<?php
/************************************************************************
- * MXChange v0.2.1 Start: 08/31/2003 *
- * =============== Last change: 11/23/2004 *
+ * Mailer v0.2.1-FINAL Start: 08/31/2003 *
+ * =================== Last change: 11/23/2004 *
* *
* -------------------------------------------------------------------- *
* File : admin-inc.php *
array($user), __FUNCTION__, __LINE__);
// Is the entry there?
- if (SQL_NUMROWS($result) == 0) {
+ if (SQL_NUMROWS($result) == '0') {
// Ok, let's create the admin login
SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
array(
$md5,
$email
), __FUNCTION__, __LINE__);
+
+ // All done
$ret = 'done';
} // END - if
SQL_FREERESULT($result);
}
- //* DEBUG: */ outputHtml("*".$data['password'].'/'.md5($password).'/'.$ret."<br />");
+ //* DEBUG: */ outputHtml('*' . $data['password'] . '/' . md5($password) .'/' . $ret . '*<br />');
if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
// Generate new hash
$data['password'] = generateHash($password);
// Is the sql_patches not installed, than we cannot have a valid hashed password here!
+ //* DEBUG: */ outputHtml($ret . ',' . intval(isExtensionInstalledAndOlder('sql_patches', '0.3.6')) . '/' . intval(!isExtensionInstalled('sql_patches')).'<br />');
if (($ret == 'pass') && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) $ret = 'done';
} elseif ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches'))) {
// Old hashing way
$salt = substr($data['password'], 0, -40);
// Check if password is same
- //* DEBUG: */ outputHtml("*".$ret.','.$data['password'].','.$password.','.$salt."*<br />");
- if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) {
+ //* DEBUG: */ outputHtml('*' . $ret . ',' . $data['password'] . ',' . $password . ',' . $salt . '*<br />');
+ if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == md5($password))) {
// Re-hash the plain passord with new random salt
$data['password'] = generateHash($password);
setSession('admin_login', $adminLogin)
) && (
setSession('admin_last', time())
- ) && (
- setSession('admin_to', bigintval(postRequestElement('timeout')))
));
}
// Default admin action is the overview page
$what = 'overview';
} else {
- // Compile out some chars
- $what = compileCode($what, false, false, false);
+ // Secure it
+ $what = secureString($what);
}
// Get action value
// Tableset header
loadTemplate('admin_main_header', false, $content);
- // Is sql_patches not yet installed?
- if (!isExtensionInstalled('sql_patches')) {
- // Output warning
- loadTemplate('admin_settings_saved', false, getMessage('ADMIN_WARNING_SQL_PATCHES_MISSING'));
- } // END - if
-
// Check if action/what pair is valid
$result_action = SQL_QUERY_ESC("SELECT
`id`
)
)
LIMIT 1",
- array($action, $what, $what), __FUNCTION__, __LINE__);
+ array(
+ $action,
+ $what,
+ $what
+ ), __FUNCTION__, __LINE__);
+
+ // Do we have an entry?
if (SQL_NUMROWS($result_action) == 1) {
// Is valid but does the inlcude file exists?
$inc = sprintf("inc/modules/admin/action-%s.php", $action);
}
} else {
// Invalid action/what pair found!
- loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_INVALID'), $action.'/'.$what));
+ loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_INVALID'), $action . '/' . $what));
}
// Free memory
ORDER BY
`sort` ASC,
`id` DESC", __FUNCTION__, __LINE__);
+
+ // Do we have entries?
if (SQL_NUMROWS($result_main) > 0) {
$OUT = "<div style=\"height:7px\" class=\"seperator\"> </div>\n";
$OUT .= "<ul class=\"admin_menu_main\">\n";
$ACL = true;
}
+ // Filename
+ $inc = sprintf("inc/modules/admin/action-%s.php", $menu);
+
+ // Is the file readable?
