               } else {
                        // No lines here
                        $lines = 0;
                }
-       }
-        else
-       {
+       } else {
                // Old version, so load it from database
                if (!empty($act))
                {
                        // Main menu
                        $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' LIMIT 1",
                         array(bigintval($aid), $act), __FILE__, __LINE__);
-               }
-                elseif (!empty($wht))
-               {
+               } elseif (!empty($wht)) {
                        // Sub menu
                        $result = SQL_QUERY_ESC("SELECT access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND what_menu='%s' LIMIT 1",
                         array(bigintval($aid), $wht), __FILE__, __LINE__);
@@ -158,20 +141,20 @@ function ADMINS_CHECK_ACL($act, $wht)
        // Return value
        return $ret;
 }
+
 // Create email link to admins's account
-function ADMINS_CREATE_EMAIL_LINK($email, $mod="admin")
-{
+function ADMINS_CREATE_EMAIL_LINK($email, $mod="admin") {
        $locked = " AND status='CONFIRMED'";
        if (IS_ADMIN()) $locked = "";
-       if (strpos("@", $email) > 0)
-       {
+       if (strpos("@", $email) > 0) {
                // Create email link
                $result = SQL_QUERY_ESC("SELECT id
 FROM "._MYSQL_PREFIX."_admins
 WHERE email='%s'".$locked." LIMIT 1",
  array($email), __FILE__, __LINE__);
-               if (SQL_NUMROWS($result) == 1)
-               {
+
+               // Is there an entry?
+               if (SQL_NUMROWS($result) == 1) {
                        // Load userid
                        list($uid) = SQL_FETCHROW($result);
 
@@ -181,9 +164,7 @@ WHERE email='%s'".$locked." LIMIT 1",
 
                // Free memory
                SQL_FREERESULT($result);
-       }
-        elseif (bigintval($email) > 0)
-       {
+       } elseif (bigintval($email) > 0) {
                // Direct ID given
                $email = URL."/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($email);
        }
@@ -191,5 +172,220 @@ WHERE email='%s'".$locked." LIMIT 1",
        // Return rewritten (?) email address
        return $email;
 }
+
+// Change a lot admin account
+function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) {
+       global $cacheInstance;
+
+       // Begin the update
+       $cacheInstance_UPDATE = "0";
+       foreach ($POST['login'] as $id=>$login) {
+               // Secure ID number
+               $id = bigintval($id);
+
+               // When both passwords match update admin account
+               if ($POST['pass1'][$id] == $POST['pass2'][$id]) {
+                       // Save only when both passwords are the same (also when they are empty)
+                       $ADD = ""; $cacheInstance_UPDATE = "1";
+
+                       // Generate hash
+                       $hash = generateHash($POST['pass1'][$id]);
+
+                       // Save password when set
+                       if (!empty($POST['pass1'][$id])) $ADD = sprintf(", password='%s'", SQL_ESCAPE($hash));
+
+                       // Get admin's ID
+                       $salt = substr(GET_ADMIN_HASH($_SESSION['admin_login']), 0, -40);
+                       $aid = GET_ADMIN_ID($_SESSION['admin_login']);
+
+                       // Rewrite cookie when it's own account
+                       if ($aid == $id) {
+                               // Timeout
+                               $TIMEOUT = time() + bigintval($_SESSION['admin_to']);
+
+                               // Set timeout cookie
+                               set_session("admin_last", time());
+
+                               if ($login != $_SESSION['admin_login']) {
+                                       // Update login cookie
+                                       set_session("admin_login", $login);
+
+                                       // Update password cookie as well?
