* svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
+ * Copyright (c) 2009, 2010 by Mailer Developer Team *
* For more information visit: http://www.mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
} // END - if
// Register an administrator account
-function addAdminAccount ($user, $md5, $email) {
+function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
// Login does already exist
$ret = 'already';
// Lookup the admin
$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1",
- array($user), __FUNCTION__, __LINE__);
+ array($adminLogin), __FUNCTION__, __LINE__);
// Is the entry there?
- if (SQL_NUMROWS($result) == '0') {
+ if (SQL_HASZERONUMS($result)) {
// Ok, let's create the admin login
SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
array(
- $user,
- $md5,
- $email
+ $adminLogin,
+ $passHash,
+ $adminEmail
), __FUNCTION__, __LINE__);
// All done
return $ret;
}
-// Only be executed on login procedure!
-function ifAdminLoginDataIsValid ($admin, $password) {
- // By default no admin is found
+// This function will be executed when the admin is not logged in and has submitted his login data
+function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) {
+ // First of all, no admin login is found
$ret = '404';
- // Get admin id
- $adminId = getAdminId($admin);
-
- // Init array with admin id by default
- $data = array('admin_id' => $adminId);
-
- // Is the cache valid?
- if (isAdminHashSet($admin)) {
- // Get password from cache
- $data['password'] = getAdminHash($admin);
- $ret = 'pass';
- incrementStatsEntry('cache_hits');
-
- // Include more admins data?
- if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($GLOBALS['cache_array']['admin']['login_failures'][$adminId]))) {
- // Load them here
- $data['login_failures'] = $GLOBALS['cache_array']['admin']['login_failures'][$adminId];
- $data['last_failure'] = $GLOBALS['cache_array']['admin']['last_failure'][$adminId];
- } // END - if
- } elseif (!isExtensionActive('cache')) {
- // Add extra data via filter now
- $add = runFilterChain('sql_admin_extra_data');
-
- // Get password from DB
- $result = SQL_QUERY_ESC("SELECT `password`" . $add . " FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1",
- array($adminId), __FUNCTION__, __LINE__);
-
- // Entry found?
- if (SQL_NUMROWS($result) == 1) {
- // Login password found
- $ret = 'pass';
+ // Then we need to lookup the login name by getting the admin hash
+ $adminHash = getAdminHash($adminLogin);
- // Fetch data
- $data = SQL_FETCHARRAY($result);
- } // END - if
-
- // Free result
- SQL_FREERESULT($result);
- }
+ // If this is fine, we can continue
+ if ($adminHash != '-1') {
+ // Get admin id and set it as current
+ setCurrentAdminId(getAdminId($adminLogin));
- //* DEBUG: */ outputHtml('*' . $data['password'] . '/' . md5($password) .'/' . $ret . '*<br />');
- if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
- // Generate new hash
- $data['password'] = generateHash($password);
-
- // Is the sql_patches not installed, than we cannot have a valid hashed password here!
- //* DEBUG: */ outputHtml($ret . ',' . intval(isExtensionInstalledAndOlder('sql_patches', '0.3.6')) . '/' . intval(!isExtensionInstalled('sql_patches')).'<br />');
- if (($ret == 'pass') && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) $ret = 'done';
- } elseif ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches'))) {
- // Old hashing way
- return $ret;
- } elseif (!isset($data['password'])) {
- // Password not found, so no valid login!
- return $ret;
- }
+ // Now, we need to encode the password in the same way the one is encoded in database
+ $testHash = generateHash($adminPassword, $adminHash);
- // Generate salt of password
- $salt = substr($data['password'], 0, -40);
-
- // Check if password is same
- //* DEBUG: */ outputHtml('*' . $ret . ',' . $data['password'] . ',' . $password . ',' . $salt . '*<br />');
- if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == md5($password))) {
- // Re-hash the plain passord with new random salt
- $data['password'] = generateHash($password);
-
- // Do we have 0.7.0 of admins or later?
