//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).")<br />");
// Check if password matches
- if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {
+ if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass))) && (isAdmin())) {
// Passwords matches!
$ret = 'done';
} // END - if
}
// Do an admin action
-function doAdminAction ($what) {
+function doAdminAction () {
+ // Get default what
+ $what = getWhat();
+
//* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."*<br />");
// Remove any spaces from variable
// Tableset header
loadTemplate('admin_main_header', false, $content);
+ // Is sql_patches not yet installed?
+ if (!isExtensionInstalled('sql_patches')) {
+ // Output warning
+ loadTemplate('admin_settings_saved', false, getMessage('ADMIN_WARNING_SQL_PATCHES_MISSING'));
+ } // END - if
+
// Check if action/what pair is valid
$result_action = SQL_QUERY_ESC("SELECT
`id`
)
)
)
-LIMIT 1", array($action, $what, $what), __FUNCTION__, __LINE__);
+LIMIT 1",
+ array($action, $what, $what), __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result_action) == 1) {
// Is valid but does the inlcude file exists?
$inc = sprintf("inc/modules/admin/action-%s.php", $action);
}
// Create member selection box
-function addMemberSelectionBox ($def='0', $add_all=false, $return=false, $none=false, $field='userid') {
+function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=false, $field='userid') {
// Output selection form with all confirmed user accounts listed
$result = SQL_QUERY("SELECT `userid`, `surname`, `family` FROM `{?_MYSQL_PREFIX?}_user_data` ORDER BY `userid` ASC", __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result) > 0) {
// Load menu as selection
$OUT = "<select name=\"".$mode."_menu";
- if ((!empty($defid)) || ($defid == '0')) $OUT .= "[".$defid."]";
+ if ((!empty($defid)) || ($defid == 0)) $OUT .= "[".$defid."]";
$OUT .= "\" size=\"1\" class=\"admin_select\">
<option value=\"\">{--SELECT_NONE--}</option>\n";
// @TODO Try to rewrite this to $content = SQL_FETCHARRAY(). Please look some lines above for the dynamic query
}
// Wrapper for $_POST and adminSaveSettings
-function adminSaveSettingsFromPostData ($tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) {
+function adminSaveSettingsFromPostData ($tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false) {
// Get the array
$postData = postRequestArray();
}
// Save settings to the database
-function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) {
+function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false) {
// Prepare all arrays, variables
$DATA = array();
$skip = false;
convertSelectionsToTimestamp($postData, $DATA, $id, $skip);
// Shall we process this ID? It muss not be empty, of course
- if (($skip === false) && (!empty($id))) {
+ if (($skip === false) && (!empty($id)) && (!isset($GLOBALS['skip_config'][$id]))) {
// Save this entry
$val = compileCode($val);
// Shall we add numbers or strings?
$test = (float)$val;
- if ("".$val."" == ''.$test."") {
+ if ('' . $val . '' == '' . $test . '') {
// Add numbers
$DATA[] = sprintf("`%s`=%s", $id, $test);
} else {
$DATA[] = sprintf("`%s`='%s'", $id, trim($val));
}
+ // Do not add a config entry twice
+ $GLOBALS['skip_config'][$id] = true;
+
// Update current configuration
setConfigEntry($id, $val);
} // END - if
if (SQL_NUMROWS($result) == 1) {
// "Implode" all data to single string
- $DATA_UPDATE = implode(", ", $DATA);
+ $DATA_UPDATE = implode(', ', $DATA);
// Generate SQL string
$sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}%s` SET %s WHERE %s LIMIT 1",
- $tableName,
- $DATA_UPDATE,
- $whereStatement
+ $tableName,
+ $DATA_UPDATE,
+ $whereStatement
);
} else {
// Add Line (does only work with auto_increment!
} // END - foreach
// Add both in one line
- $KEYs = implode(", ", $KEYs);
- $values = implode(", ", $values);
+ $KEYs = implode('`, `', $KEYs);
+ $values = implode(', ', $values);
// Generate SQL string
- $sql = sprintf("INSERT INTO {?_MYSQL_PREFIX?}%s (%s) VALUES (%s)",
- $tableName,
- $KEYs,
- $values
+ $sql = sprintf("INSERT INTO `{?_MYSQL_PREFIX?}%s` (%s) VALUES (%s)",
+ $tableName,
+ $KEYs,
+ $values
);
}
// Creates a user-profile link for the admin. This function can also be used for many other purposes
function generateUserProfileLink ($userid, $title = '', $what = 'list_user') {
- if (($title == '') && ($title != '0')) {
+ if (($title == '') && ($userid > 0)) {
// Set userid as title
$title = $userid;
} // END - if
- if (($title == '0') && ($what == 'list_refs')) {
+ if (($title == 0) && ($what == 'list_refs')) {
// Return title again
return $title;
- } // END - if
+ } elseif (isExtensionActive('nickname')) {
+ // Get nickname
+ $nick = getNickname($userid);
+
+ // Is it not empty, use it as title else the userid
+ if (!empty($nick)) $title = $nick . '(' . $userid . ')'; else $title = $userid;
+ }
// Return link
- //* DEBUG: */ outputHtml("a:".$title."<br />");
return '[<a href="{?URL?}/modules.php?module=admin&what=' . $what . '&userid=' . $userid . '" title="{--ADMIN_USER_PROFILE_TITLE--}">' . $title . '</a>]';
}
$passHash = '';
// Now check if we have sql_patches installed
- if (getExtensionVersion('sql_patches') >= '0.3.6') {
+ if (isExtensionInstalledAndNewer('sql_patches', '0.3.6')) {
// Use new way of hashing
$passHash = generateHash($password);
} else {
return '{?URL?}/modules.php?module=admin&what=list_user';
}
-// -----------------------------------------------------------------------------
-// --- Filter functions ---
-// -----------------------------------------------------------------------------
-
-// Filter for checking admin ACL
-function FILTER_CHECK_ADMIN_ACL () {
- // Extension not installed so it's always allowed to access everywhere!
- $ret = true;
-
- // Ok, Cookie-Update done
- if ((isExtensionInstalledAndNewer('admins', '0.3.0')) && (isExtensionActive('admins'))) {
- // Check if action GET variable was set
- $action = getAction();
- if (isWhatSet()) {
- // Get action value by what-value
- $action = getModeAction('admin', getWhat());
- } // END - if
-
- // Check for access control line of current menu entry
- $ret = adminsCheckAdminAcl($action, getWhat());
- } // END - if
-
- // Set it here
- $GLOBALS['acl_allow'] = $ret;
-}
-
// [EOF]
?>
projects / mailer.git / blobdiff