projects / mailer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
More fixes, thanks to Piter01
[mailer.git] / inc / modules / admin / admin-inc.php
diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 8060c156aa8bed72cbda7bd869ada17a563abf34..9b745c7f3adf2b79909cf23337582932873518e5 100644 (file)
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -45,7 +45,7 @@ function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER)
         array($user), __FILE__, __LINE__);
        if (SQL_NUMROWS($result) == 0) {
                // Ok, let's create the admin login
-               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')",
+               $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES ('%s', '%s', '%s')",
                 array($user, $md5, $email), __FILE__, __LINE__);
                $ret = "done";
        } else {
@@ -66,20 +66,23 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
        $ret = "404";
        $data = array();
 
+       // Get admin id
+       $aid = GET_ADMIN_ID($admin_login);
+
        // Is the cache valid?
-       if (!empty($cacheArray['admins']['aid'][$admin_login])) {
+       if (!empty($cacheArray['admins']['password'][$aid])) {
                // Get password from cache
-               $data['password'] = $cacheArray['admins']['password'][$admin_login];
+               $data['password'] = $cacheArray['admins']['password'][$aid];
                $ret = "pass";
-               $_CONFIG['cache_hits']++;
+               if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; }
 
                // Include more admins data?
                if (GET_EXT_VERSION("admins") >= "0.7.0") {
                        // Load them here
-                       $data['login_failtures'] = $cacheArray['admins']['login_failtures'][$admin_login];
-                       $data['last_failture']   = $cacheArray['admins']['last_failture'][$admin_login];
+                       $data['login_failtures'] = $cacheArray['admins']['login_failtures'][$aid];
+                       $data['last_failture']   = $cacheArray['admins']['last_failture'][$aid];
                } // END - if
-       } elseif (GET_EXT_VERSION("cache") == "") {
+       } elseif (!EXT_IS_ACTIVE("cache")) {
                $ADD = "";
                if (GET_EXT_VERSION("admins") >= "0.7.0") {
                        // Load them here
@@ -87,8 +90,8 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
                } // END - if
 
                // Get password from DB
-               $result = SQL_QUERY_ESC("SELECT password".$ADD." FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                array($admin_login), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT password".$ADD." FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
+                array($aid), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Login password found
                        $ret = "pass";
@@ -107,8 +110,8 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
                $data['password'] = generateHash($password);
 
                // Is the sql_patches not installed, than we cannot have a valid hashed password here!
-               if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done";
-       } elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) {
+               if (($ret == "pass") && ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done";
+       } elseif ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == "")) {
                // Old hashing way
                return $ret;
        } elseif (!isset($data['password'])) {
@@ -122,7 +125,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
 
        // Check if password is same
        //* DEBUG: */ echo "*".$ret.",".$data['password'].",".$password.",".$salt."*<br >\n";
-       if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && (!empty($salt))) {
+       if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) {
                // Re-hash the plain passord with new random salt
                $data['password'] = generateHash($password);
 
@@ -132,11 +135,15 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
                        // Store it in session
                        set_session('mxchange_admin_failtures', $data['login_failtures']);
                        set_session('mxchange_admin_last_fail', $data['last_failture']);
-               } // END - if
 
-               // Update password
-               $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s',login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1",
-                array($data['password'], $admin_login), __FILE__, __LINE__);
+                       // Update password and reset login failtures
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s',login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE id=%s LIMIT 1",
+                               array($data['password'], $aid), __FILE__, __LINE__);
+               } else {
+                       // Update password
+                       $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE id=%s LIMIT 1",
+                               array($data['password'], $aid), __FILE__, __LINE__);
+               }
 
                // Rebuild cache
                REBUILD_CACHE("admins", "admin");
@@ -163,8 +170,8 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
        // Count login failture if admins extension version is 0.7.0+
        if (($ret == "pass") && (GET_EXT_VERSION("admins") >= "0.7.0")) {
                // Update counter
-               SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=login_failtures+1,last_failture=NOW() WHERE login='%s' LIMIT 1",
-                       array($admin_login), __FILE__, __LINE__);
+               SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=login_failtures+1,last_failture=NOW() WHERE id=%s LIMIT 1",
+                       array($aid), __FILE__, __LINE__);
 