- // Remmeber login failures if available
- if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($data['login_failures']))) {
- // Store it in session
- setSession('mxchange_admin_failures', $data['login_failures']);
- setSession('mxchange_admin_last_fail', $data['last_failure']);
-
- // Update password and reset login failures
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s',`login_failures`=0,`last_failure`='0000-00-00 00:00:00' WHERE `id`=%s LIMIT 1",
- array($data['password'], $adminId), __FUNCTION__, __LINE__);
+ // If they both match, the login data is valid
+ if ($testHash == $adminHash) {
+ // All fine
+ $ret = 'done';
} else {
- // Update password
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `id`=%s LIMIT 1",
- array($data['password'], $adminId), __FUNCTION__, __LINE__);
+ // Set status
+ $ret = 'pass';
}
-
- // Rebuild cache
- rebuildCacheFile('admin', 'admin');
-
- // Login has failed by default... ;-)
- $ret = 'failed1';
-
- // Password matches so login here
- if (doAdminLogin($admin, $data['password'])) {
- // All done now
- $ret = 'done';
- } // END - if
- } elseif ((empty($salt)) && ($ret == 'pass')) {
- // Something bad went wrong
- $ret = 'failed_salt';
- } elseif ($ret == 'done') {
- // Try to login here if we have the old hashing way (sql_patches not installed?)
- if (!doAdminLogin($admin, $data['password'])) {
- // Something went wrong
- $ret = 'failed2';
- } // END - if
- }
-
- // Count login failure if admins extension version is 0.7.0+
- if (($ret == 'pass') && (getExtensionVersion('admins') >= '0.7.0')) {
- // Update counter
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `id`=%s LIMIT 1",
- array($adminId), __FUNCTION__, __LINE__);
-
- // Rebuild cache
- rebuildCacheFile('admin', 'admin');
} // END - if
- // Return the result
- //* DEBUG: */ die('RETURN=' . $ret);
- return $ret;
-}
+ // Prepare data array
+ $data = array(
+ 'login' => $adminLogin,
+ 'plain_pass' => $adminPassword,
+ 'pass_hash' => $adminHash
+ );
-// Try to login the admin by setting some session/cookie variables
-function doAdminLogin ($adminLogin, $passHash) {
- // Reset failure counter on matching admins version
- if ((isExtensionInstalledAndNewer('admins', '0.7.0')) && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) {
- // Reset counter on out-dated sql_patches version
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login_failures`=0, `last_failure`='0000-00-00 00:00:00' WHERE `login`='%s' LIMIT 1",
- array($adminLogin), __FUNCTION__, __LINE__);
+ // Run a special filter
+ runFilterChain('do_admin_login_' . $ret, $data);
- // Rebuild cache
- rebuildCacheFile('admin', 'admin');
- } // END - if
-
- // Now set all session variables and return the result
- return ((
- setSession('admin_md5', generatePassString(generateHash($passHash, '', false)))
- ) && (
- setSession('admin_login', $adminLogin)
- ) && (
- setSession('admin_last', time())
- ));
+ // Return status
+ return $ret;
}
// Only be executed on cookie checking
-function ifAdminCookiesAreValid ($admin, $password) {
- // By default no admin cookies are found
- $ret = '404';
- $pass = '';
+function ifAdminCookiesAreValid ($adminLogin, $passHash) {
+ // First of all, no admin login is found
+ $ret = '404';
- // Get hash
- $pass = getAdminHash($admin);
- if ($pass != '-1') $ret = 'pass';
+ // Then we need to lookup the login name by getting the admin hash
+ $adminHash = getAdminHash($adminLogin);
- //* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).")<br />");
+ // If this is fine, we can continue
+ if ($adminHash != '-1') {
+ // Now, we need to encode the password in the same way the one is encoded in database
+ $testHash = encodeHashForCookie($adminHash);
+ //* DEBUG: */ outputHtml('adminLogin='.$adminLogin.',<br />passHash='.$passHash.',<br />adminHash='.$adminHash.',<br />testHash='.$testHash.'<br />');
- // Check if password matches
- if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass))) && (isAdmin())) {
- // Passwords matches!