+ $readable = isIncludeReadable($inc);
+
if ($ACL === true) {
if ($SUB === false) {
// Insert compiled menu title and description
$OUT .= "<li class=\"admin_menu\">
<div class=\"nobr\"><strong>·</strong> ";
- if (($menu == $action) && (empty($what))) {
- $OUT .= "<strong>";
+ if ($readable === true) {
+ if (($menu == $action) && (empty($what))) {
+ $OUT .= "<strong>";
+ } else {
+ $OUT .= "[<a href=\"{?URL?}/modules.php?module=admin&action=".$menu."\">";
+ }
} else {
- $OUT .= "[<a href=\"{?URL?}/modules.php?module=admin&action=".$menu."\">";
+ $OUT .= "<em style=\"cursor:help\" class=\"admin_note\" title=\"{--MENU_ACTION_404--}\">";
}
$OUT .= $title;
- if (($menu == $action) && (empty($what))) {
- $OUT .= "</strong>";
+ if ($readable === true) {
+ if (($menu == $action) && (empty($what))) {
+ $OUT .= "</strong>";
+ } else {
+ $OUT .= "</a>]";
+ }
} else {
- $OUT .= "</a>]";
+ $OUT .= "</em>";
}
$OUT .= "</div>
function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') {
$what = "`what` != ''";
if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND action !='login'";
- $result = SQL_QUERY_ESC("SELECT %s, title FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort`",
+ $result = SQL_QUERY_ESC("SELECT %s, `title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC",
array($mode), __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result) > 0) {
// Load menu as selection
$OUT = "<select name=\"".$mode."_menu";
- if ((!empty($defid)) || ($defid == 0)) $OUT .= "[".$defid."]";
+ if ((!empty($defid)) || ($defid == '0')) $OUT .= "[".$defid."]";
$OUT .= "\" size=\"1\" class=\"admin_select\">
<option value=\"\">{--SELECT_NONE--}</option>\n";
// @TODO Try to rewrite this to $content = SQL_FETCHARRAY(). Please look some lines above for the dynamic query
// Shall we process this id? It muss not be empty, of course
if (($skip === false) && (!empty($id)) && (!isset($GLOBALS['skip_config'][$id]))) {
- // Save this entry
- $val = compileCode($val);
-
// Translate the value? (comma to dot!)
if ((is_array($translateComma)) && (in_array($id, $translateComma))) {
// Then do it here... :)
$title = $userid;
} // END - if
- if (($title == 0) && ($what == 'list_refs')) {
+ if (($title == '0') && ($what == 'list_refs')) {
// Return title again
return $title;
} elseif (isExtensionActive('nickname')) {
// Change activation status
function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') {
- $cnt = 0; $newStatus = 'Y';
+ $cnt = '0'; $newStatus = 'Y';
if ((is_array($IDs)) && (count($IDs) > 0)) {
// "Walk" all through and count them
foreach ($IDs as $id => $selected) {
// Shall we change here or list for editing?
if ($editNow === true) {
// Change them all
- $affected = 0;
+ $affected = '0';
foreach ($IDs as $id => $sel) {
// Prepare content array (new values)
$content = array();
// Init output
$OUT = '';
- // Compile out security characters (must be for looking up!)
- $email = compileCode($email);
-
// Look up administator login
$result = SQL_QUERY_ESC("SELECT `id`, `login`, `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1",
array($email), __FUNCTION__, __LINE__);
// Is there an account?
- if (SQL_NUMROWS($result) == 0) {
+ if (SQL_NUMROWS($result) == '0') {
// No account found!
return getMessage('ADMIN_NO_LOGIN_WITH_EMAIL');
} // END - if
// By default nothing validates... ;)
$valid = false;
- // Compile the login for lookup
- $login = compileCode($login);
-
// Then try to find that user
$result = SQL_QUERY_ESC("SELECT `id`, `password`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1",
- array($login), __FUNCTION__, __LINE__);
+ array($login), __FUNCTION__, __LINE__);
// Is an account here?
if (SQL_NUMROWS($result) == 1) {
$content = SQL_FETCHARRAY($result);
// Generate hash again
- $hashFromData = generateHash(getConfig('URL').':'.$content['id'].':'.$login.':'.$content['password'], substr($content['password'], 10));
+ $hashFromData = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $login . ':' . $content['password'], substr($content['password'], 10));
// Does both match?
$valid = ($hash == $hashFromData);
return '{?URL?}/modules.php?module=admin&what=list_user';
}
+// Generate a "link" for the given admin id (admin_id)
+function generateAdminLink ($adminId) {
+ // No assigned admin is default
+ $adminLink = "<span class=\"admin_note\">{--ADMIN_NO_ADMIN_ASSIGNED--}</span>";
+
+ // Zero? = Not assigned
+ if (bigintval($adminId) > 0) {
+ // Load admin's login
+ $login = getAdminLogin($adminId);
+
+ // Is the login valid?
+ if ($login != '***') {
+ // Is the extension there?
+ if (isExtensionActive('admins')) {
+ // Admin found
+ $adminLink = "<a href=\"".generateEmailLink(getAdminEmail($adminId), 'admins')."\">" . $login."</a>";
+ } else {
+ // Extension not found
+ $adminLink = sprintf(getMessage('EXTENSION_PROBLEM_NOT_INSTALLED'), 'admins');
+ }
+ } else {
+ // Maybe deleted?
+ $adminLink = "<div class=\"admin_note\">".sprintf(getMessage('ADMIN_ID_404'), $adminId)."</div>";
+ }
+ } // END - if
+
+ // Return result
+ return $adminLink;
+}
+
// [EOF]
?>