// Is the entry there?
if (SQL_NUMROWS($result) == 0) {
// Ok, let's create the admin login
- SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (login, password, email) VALUES ('%s', '%s', '%s')",
- array($user, $md5, $email), __FUNCTION__, __LINE__);
+ SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
+ array(
+ $user,
+ $md5,
+ $email
+ ), __FUNCTION__, __LINE__);
$ret = 'done';
} // END - if
// Count login failure if admins extension version is 0.7.0+
if (($ret == 'pass') && (getExtensionVersion('admins') >= '0.7.0')) {
// Update counter
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET login_failures=login_failures+1,last_failure=NOW() WHERE `id`=%s LIMIT 1",
- array($adminId), __FUNCTION__, __LINE__);
+ SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `id`=%s LIMIT 1",
+ array($adminId), __FUNCTION__, __LINE__);
// Rebuild cache
rebuildCacheFile('admin', 'admin');
} // END - if
// Return the result
- //* DEBUG: */ die("RETURN=".$ret);
+ //* DEBUG: */ die('RETURN=' . $ret);
return $ret;
}
//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).")<br />");
// Check if password matches
- if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {
+ if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass))) && (isAdmin())) {
// Passwords matches!
$ret = 'done';
} // END - if
}
// Do an admin action
-function doAdminAction ($what) {
+function doAdminAction () {
+ // Get default what
+ $what = getWhat();
+
//* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."*<br />");
// Remove any spaces from variable
// Tableset header
loadTemplate('admin_main_header', false, $content);
+ // Is sql_patches not yet installed?
+ if (!isExtensionInstalled('sql_patches')) {
+ // Output warning
+ loadTemplate('admin_settings_saved', false, getMessage('ADMIN_WARNING_SQL_PATCHES_MISSING'));
+ } // END - if
+
// Check if action/what pair is valid
$result_action = SQL_QUERY_ESC("SELECT
`id`
)
)
)
-LIMIT 1", array($action, $what, $what), __FUNCTION__, __LINE__);
+LIMIT 1",
+ array($action, $what, $what), __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result_action) == 1) {
// Is valid but does the inlcude file exists?
$inc = sprintf("inc/modules/admin/action-%s.php", $action);
}
// Create member selection box
-function addMemberSelectionBox ($def='0', $add_all=false, $return=false, $none=false, $field='userid') {
+function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=false, $field='userid') {
// Output selection form with all confirmed user accounts listed
$result = SQL_QUERY("SELECT `userid`, `surname`, `family` FROM `{?_MYSQL_PREFIX?}_user_data` ORDER BY `userid` ASC", __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result) > 0) {
// Load menu as selection
$OUT = "<select name=\"".$mode."_menu";
- if ((!empty($defid)) || ($defid == '0')) $OUT .= "[".$defid."]";
+ if ((!empty($defid)) || ($defid == 0)) $OUT .= "[".$defid."]";
$OUT .= "\" size=\"1\" class=\"admin_select\">
<option value=\"\">{--SELECT_NONE--}</option>\n";
// @TODO Try to rewrite this to $content = SQL_FETCHARRAY(). Please look some lines above for the dynamic query
}
// Wrapper for $_POST and adminSaveSettings
-function adminSaveSettingsFromPostData ($tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) {
+function adminSaveSettingsFromPostData ($tableName = '_config', $whereStatement = 'config=0', $translateComma = array(), $alwaysAdd = false) {
// Get the array
$postData = postRequestArray();
}
// Save settings to the database
-function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) {
+function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement = 'config=0', $translateComma = array(), $alwaysAdd = false) {
// Prepare all arrays, variables
$DATA = array();
$skip = false;
if (SQL_NUMROWS($result) == 1) {
// "Implode" all data to single string
- $DATA_UPDATE = implode(", ", $DATA);
+ $DATA_UPDATE = implode(', ', $DATA);
// Generate SQL string
$sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}%s` SET %s WHERE %s LIMIT 1",
} // END - foreach
// Add both in one line
- $KEYs = implode(", ", $KEYs);
- $values = implode(", ", $values);
+ $KEYs = implode(', ', $KEYs);
+ $values = implode(', ', $values);
// Generate SQL string
$sql = sprintf("INSERT INTO {?_MYSQL_PREFIX?}%s (%s) VALUES (%s)",
// Creates a user-profile link for the admin. This function can also be used for many other purposes
function generateUserProfileLink ($userid, $title = '', $what = 'list_user') {
- if (($title == '') && ($title != '0')) {
+ if (($title == '') && ($userid > 0)) {
// Set userid as title
$title = $userid;
} // END - if
- if (($title == '0') && ($what == 'list_refs')) {
+ if (($title == 0) && ($what == 'list_refs')) {
// Return title again
return $title;
- } // END - if
+ } elseif (isExtensionActive('nickname')) {
+ // Get nickname
+ $nick = getNickname($userid);
+
+ // Is it not empty, use it as title else the userid
+ if (!empty($nick)) $title = $nick . '(' . $userid . ')'; else $title = $userid;
+ }
// Return link
- //* DEBUG: */ outputHtml("a:".$title."<br />");
return '[<a href="{?URL?}/modules.php?module=admin&what=' . $what . '&userid=' . $userid . '" title="{--ADMIN_USER_PROFILE_TITLE--}">' . $title . '</a>]';
}
$passHash = '';
// Now check if we have sql_patches installed
- if (getExtensionVersion('sql_patches') >= '0.3.6') {
+ if (isExtensionInstalledAndNewer('sql_patches', '0.3.6')) {
// Use new way of hashing
$passHash = generateHash($password);
} else {
return '{?URL?}/modules.php?module=admin&what=list_user';
}
-// -----------------------------------------------------------------------------
-// --- Filter functions ---
-// -----------------------------------------------------------------------------
-
-// Filter for checking admin ACL
-function FILTER_CHECK_ADMIN_ACL () {
- // Extension not installed so it's always allowed to access everywhere!
- $ret = true;
-
- // Ok, Cookie-Update done
- if ((isExtensionInstalledAndNewer('admins', '0.3.0')) && (isExtensionActive('admins'))) {
- // Check if action GET variable was set
- $action = getAction();
- if (isWhatSet()) {
- // Get action value by what-value
- $action = getModeAction('admin', getWhat());
- } // END - if
-
- // Check for access control line of current menu entry
- $ret = adminsCheckAdminAcl($action, getWhat());
- } // END - if
-
- // Set it here
- $GLOBALS['acl_allow'] = $ret;
-}
-
// [EOF]
?>