// Default admin action is the overview page
$what = 'overview';
} else {
- // Compile out some chars
- $what = compileCode($what, false, false, false);
+ // Secure it
+ $what = secureString($what);
}
// Get action value
ORDER BY
`sort` ASC,
`id` DESC", __FUNCTION__, __LINE__);
+
+ // Do we have entries?
if (SQL_NUMROWS($result_main) > 0) {
$OUT = "<div style=\"height:7px\" class=\"seperator\"> </div>\n";
$OUT .= "<ul class=\"admin_menu_main\">\n";
$ACL = true;
}
+ // Filename
+ $inc = sprintf("inc/modules/admin/action-%s.php", $menu);
+
+ // Is the file readable?
+ $readable = isIncludeReadable($inc);
+
if ($ACL === true) {
if ($SUB === false) {
// Insert compiled menu title and description
$OUT .= "<li class=\"admin_menu\">
<div class=\"nobr\"><strong>·</strong> ";
- if (($menu == $action) && (empty($what))) {
- $OUT .= "<strong>";
+ if ($readable === true) {
+ if (($menu == $action) && (empty($what))) {
+ $OUT .= "<strong>";
+ } else {
+ $OUT .= "[<a href=\"{?URL?}/modules.php?module=admin&action=".$menu."\">";
+ }
} else {
- $OUT .= "[<a href=\"{?URL?}/modules.php?module=admin&action=".$menu."\">";
+ $OUT .= "<em style=\"cursor:help\" class=\"admin_note\" title=\"{--MENU_ACTION_404--}\">";
}
$OUT .= $title;
- if (($menu == $action) && (empty($what))) {
- $OUT .= "</strong>";
+ if ($readable === true) {
+ if (($menu == $action) && (empty($what))) {
+ $OUT .= "</strong>";
+ } else {
+ $OUT .= "</a>]";
+ }
} else {
- $OUT .= "</a>]";
+ $OUT .= "</em>";
}
$OUT .= "</div>
// Shall we process this id? It muss not be empty, of course
if (($skip === false) && (!empty($id)) && (!isset($GLOBALS['skip_config'][$id]))) {
- // Save this entry
- $val = compileCode($val);
-
// Translate the value? (comma to dot!)
if ((is_array($translateComma)) && (in_array($id, $translateComma))) {
// Then do it here... :)
// Init output
$OUT = '';
- // Compile out security characters (must be for looking up!)
- $email = compileCode($email);
-
// Look up administator login
$result = SQL_QUERY_ESC("SELECT `id`, `login`, `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1",
array($email), __FUNCTION__, __LINE__);
// By default nothing validates... ;)
$valid = false;
- // Compile the login for lookup
- $login = compileCode($login);
-
// Then try to find that user
$result = SQL_QUERY_ESC("SELECT `id`, `password`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1",
- array($login), __FUNCTION__, __LINE__);
+ array($login), __FUNCTION__, __LINE__);
// Is an account here?
if (SQL_NUMROWS($result) == 1) {
$content = SQL_FETCHARRAY($result);
// Generate hash again
- $hashFromData = generateHash(getConfig('URL').':'.$content['id'].':'.$login.':'.$content['password'], substr($content['password'], 10));
+ $hashFromData = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $login . ':' . $content['password'], substr($content['password'], 10));
// Does both match?
$valid = ($hash == $hashFromData);
return '{?URL?}/modules.php?module=admin&what=list_user';
}
+// Generate a "link" for the given admin id (admin_id)
+function generateAdminLink ($adminId) {
+ // No assigned admin is default
+ $adminLink = "<span class=\"admin_note\">{--ADMIN_NO_ADMIN_ASSIGNED--}</span>";
+
+ // Zero? = Not assigned
+ if (bigintval($adminId) > 0) {
+ // Load admin's login
+ $login = getAdminLogin($adminId);
+
+ // Is the login valid?
+ if ($login != '***') {
+ // Is the extension there?
+ if (isExtensionActive('admins')) {
+ // Admin found
+ $adminLink = "<a href=\"".generateEmailLink(getAdminEmail($adminId), 'admins')."\">" . $login."</a>";
+ } else {
+ // Extension not found
+ $adminLink = sprintf(getMessage('EXTENSION_PROBLEM_NOT_INSTALLED'), 'admins');
+ }
+ } else {
+ // Maybe deleted?
+ $adminLink = "<div class=\"admin_note\">".sprintf(getMessage('ADMIN_ID_404'), $adminId)."</div>";
+ }
+ } // END - if
+
+ // Return result
+ return $adminLink;
+}
+
// [EOF]
?>
projects / mailer.git / blobdiff