// Register an administrator account
function addAdminAccount ($adminLogin, $passHash, $adminEmail, $accessLevel = 'deny') {
+ // Only let valid data pass
+ assert(in_array($accessLevel, array('allow', 'deny')));
+
// Login does already exist
$ret = 'already';
while ($content = sqlFetchArray($result)) {
//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . intval($userid) . '/' . $content['userid']);
$OUT .= '<option value="' . bigintval($content['userid']) . '"';
- if (bigintval($userid, FALSE, FALSE) === bigintval($content['userid'])) {
+ if ($userid === $content['userid']) {
$OUT .= ' selected="selected"';
} // END - if
- $OUT .= '>' . $content['surname'] . ' ' . $content['family'] . ' (' . bigintval($content['userid']) . ')</option>';
+ $OUT .= '>' . $content['surname'] . ' ' . $content['family'] . ' (' . $content['userid'] . ')</option>';
} // END - while
// Free memory
$result = FALSE;
if ($alwaysAdd === FALSE) {
if (!empty($whereStatement)) {
- $result = sqlQuery("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` WHERE " . $whereStatement . " LIMIT 1", __FUNCTION__, __LINE__);
+ $result = sqlQuery('SELECT * FROM `{?_MYSQL_PREFIX?}' . $tableName . '` WHERE ' . $whereStatement . ' LIMIT 1', __FUNCTION__, __LINE__);
} else {
- $result = sqlQuery("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` LIMIT 1", __FUNCTION__, __LINE__);
+ $result = sqlQuery('SELECT * FROM `{?_MYSQL_PREFIX?}' . $tableName . '` LIMIT 1', __FUNCTION__, __LINE__);
}
} // END - if
$updatedData = implode(', ', $tableData);
// Generate SQL string
- $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}%s` SET %s WHERE %s LIMIT 1",
+ $sql = sprintf('UPDATE `{?_MYSQL_PREFIX?}%s` SET %s WHERE %s LIMIT 1',
$tableName,
$updatedData,
$whereStatement
$values = implode(', ' , $values);
// Generate SQL string
- $sql = sprintf("INSERT INTO `{?_MYSQL_PREFIX?}%s` (%s) VALUES (%s)",
+ $sql = sprintf('INSERT INTO `{?_MYSQL_PREFIX?}%s` (%s) VALUES (%s)',
$tableName,
$keys,
$values
// Generate a selection box
function adminAddMenuSelectionBox ($menu, $type, $name, $default = '') {
// Open the requested menu directory
- $menuArray = getArrayFromDirectory(sprintf("inc/modules/%s/", $menu), $type . '-', FALSE, FALSE);
+ $menuArray = getArrayFromDirectory(sprintf('inc/modules/%s/', $menu), $type . '-', FALSE, FALSE);
// Init the selection box
$OUT = '<select name="' . $name . '" class="form_select" size="1"><option value="">{--ADMIN_IS_TOP_MENU--}</option>';
// Is this a PHP script?
if ((!isDirectory($file)) && (isInString('' . $type . '-', $file)) && (isInString('.php', $file))) {
// Then test if the file is readable
- $test = sprintf("inc/modules/%s/%s", $menu, $file);
+ $test = sprintf('inc/modules/%s/%s', $menu, $file);
// Is the file there?
if (isIncludeReadable($test)) {
incrementStatsEntry('cache_hits');
} elseif (isExtensionInstalledAndNewer('admins', '0.6.7')) {
// Load from database when version of 'admins' is enough
- $result = sqlQueryEscaped("SELECT `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1",
+ $result = sqlQueryEscaped('SELECT `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1',
array($adminId), __FUNCTION__, __LINE__);
// Is there an entry?
// Should always be set... ;-)
if (!empty($selected)) {
// Determine new status
- $result = sqlQueryEscaped("SELECT %s FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1",
+ $result = sqlQueryEscaped('SELECT %s FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1',
array(
$row,
$table,
$newStatus = convertBooleanToYesNo(!($currStatus == 'Y'));
// Change this status
- sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_%s` SET %s='%s' WHERE %s=%s LIMIT 1",
+ sqlQueryEscaped("UPDATE `{?_MYSQL_PREFIX?}_%s` SET `%s`='%s' WHERE `%s`=%s LIMIT 1",
array(
$table,
$row,
// "Walk" through all entries
foreach (postRequestElement($idColumn[0]) as $id => $sel) {
// Construct SQL query
- $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", sqlEscapeString($tableName[0]));
+ $sql = sprintf('UPDATE `{?_MYSQL_PREFIX?}_%s` SET', sqlEscapeString($tableName[0]));
// Load data of entry
- $result = sqlQueryEscaped("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1",
+ $result = sqlQueryEscaped('SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1',
array(
$tableName[0],
$idColumn[0],
// Are there brackets () at the end?
if (substr($entries[$id], -2, 2) == '()') {
// Direct SQL command found
- $sql .= sprintf(" `%s`=%s,", sqlEscapeString($key), sqlEscapeString($entries[$id]));
+ $sql .= sprintf(' `%s`=%s,', sqlEscapeString($key), sqlEscapeString($entries[$id]));
} else {
// Add regular entry
$sql .= sprintf(" `%s`='%s',", sqlEscapeString($key), sqlEscapeString($entries[$id]));
// No password 1 entered or to short?
if (!isPostRequestElementSet('admin_password1')) {
$password1Message = '{--ADMIN_NO_PASSWORD1--}';
- } elseif (strlen(postRequestElement('admin_password1')) < getConfig('minium_admin_pass_length')) {
- $password1Message = '{--ADMIN_SHORT_PASSWORD1--}';
+ } elseif (!isStrongPassword(postRequestElement('admin_password1'))) {
+ $password1Message = '{--ADMIN_WEAK_PASSWORD1--}';
}
// No password 2 entered or to short?
if (!isPostRequestElementSet('admin_password2')) {
$password2Message = '{--ADMIN_NO_PASSWORD2--}';
- } elseif (strlen(postRequestElement('admin_password2')) < getConfig('minium_admin_pass_length')) {
- $password2Message = '{--ADMIN_SHORT_PASSWORD2--}';
+ } elseif (!isStrongPassword(postRequestElement('admin_password2'))) {
+ $password2Message = '{--ADMIN_WEAK_PASSWORD2--}';
}
// Both didn't match?