                // Rebuild cache
                REBUILD_CACHE("admins", "admin");
@@ -180,7 +187,7 @@ function LOGIN_ADMIN ($adminLogin, $passHash) {
        global $cacheInstance;
 
        // Reset failture counter on matching admins version
-       if ((GET_EXT_VERSION("admins") >= "0.7.0") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) {
+       if ((GET_EXT_VERSION("admins") >= "0.7.0") && ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == ""))) {
                // Reset counter on out-dated sql_patches version
                SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login_failtures=0,last_failture='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1",
                        array($adminLogin), __FILE__, __LINE__);
@@ -207,28 +214,12 @@ function LOGIN_ADMIN ($adminLogin, $passHash) {
 function CHECK_ADMIN_COOKIES ($admin_login, $password) {
        global $cacheArray, $_CONFIG;
        $ret = "404"; $pass = "";
-       if (!empty($cacheArray['admins']['aid'][$admin_login])) {
-               // Get password from cache
-               $pass = $cacheArray['admins']['password'][$admin_login];
-               $ret = "pass";
-               $_CONFIG['cache_hits']++;
-       } elseif (GET_EXT_VERSION("cache") == "") {
-               // Get password from DB
-               $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                array($admin_login), __FILE__, __LINE__);
-               if (SQL_NUMROWS($result) == 1) {
-                       // Entry found
-                       $ret = "pass";
 
-                       // Fetch password
-                       list($pass) = SQL_FETCHROW($result);
-               }
+       // Get hash
+       $pass = GET_ADMIN_HASH(GET_ADMIN_ID($admin_login));
+       if ($pass != "-1") $ret = "pass";
 
-               // Free result
-               SQL_FREERESULT($result);
-       }
-
-       //* DEBUG: */ echo __FUNCTION__.":".$pass."(".strlen($pass).")/".$password."(".strlen($password).")<br />\n";
+       //* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):".generatePassString($pass)."(".strlen($pass).")/".$password."(".strlen($password).")<br />\n";
 
        // Check if password matches
        if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {
@@ -244,6 +235,7 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
        // Initialize some variables
        $done = false;
        $seek++;
+       $next=-1;
        $found = false;
 
        // Is the file there and read-/write-able?
@@ -268,7 +260,7 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
                                        if (strpos($line, $search) > -1) { $next = 0; $found = true; }
 
                                        if ($next > -1) {
-                                               if ($next == $seek) {
+                                               if ($next === $seek) {
                                                        $next = -1;
                                                        $line = $prefix . $DATA . $suffix."\n";
                                                } else {
@@ -310,24 +302,20 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
 }
 
 //
-function ADMIN_DO_ACTION($wht)
-{
+function ADMIN_DO_ACTION($wht) {
        global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $DATA, $DEPTH;
+
        //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*<br />\n";
-       if (EXT_IS_ACTIVE("cache"))
-       {
+       if (EXT_IS_ACTIVE("cache")) {
                // Include cache instance
                global $cacheInstance;
        }
 
        // Remove any spaces from variable
-       if (empty($wht))
-       {
+       if (empty($wht)) {
                // Default admin action is the overview page
                $wht = "overview";
-       }
-        else
-       {
+       } else {
                // Compile out some chars
                $wht = COMPILE_CODE($wht, false, false, false);
        }
@@ -352,29 +340,21 @@ function ADMIN_DO_ACTION($wht)
        LOAD_TEMPLATE("admin_main_header");
 
        // Check if action/what pair is valid
-       $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu
+       $result_action = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu
 WHERE action='%s' AND ((what='%s' AND what != 'overview') OR ((what='' OR what IS NULL) AND '%s'='overview'))
 LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);
-       if (SQL_NUMROWS($result) == 1)
-       {
-               // Free memory
-               SQL_FREERESULT($result);
+       if (SQL_NUMROWS($result_action) == 1) {
 