- $ret = 'done';
+ // If they both match, the login data is valid
+ if ($testHash == $passHash) {
+ // All fine
+ $ret = 'done';
+ } else {
+ // Set status
+ $ret = 'pass';
+ }
} // END - if
- // Return result
+ // Return status
+ //* DEBUG: */ outputHtml('ret='.$ret);
return $ret;
}
// Get default what
$what = getWhat();
- //* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."*<br />");
+ //* DEBUG: */ outputHtml(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*<br />');
// Remove any spaces from variable
if (empty($what)) {
}
// Get action value
- $action = getModeAction(getModule(), $what);
+ $action = getActionFromModuleWhat(getModule(), $what);
// Define admin login name and id number
$content['login'] = getSession('admin_login');
// Do we have entries?
if (SQL_NUMROWS($result_main) > 0) {
- $OUT = '<div style="height:7px" class="seperator"> </div>';
$OUT .= '<ul class="admin_menu_main">';
// @TODO Rewrite this to $content = SQL_FETCHARRAY()
while (list($menu, $title, $descr) = SQL_FETCHROW($result_main)) {
- if ((isExtensionActive('admins')) && (getExtensionVersion('admins') > '0.2.0')) {
+ if (isExtensionInstalledAndNewer('admins', '0.2.0')) {
$ACL = adminsCheckAdminAcl($menu, '');
} else {
// @TODO ACL is 'allow'... hmmm
// @TODO Rewrite this to $content = SQL_FETCHARRAY()
while (list($what_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) {
// Check for access level
- if ((isExtensionActive('admins')) && (getExtensionVersion('admins') > '0.2.0')) {
+ if (isExtensionInstalledAndNewer('admins', '0.2.0')) {
$ACL = adminsCheckAdminAcl('', $what_sub);
} else {
// @TODO ACL is 'allow'... hmmm
$OUT .= '</ul>
</li>';
} // END - if
-
- $OUT .= '<li style="height:7px" class="seperator"> </li>';
} // END - if
} // END - while
}
// Create member selection box
-function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=false, $field='userid') {
+function addMemberSelectionBox ($def = 0, $add_all = false, $return = false, $none = false, $field = 'userid') {
// Output selection form with all confirmed user accounts listed
$result = SQL_QUERY("SELECT `userid`, `surname`, `family` FROM `{?_MYSQL_PREFIX?}_user_data` ORDER BY `userid` ASC", __FUNCTION__, __LINE__);
elseif ($none === true) $OUT = ' <option value="0">{--SELECT_NONE--}</option>';
while ($content = SQL_FETCHARRAY($result)) {
- $OUT .= ' <option value="' . bigintval($content['userid']) . '"';
+ $OUT .= '<option value="' . bigintval($content['userid']) . '"';
if ($def == $content['userid']) $OUT .= ' selected="selected"';
$OUT .= '>' . $content['surname'] . ' ' . $content['family'] . ' (' . bigintval($content['userid']) . ')</option>';
} // END - while
loadTemplate('admin_member_selection_box', false, $content);
} else {
// Return content in selection frame
- return '<select class="admin_select" name="' . $field . '" size="1">' . $OUT . '</select>';
+ return '<select class="admin_select" name="' . handleFieldWithBraces($field) . '" size="1">' . $OUT . '</select>';
}
}
$what = "`what` != ''";
if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND `action` !='login'";
- $result = SQL_QUERY_ESC("SELECT %s, `title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC",
+ $result = SQL_QUERY_ESC("SELECT `%s` AS `menu`, `title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC",
array($mode), __FUNCTION__, __LINE__);
if (SQL_NUMROWS($result) > 0) {
// Load menu as selection
- $OUT = "<select name=\"".$mode."_menu";
- if ((!empty($defid)) || ($defid == '0')) $OUT .= "[".$defid."]";
- $OUT .= "\" size=\"1\" class=\"admin_select\">