+                                       if (!empty($ADD)) set_session("admin_md5", $hash);
+                               } elseif (generateHash($POST['pass1'][$id], $salt) != $_SESSION['admin_md5']) {
+                                       // Update password cookie
+                                       set_session("admin_md5", $hash);
+                               }
+
+                       }
+
+                       // Update admin account
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET
+login='%s'".$ADD.",
+email='%s',
+default_acl='%s',
+la_mode='%s'
+WHERE id=%d LIMIT 1",
+ array(
+       $login,
+       $POST['email'][$id],
+       $POST['mode'][$id],
+       $POST['la_mode'][$id],
+       $id
+), __FILE__, __LINE__);
+
+                       // Admin account saved
+                       $MSG = ADMIN_ACCOUNT_SAVED;
+               } else {
+                       // Passwords did not match
+                       $MSG = ADMINS_ERROR_PASS_MISMATCH;
+               }
+
+               // Display message
+               if (!empty($MSG)) {
+                       LOAD_TEMPLATE("admin_settings_saved", false, "<SPAN class=\"admin_done\">".$MSG."</SPAN>");
+               }
+       }
+
+       // Remove cache file
+       if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance_UPDATE == "1")) {
+               if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
+       }
+}
+
+// Make admin accounts editable
+function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) {
+       // Begin the edit loop
+       $SW = 2; $OUT = "";
+       foreach ($POST['sel'] as $id=>$sel) {
+               // Secure ID number
+               $id = bigintval($id);
+
+               // Get the admin's data
+               $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+                array($id), __FILE__, __LINE__);
+               if ((SQL_NUMROWS($result) == 1) && ($sel == 1)) {
+                       // Entry found
+                       $content = SQL_FETCHARRAY($result);
+                       SQL_FREERESULT($result);
+
+                       // Prepare some more data for the template
+                       $content['sw']          = $SW;
+                       $content['id']          = $id;
+                       $content['mode']    = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']);
+                       $content['la_mode'] = ADD_OPTION_LINES("/ARRAY/", array("global", "OLD", "NEW"), array(ADMINS_GLOBAL_LA_SETTING, ADMINS_OLD_LA_SETTING, ADMINS_NEW_LA_SETTING), $content['la_mode']);
+
+                       // Load row template and switch color
+                       $OUT .= LOAD_TEMPLATE("admin_edit_admins_row", true, $content);
+                       $SW = 3 - $SW;
+               }
+       }
+       define('__ADMINS_ROWS', $OUT);
+
+       // Load template
+       LOAD_TEMPLATE("admin_edit_admins");
+}
+
+// Delete given admin accounts
+function ADMINS_DELETE_ADMIN_ACCOUNTS ($POST) {
+       // Check if this account is the last one which cannot be deleted...
+       $result_main = SQL_QUERY("SELECT id FROM "._MYSQL_PREFIX."_admins", __FILE__, __LINE__);
+       $accounts = SQL_NUMROWS($result_main);
+       SQL_FREERESULT($result_main);
+       if ($accounts > 1) {
+               // Delete accounts
+               $SW = 2; $OUT = "";
+               foreach ($POST['sel'] as $id=>$sel) {
+                       // Secure ID number
+                       $id = bigintval($id);
+
+                       // Get the admin's data
+                       $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+                        array($id), __FILE__, __LINE__);
+                       if (SQL_NUMROWS($result) == 1) {
+                               // Entry found
+                               $content = SQL_FETCHARRAY($result);
+                               SQL_FREERESULT($result);
+                               $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
+                               eval($eval);
+                               $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
+                               eval($eval);
+
+                               // Prepare some more data
+                               $content['sw'] = $SW;
+                               $content['id'] = $id;
+
+                               // Load row template and switch color
+                               $OUT .= LOAD_TEMPLATE("admin_del_admins_row", true, $content);
+                               $SW = 3 - $SW;
+                       }
+               }
+               define('__ADMINS_ROWS', $OUT);
+
+               // Load template
+               LOAD_TEMPLATE("admin_del_admins");
+       } else {
+               // Cannot delete last account!
+               LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_CANNOT_DELETE_LAST);
+       }
+}
+
+// Remove the given accounts
+function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) {
+       // Begin removal
+       $cacheInstance_UPDATE = "0";
+       foreach ($POST['sel'] as $id=>$del) {
+               // Secure ID number
+               $id = bigintval($id);
+
+               // Delete only when it's not your own account!
+               if (($del == 1) && (GET_ADMIN_ID($_SESSION['admin_login']) != $id)) {
+                       // Rewrite his tasks to all admins
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin='0' WHERE assigned_admin='%s'",
+                        array($id), __FILE__, __LINE__);
+
+                       // Remove account
+                       $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
+                        array($id), __FILE__, __LINE__);
+
+                       $cacheInstance_UPDATE = "1";
+               }
+       }
+
+       // Remove cache if cache system is activated
+       if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance_UPDATE == "1")) {
+               if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
+       }
+}
+
+// List all admin accounts
+function ADMINS_LIST_ADMIN_ACCOUNTS() {
+       // Select all admin accounts
+       $result = SQL_QUERY("SELECT id, login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins ORDER BY login ASC", __FILE__, __LINE__);
+       $SW = 2; $OUT = "";
+       while ($content = SQL_FETCHARRAY($result)) {
+               // Compile some variables
+               $eval = "\$content['mode'] = ADMINS_".strtoupper($content['mode'])."_MODE;";
+               eval($eval);
+               $eval = "\$content['la_mode'] = ADMINS_".strtoupper($content['la_mode'])."_LA_SETTING;";
+               eval($eval);
+
+               // Prepare some more data
+               $content['sw']         = $SW;
+               $content['email_link'] = CREATE_EMAIL_LINK($content['id']);
+
+               // Load row template and switch color
+               $OUT .= LOAD_TEMPLATE("admin_list_admins_row", true, $content);
+               $SW = 3 - $SW;
+       }
+
+       // Free memory
+       SQL_FREERESULT($result);
+       define('__ADMINS_ROWS', $OUT);
+
+       // Load template
+       LOAD_TEMPLATE("admin_list_admins");
+}
+
 //
 ?>