                // Is valid but does the inlcude file exists?
                $INC = sprintf("%sinc/modules/admin/action-%s.php", PATH, $act);
-               if ((FILE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true))
-               {
+               if ((FILE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) {
                        // Ok, we finally load the admin action module
                        include($INC);
-               }
-                elseif (__ACL_ALLOW == false)
-               {
+               } elseif (__ACL_ALLOW == false) {
                        // Access denied
                        LOAD_TEMPLATE("admin_menu_failed", false, ADMINS_ACCESS_DENIED);
                        ADD_FATAL(ADMINS_ACCESS_DENIED);
-               }
-                else
-               {
+               } else {
                        // Include file not found! :-(
                        LOAD_TEMPLATE("admin_menu_failed", false, ADMIN_404_ACTION);
                        ADD_FATAL(ADMIN_404_ACTION_1.$act.ADMIN_404_ACTION_2);
@@ -385,12 +365,15 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);
                ADD_FATAL(ADMIN_INVALID_ACTION_1.$act."/".$wht.ADMIN_INVALID_ACTION_2);
        }
 
+       // Free memory
+       SQL_FREERESULT($result_action);
+
        // Tableset footer
        LOAD_TEMPLATE("admin_main_footer");
 }
 //
 function ADD_ADMIN_MENU($act, $wht, $return=false) {
-       global $menuDesription, $menuTitle, $cacheInstance;
+       global $menuDesription, $menuTitle, $cacheInstance, $_CONFIG;
 
        // Init variables
        $SUB = false;
@@ -401,7 +384,7 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) {
        $menuTitle = array();
 
        // Is there a cache instance?
-       if (is_object($cacheInstance)) {
+       if ((is_object($cacheInstance)) && (isset($_CONFIG['cache_admin_menu'])) && ($_CONFIG['cache_admin_menu'] == "Y")) {
                // Create cache name
                $cacheName = "admin_".$act."_".$wht."_".GET_LANGUAGE()."_".strtolower(get_session('admin_login'));
 
@@ -555,7 +538,7 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) {
        eval($eval);
 
        // Is there a cache instance again?
-       if (is_object($cacheInstance)) {
+       if ((is_object($cacheInstance)) && (isset($_CONFIG['cache_admin_menu'])) && ($_CONFIG['cache_admin_menu'] == "Y")) {
                // Init cache
                $cacheInstance->cache_init($cacheName);
 
@@ -581,7 +564,7 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) {
        }
 }
 //
-function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $none=false)
+function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $none=false, $field="userid")
 {
        // Output selection form with all confirmed user accounts listed
        $result = SQL_QUERY("SELECT userid, surname, family FROM "._MYSQL_PREFIX."_user_data ORDER BY userid", __FILE__, __LINE__);
@@ -610,8 +593,8 @@ function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $non
                // Load template
                LOAD_TEMPLATE("admin_member_selection_box", false, $GLOBALS['what']);
        } else {
-               // Return content
-               return "<select name=\"userid\" size=\"1\">\n".$OUT."</select>\n";
+               // Return content in selection frame
+               return "<select class=\"admin_select\" name=\"".$field."\" size=\"1\">\n".$OUT."</select>\n";
        }
 }
 //
@@ -666,17 +649,17 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con
                                // Translate the value? (comma to dot!)
                                if ((is_array($translateComma)) && (in_array($id, $translateComma))) {
                                        // Then do it here... :)
-                                       $val = str_replace(",", ".", $val);
+                                       $val = REVERT_COMMA($val);
                                } // END - if
 
                                // Shall we add numbers or strings?
                                $test = (float)$val;
                                if ("".$val."" == "".$test."") {
                                        // Add numbers
-                                       $DATA[] = $id."=".$val."";
+                                       $DATA[] = sprintf("`%s`=%s", $id, $test);
                                } else {
                                        // Add strings
-                                       $DATA[] = $id."='".trim($val)."'";
+                                       $DATA[] = sprintf("`%s`='%s'", $id, trim($val));
                                }
 
                                // Update current configuration
@@ -689,9 +672,9 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con
        $result = false;
        if (!$alwaysAdd) {
                if (!empty($whereStatement)) {
-                       $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$tableName." WHERE ".$whereStatement." LIMIT 1", __FILE__, __LINE__);
+                       $result = SQL_QUERY("SELECT * FROM `"._MYSQL_PREFIX.$tableName."` WHERE ".$whereStatement." LIMIT 1", __FILE__, __LINE__);
                } else {
-                       $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$tableName." LIMIT 1", __FILE__, __LINE__);
+                       $result = SQL_QUERY("SELECT * FROM `"._MYSQL_PREFIX.$tableName."` LIMIT 1", __FILE__, __LINE__);
                }
        } // END - if
 