- <option value=\"\">{--SELECT_NONE--}</option>\n";
- // @TODO Try to rewrite this to $content = SQL_FETCHARRAY(). Please look some lines above for the dynamic query
- while (list($menu, $title) = SQL_FETCHROW($result)) {
- $OUT .= " <option value=\"".$menu."\"";
- if ((!empty($default)) && ($default == $menu)) $OUT .= ' selected="selected"';
- $OUT .= ">".$title."</option>\n";
+ $OUT = '<select name="' . $mode . '_menu';
+ if ((!empty($defid)) || ($defid == '0')) $OUT .= '[' . $defid . ']';
+ $OUT .= '" size="1" class="admin_select">
+ <option value="">{--SELECT_NONE--}</option>';
+ // Load all entries
+ while ($content = SQL_FETCHARRAY($result)) {
+ $OUT .= '<option value="' . $content['menu'] . '"';
+ if ((!empty($default)) && ($default == $content['menu'])) $OUT .= ' selected="selected"';
+ $OUT .= '>' . $content['title'] . '</option>';
} // END - while
// Free memory
SQL_FREERESULT($result);
- $OUT .= "</select>\n";
+
+ // Add closing select-tag
+ $OUT .= '</select>';
} else {
// No menus???
$OUT = getMessage('ADMIN_PROBLEM_NO_MENU');
if ('' . $val . '' == '' . $test . '') {
// Add numbers
$tableData[] = sprintf("`%s`=%s", $id, $test);
+ } elseif (is_null($val)) {
+ // Add NULL
+ $tableData[] = sprintf("`%s`=NULL", $id);
} else {
// Add strings
$tableData[] = sprintf("`%s`='%s'", $id, trim($val));
$affected = SQL_AFFECTEDROWS();
// Rebuild cache
- rebuildCacheFile('config', 'config');
+ rebuildCache('config', 'config');
// Settings saved, so display message?
if ($displayMessage === true) loadTemplate('admin_settings_saved', false, getMessage('SETTINGS_SAVED'));
$menuArray = getArrayFromDirectory(sprintf("inc/modules/%s/", $menu), '', false, false);
// Init the selection box
- $OUT = "<select name=\"".$name."\" class=\"admin_select\" size=\"1\">
- <option value=\"\">{--IS_TOP_MENU--}</option>\n";
+ $OUT = '<select name="' . $name . '" class="admin_select" size="1"><option value="">{--IS_TOP_MENU--}</option>';
// Walk through all files
foreach ($menuArray as $file) {
// Is this a PHP script?
- if ((!isDirectory($file)) && (strpos($file, "".$type.'-') > -1) && (strpos($file, '.php') > 0)) {
+ if ((!isDirectory($file)) && (strpos($file, '' . $type . '-') > -1) && (strpos($file, '.php') > 0)) {
// Then test if the file is readable
$test = sprintf("inc/modules/%s/%s", $menu, $file);
// Is that part different from the overview?
if ($part != 'overview') {
- $OUT .= " <option value=\"".$part."\"";
+ $OUT .= '<option value="' . $part . '"';
if ($part == $default) $OUT .= ' selected="selected"';
- $OUT .= ">".$part."</option>\n";
+ $OUT .= '>' . $part . '</option>';
} // END - if
} // END - if
} // END - if
} // END - foreach
// Close selection box
- $OUT .= "</select>\n";
+ $OUT .= '</select>';
// Return contents
return $OUT;
// Check "logical-area-mode"
function adminGetMenuMode () {
- // Set the global mode as the mode for all admins
+ // Set the default menu mode as the mode for all admins
$mode = getConfig('admin_menu');
$adminMode = $mode;
SQL_FREERESULT($result);
}
- // Check what the admin wants and set it when it's not the global mode
+ // Check what the admin wants and set it when it's not the default mode
if ($adminMode != 'global') $mode = $adminMode;
// Return admin-menu's mode
}
// Send mails for del/edit/lock build modes
-function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') {
+function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $userid = 'userid_raw') {
// Default subject is the subject part
$subject = $subjectPart;
} // END - if
// Is the raw userid set?