@@ -700,7 +683,11 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con
                $DATA_UPDATE = implode(", ", $DATA);
 
                // Generate SQL string
-               $SQL = "UPDATE "._MYSQL_PREFIX.$tableName." SET ".$DATA_UPDATE." WHERE ".$whereStatement." LIMIT 1";
+               $SQL = sprintf("UPDATE `"._MYSQL_PREFIX."%s` SET %s WHERE %s LIMIT 1",
+                       $tableName,
+                       $DATA_UPDATE,
+                       $whereStatement
+               );
        } else {
                // Add Line (does only work with auto_increment!
                $KEYs = array(); $VALUEs = array();
@@ -715,7 +702,11 @@ function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="con
                $VALUEs = implode(", ", $VALUEs);
 
                // Generate SQL string
-               $SQL = "INSERT INTO "._MYSQL_PREFIX.$tableName." (".$KEYs.") VALUES(".$VALUEs.")";
+               $SQL = sprintf("INSERT INTO "._MYSQL_PREFIX."%s (%s) VALUES (%s)",
+                       $tableName,
+                       $KEYs,
+                       $VALUEs
+               );
        }
 
        // Free memory
@@ -765,7 +756,7 @@ function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") {
        return $OUT;
 }
 //
-function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user") {
+function ADMIN_USER_PROFILE_LINK ($uid, $title="", $wht="list_user") {
        if (($title == "") && ($title != "0")) {
                // Set userid as title
                $title = $uid;
@@ -787,15 +778,18 @@ function ADMIN_CHECK_MENU_MODE() {
        // Set the global mode as the mode for all admins
        $MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE;
 
+       // Get admin id
+       $aid = GET_ADMIN_ID(get_session('admin_login'));
+
        // Check individual settings of current admin
-       if (isset($cacheArray['admins']['la_mode'][get_session('admin_login')])) {
+       if (isset($cacheArray['admins']['la_mode'][$aid])) {
                // Load from cache
-               $ADMIN = $cacheArray['admins']['la_mode'][get_session('admin_login')];
-               $_CONFIG['cache_hits']++;
+               $ADMIN = $cacheArray['admins']['la_mode'][$aid];
+               if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; }
        } elseif (GET_EXT_VERSION("admins") >= "0.6.7") {
                // Load from database when version of "admins" is enough
-               $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
-                array(get_session('admin_login')), __FILE__, __LINE__);
+               $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1",
+                array($aid), __FILE__, __LINE__);
                if (SQL_NUMROWS($result) == 1) {
                        // Load data
                        list($ADMIN) = SQL_FETCHROW($result);
@@ -867,8 +861,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
        // Is the raw userid set?
        if ($_POST['uid_raw'][$id] > 0) {
                // Generate subject
-               $eval = "\$subjectLine = MEMBER_".$subject."_".strtoupper($table)."_SUBJECT;";
-               eval($eval);
+               $subjectLine = constant('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
 
                // Load email template
                if (!empty($subjectPart)) {
@@ -882,8 +875,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="")
        } // END - if
 
        // Generate subject
-       $eval = "\$subjectLine = ADMIN_".$subject."_".strtoupper($table)."_SUBJECT;";
-       eval($eval);
+       $subjectLine = constant('ADMIN_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
 
        // Send admin notification out
        if (!empty($subjectPart)) {
@@ -903,7 +895,7 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions,
                $id = bigintval($id);
 
                // Get result from a given column array and table name
-               $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id);
+               $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id, __FILE__, __LINE__);
 
                // Is there one entry?
                if (SQL_NUMROWS($result) == 1) {
@@ -929,7 +921,11 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions,
                        $content['sw'] = $SW;
 
                        // Then list it
-                       $OUT .= LOAD_TEMPLATE("admin_".$listType."_".$table."_row", true, $content);
+                       $OUT .= LOAD_TEMPLATE(sprintf("admin_%s_%s_row",
+                                       $listType,
+                                       $table
+                               ), true, $content
+                       );
 
                        // Switch color
                        $SW = 3 - $SW;
@@ -940,7 +936,93 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions,
        } // END - foreach
 
        // Load master template
-       LOAD_TEMPLATE("admin_".$listType."_".$table."", false, $OUT);
+       LOAD_TEMPLATE(sprintf("admin_%s_%s",
+                       $listType,
+                       $table
+               ), false, $OUT
+       );
+}
+// Change status of "build" list
+function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray) {
+       // All valid entries? (We hope so here!)
+       if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) {
+               // "Walk" through all entries
+               foreach ($IDs as $id => $sel) {
+                       // Construct SQL query
+                       $SQL = "UPDATE "._MYSQL_PREFIX."_".$table." SET";
+
+                       // Load data of entry
+                       $result = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1",
+                               array($table, $idColumn, $id), __FILE__, __LINE__);
+
+                       // Fetch the data
+                       $content = SQL_FETCHARRAY($result);
+
+                       // Free the result
+                       SQL_FREERESULT($result);
+
+                       // Add all status entries (e.g. status column last_updated or so)
+                       $newStatus = "UNKNOWN";
+                       $oldStatus = "UNKNOWN";
+                       $statusColumn = "unknown";
+                       foreach ($statusArray as $column => $statusInfo) {
+                               // Does the entry exist?
+                               if ((isset($content[$column])) && (isset($statusInfo[$content[$column]]))) {
+                                       // Add these entries for update
+                                       $SQL .= sprintf(" %s='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]]));
+
+                                       // Remember status
+                                       if ($statusColumn == "unknown") {
+                                               // Always (!!!) change status column first!
+                                               $oldStatus = $content[$column];
+                                               $newStatus = $statusInfo[$oldStatus];
+                                               $statusColumn = $column;
+                                       } // END - if
+                               } elseif (isset($content[$column])) {
+                                       // Unfinished!
+                                       mxchange_die("{--".__FUNCTION__."--}:".__LINE__.":UNFINISHED: id={$id}/{$column}[".gettype($statusInfo)."] = {$content[$column]}");
+                               }
+                       } // END - foreach
+
+                       // Add other columns as well
+                       foreach ($_POST as $key => $entries) {
+                               // Skip id, raw userid and 'do_$mode'
+                               if (!in_array($key, array($idColumn, 'uid_raw', ('do_'.$mode)))) {
+                                       // Are there brackets () at the end?
+                                       if (substr($entries[$id], -2, 2) == "()") {
+                                               // Direct SQL command found
+                                               $SQL .= sprintf(" %s=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]));
+                                       } else {
+                                               // Add regular entry
+                                               $SQL .= sprintf(" %s='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]));
+
+                                               // Add entry
+                                               $content[$key] = $entries[$id];
+                                       }
+                               } // END - if
+                       } // END - foreach
+
+                       // Finish SQL statement
+                       $SQL = substr($SQL, 0, -1) . sprintf(" WHERE %s=%s AND %s='%s' LIMIT 1",
+                               $idColumn,
+                               bigintval($id),
+                               $statusColumn,
+                               $oldStatus
+                       );
+
+                       // Run the SQL
+                       SQL_QUERY($SQL, __FILE__, __LINE__);
+
+                       // Do we have an URL?
+                       if (isset($content['url'])) {
+                               // Then add a framekiller test as well
+                               $content['frametester'] = FRAMETESTER($content['url']);
+                       } // END - if
+
+                       // Send "build mails" out
+                       ADMIN_SEND_BUILD_MAILS($mode, $table, $content, $id, $statusInfo[$content[$column]]);
+               } // END - foreach
+       } // END - if
 }
 // Delete rows by given ID numbers
 function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $deleteNow=false, $idColumn="id", $userIdColumn="userid") {
@@ -948,8 +1030,10 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu
        if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) {
                // Shall we delete here or list for deletion?
                if ($deleteNow) {
-                       // Delete them
+                       // The base SQL command:
                        $SQL = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_%s WHERE %s IN (%s)";
+
+                       // Delete them all
                        $idList = "";
                        foreach ($IDs as $id => $sel) {
                                // Is there a userid?
@@ -970,7 +1054,7 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu
 
                                // Add id number
                                $idList .= $id.",";
-                       } // END - if
+                       } // END - foreach
 
                        // Run the query
                        SQL_QUERY($SQL, array($table, $idColumn, substr($idList, 0, -1)), __FILE__, __LINE__);
@@ -1036,7 +1120,9 @@ function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc
                                                // Then add a framekiller test as well
                                                $content['frametester'] = FRAMETESTER($content[$key]);
                                        } // END - if
-                               }
+                               } // END - foreach
+
+                               // Finish SQL command
                                $SQL = substr($SQL, 0, -1) . " WHERE ".$idColumn."=".bigintval($id)." LIMIT 1";
 