- if (postRequestParameter('userid_raw', $id) > 0) {
+ if (postRequestParameter($userid, $id) > 0) {
// Generate subject
$subjectLine = getMessage('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
}
// Send email out
- sendEmail(postRequestParameter('userid_raw', $id), $subjectLine, $mail);
+ sendEmail(postRequestParameter($userid, $id), $subjectLine, $mail);
} // END - if
// Generate subject
// Send admin notification out
if (!empty($subjectPart)) {
- sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter('userid_raw', $id));
+ sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter($userid, $id));
} else {
- sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestParameter('userid_raw', $id));
+ sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestParameter($userid, $id));
}
}
// Build a special template list
-function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn) {
+function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $userid = 'userid_raw') {
$OUT = ''; $SW = 2;
// "Walk" through all entries
// Do we have a userid?
if ($key == 'userid') {
// Add it again as raw id
- $content['userid'] = bigintval($value);
+ $content[$userid] = bigintval($value);
+ } // END - if
+
+ // If the key matches the idColumn variable, we need to temporary remember it
+ //* DEBUG: */ print 'key=' . $key . ',idColumn=' . $idColumn . ',value=' . $value . '<br />';
+ if ($key == $idColumn) {
+ // Found, so remember it
+ $GLOBALS['admin_list_builder_id_value'] = $value;
} // END - if
// Handle the call in external function
+ //* DEBUG: */ print 'key=' . $key . ',fucntion=' . $filterFunctions[$idx] . ',value=' . $value . '<br />';
$content[$key] = handleExtraValues($filterFunctions[$idx], $value, $extraValues[$idx]);
} // END - foreach
// Then list it
$OUT .= loadTemplate(sprintf("admin_%s_%s_row",
- $listType,
- $table
- ), true, $content
+ $listType,
+ $table
+ ), true, $content
);
// Switch color
}
// Change status of "build" list
-function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray) {
+function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray, $userid = 'userid_raw') {
// All valid entries? (We hope so here!)
if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) {
// "Walk" through all entries
$sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", SQL_ESCAPE($table));
// Load data of entry
- $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1",
array($table, $idColumn, $id), __FUNCTION__, __LINE__);
// Fetch the data
} // END - if
} elseif (isset($content[$column])) {
// Unfinished!
- app_die(__FUNCTION__, __LINE__, ":UNFINISHED: id={$id}/{$column}[".gettype($statusInfo)."] = {$content[$column]}");
+ debug_report_bug(__FUNCTION__, __LINE__, ":UNFINISHED: id={$id}/{$column}[".gettype($statusInfo)."] = {$content[$column]}");
}
} // END - foreach
// Add other columns as well
foreach (postRequestArray() as $key => $entries) {
+ // Debug message
+ logDebugMessage(__FUNCTION__, __LINE__, 'Found entry: ' . $key);
+
// Skip id, raw userid and 'do_$mode'
- if (!in_array($key, array($idColumn, 'userid_raw', ('do_'.$mode)))) {
+ if (!in_array($key, array($idColumn, $userid, ('do_' . $mode)))) {
// Are there brackets () at the end?
- if (substr($entries[$id], -2, 2) == "()") {
+ if (substr($entries[$id], -2, 2) == '()') {
// Direct SQL command found
$sql .= sprintf(" %s=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]));
} else {
// Add entry
$content[$key] = $entries[$id];
}
- } // END - if
+ } else {
+ // Skipped entry
+ logDebugMessage(__FUNCTION__, __LINE__, 'Skipped: ' . $key);
+ }
} // END - foreach
// Finish SQL statement
}
// Delete rows by given id numbers
-function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $deleteNow=false, $idColumn='id', $userIdColumn='userid') {
+function adminDeleteEntriesConfirm ($IDs, $table, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = false, $idColumn = 'id', $userIdColumn = 'userid', $userid = 'userid_raw') {
// All valid entries? (We hope so here!)
if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) {
// Shall we delete here or list for deletion?
if ($deleteNow === true) {
// The base SQL command:
- $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s IN (%s)";
+ $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s` IN (%s)";
// Delete them all
$idList = '';
foreach ($IDs as $id => $sel) {
// Is there a userid?
- if (isPostRequestParameterSet('userid_raw', $id)) {
+ if (isPostRequestParameterSet($userid, $id)) {
// Load all data from that id
- $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1",
- array($table, $idColumn, $id), __FUNCTION__, __LINE__);
+ $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1",
+ array(
+ $table,
+ $idColumn,
+ $id
+ ), __FUNCTION__, __LINE__);
// Fetch the data
$content = SQL_FETCHARRAY($result);
} // END - foreach
// Run the query
- SQL_QUERY($sql, array($table, $idColumn, substr($idList, 0, -1)), __FUNCTION__, __LINE__);
+ SQL_QUERY_ESC($sql, array($table, $idColumn, substr($idList, 0, -1)), __FUNCTION__, __LINE__);
// Was this fine?
if (SQL_AFFECTEDROWS() == count($IDs)) {
}
// Edit rows by given id numbers
-function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $editNow=false, $idColumn='id', $userIdColumn='userid') {
+function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunctions = array(), $extraValues = array(), $editNow = false, $idColumn = 'id', $userIdColumn = 'userid', $userid = 'userid_raw') {
// All valid entries? (We hope so here!)
if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) {
// Shall we change here or list for editing?
);
foreach (postRequestArray() as $key => $entries) {
// Skip raw userid which is always invalid
- if ($key == 'userid_raw') {
+ if ($key == $userid) {
// Continue with next field
continue;
} // END - if
// Then add this value
$sql .= sprintf(" `%s`='%s',",
- SQL_ESCAPE($key),
- SQL_ESCAPE($entries[$id])
+ SQL_ESCAPE($key),
+ SQL_ESCAPE($entries[$id])
);
} elseif (($key != $idColumn) && (!is_array($entries))) {
// Add normal entries as well!
array($email), __FUNCTION__, __LINE__);
// Is there an account?
- if (SQL_NUMROWS($result) == '0') {
+ if (SQL_HASZERONUMS($result)) {
// No account found!
return getMessage('ADMIN_NO_LOGIN_WITH_EMAIL');
} // END - if
// Reset the password for the login. Do NOT call this function without calling above function first!
function doResetAdminPassword ($login, $password) {
- // Init hash
- $passHash = '';
-
- // Now check if we have sql_patches installed
- if (isExtensionInstalledAndNewer('sql_patches', '0.3.6')) {
- // Use new way of hashing
- $passHash = generateHash($password);
- } else {
- // Old MD5 method
- $passHash = md5($password);
- }
+ // Generate hash (we already check for sql_patches in generateHash())
+ $passHash = generateHash($password);
// Update database
SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `login`='%s' LIMIT 1",
// Should be admin!
if (!isAdmin()) {
// Not an admin so redirect better
- redirectToUrl('index.php');
+ redirectToUrl('modules.php?module=index');
} // END - if
// Is the id not set, then we need a backtrace here... :(
if ($id <= 0) {
// Initiate backtrace
- debug_report_bug(sprintf("id is invalid: %s. row=%s, data=%s",
+ debug_report_bug(__FUNCTION__, __LINE__, sprintf("id is invalid: %s. row=%s, data=%s",
$id,
$row,
$data
$adminLink = '<a href="' . generateEmailLink(getAdminEmail($adminId), 'admins') . '" title="{--ADMIN_CONTACT_LINK_TITLE--}">' . $login . '</a>';
} else {
// Extension not found
- $adminLink = getMaskedMessage('EXTENSION_PROBLEM_NOT_INSTALLED', 'admins');
+ $adminLink = getMaskedMessage('EXTENSION_PROBLEM_EXTENSION_NOT_INSTALLED', 'admins');
}
} else {
// Maybe deleted?
projects / mailer.git / blobdiff