                                // Run this query
@@ -1081,79 +1167,27 @@ function ADMIN_LOCK_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc
                // Shall we un-/lock here or list for locking?
                if ($lockNow) {
                        // Un-/lock entries
-                       foreach ($IDs as $id => $sel) {
-                               // Construct SQL query
-                               $SQL = "UPDATE "._MYSQL_PREFIX."_".$table." SET";
-
-                               // Load data of entry
-                               $result = SQL_QUERY_ESC("SELECT * FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1",
-                                       array($table, $idColumn, $id), __FILE__, __LINE__);
-
-                               // Fetch the data
-                               $content = SQL_FETCHARRAY($result);
-
-                               // Free the result
-                               SQL_FREERESULT($result);
-
-                               // Add all status entries (e.g. status column last_updated or so)
-                               $newStatus = "UNKNOWN";
-                               $oldStatus = "UNKNOWN";
-                               $statusColumn = "unknown";
-                               foreach ($statusArray as $column => $statusInfo) {
-                                       // Does the entry exist?
-                                       if ((isset($content[$column])) && (isset($statusInfo[$content[$column]]))) {
-                                               // Add these entries for update
-                                               $SQL .= sprintf(" %s='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]]));
-
-                                               // Remember status
-                                               if ($statusColumn == "unknown") {
-                                                       // Always (!!!) change status column first!
-                                                       $oldStatus = $content[$column];
-                                                       $newStatus = $statusInfo[$oldStatus];
-                                                       $statusColumn = $column;
-                                               } // END - if
-                                       } elseif (isset($content[$column])) {
-                                               // Unfinished!
-                                               die("UNFINISHED: {$column}[".gettype($statusInfo)."] = {$content[$column]}");
-                                       }
-                               } // END - foreach
-
-                               // Add other columns as well
-                               foreach ($_POST as $key => $entries) {
-                                       // Skip id, raw userid and 'do_lock'
-                                       if (!in_array($key, array($idColumn, 'uid_raw', 'do_lock'))) {
-                                               // Are there brackets () at the end?
-                                               if (substr($entries[$id], -2, 2) == "()") {
-                                                       // Direct SQL command found
-                                                       $SQL .= sprintf(" %s=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]));
-                                               } else {
-                                                       // Add regular entry
-                                                       $SQL .= sprintf(" %s='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]));
-                                               }
-                                       } // END - if
-                               } // END - if
-
-                               // Finish SQL statement
-                               $SQL = substr($SQL, 0, -1) . " WHERE ".$idColumn."=".bigintval($id)." AND ".$statusColumn."='".$oldStatus."' LIMIT 1";
-
-                               // Run the SQL
-                               SQL_QUERY($SQL, __FILE__, __LINE__);
-
-                               // Do we have an URL?
-                               if (isset($content['url'])) {
-                                       // Then add a framekiller test as well
-                                       $content['frametester'] = FRAMETESTER($content['url']);
-                               } // END - if
-
-                               // Send "build mails" out
-                               ADMIN_SEND_BUILD_MAILS("lock", $table, $content, $id, $statusInfo[$content[$column]]);
-                       } // END - if
+                       ADMIN_BUILD_STATUS_HANDLER("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
                } else {
                        // List for editing
                        ADMIN_BUILD_LIST("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
                }
        } // END - if
 }
+// Undelete rows by given ID numbers
+function ADMIN_UNDELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $lockNow=false, $idColumn="id", $userIdColumn="userid") {
+       // All valid entries? (We hope so here!)
+       if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && ((!$lockNow) || (count($statusArray) == 1))) {
+               // Shall we un-/lock here or list for locking?
+               if ($lockNow) {
+                       // Undelete entries
+                       ADMIN_BUILD_STATUS_HANDLER("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
+               } else {
+                       // List for editing
+                       ADMIN_BUILD_LIST("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+               }
+       } // END - if
+}
 // Checks proxy settins by fetching check-updates3.php from www.mxchange.org
 function ADMIN_TEST_PROXY_SETTINGS ($settingsArray) {
        global $_CONFIG;
Mailer-Project repository