X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Ffilters.php;h=0a30fc752e45697043683f813ceaea382cbfa2a6;hp=fe843fb8f0a74f9ad1c1835985e69490ba1bea1d;hb=f36ab6ae1503ee54a7c9d0083a8089286d8b37ef;hpb=3e67aa21428cb9bc5b8d7552d2dd0770fc46dfb3

diff --git a/inc/filters.php b/inc/filters.php
index fe843fb8f0..0a30fc752e 100644
--- a/inc/filters.php
+++ b/inc/filters.php
@@ -38,7 +38,7 @@ if (!defined('__SECURITY')) {
 }
 
 // Init "generic filter system"
-function INIT_FILTER_SYSTEM() {
+function INIT_FILTER_SYSTEM () {
 	global $filters, $loadedFilters, $counter;
 
 	// Is the filter already initialized?
@@ -125,6 +125,9 @@ ORDER BY `filter_id` ASC", __FILE__, __LINE__);
 	// Run SQLs
 	REGISTER_FILTER('run_sqls', 'RUN_SQLS');
 
+	// Admin ACL check
+	REGISTER_FILTER('check_admin_acl', 'CHECK_ADMIN_ACL');
+
 	// Register shutdown filters
 	REGISTER_FILTER('shutdown', 'FLUSH_FILTERS');
 }
@@ -208,7 +211,7 @@ function RUN_FILTER ($filterName, $data = null, $silentAbort = true) {
 	// Then run all filters
 	foreach ($filters[$filterName] as $filterFunction=>$active) {
 		// Debug message
-		//* DEBUG: */ echo __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): name={$filterName}, func={$filterFunction}, active={$active}<br />\n";
+		//* DEBUG: */ echo __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>): name={$filterName},func={$filterFunction},active={$active}<br />\n";
 
 		// Is the filter active?
 		if ($active == "Y") {
@@ -316,7 +319,7 @@ function FILTER_FLUSH_FILTERS () {
 	} // END - if
 
 	// Run the run_sqls filter in non-dry mode
-	RUN_FILTER('run_sqls', false);
+	RUN_FILTER('run_sqls', array('dry_run' => false, 'sqls' => $SQLs));
 }
 
 // Filter for calling the handler for login failtures
@@ -385,38 +388,42 @@ function FILTER_SOLVE_TASK ($data) {
 
 // Filter to load include files
 function FILTER_LOAD_INCLUDES ($data) {
-	global $INC_POOL;
+	global $CSS;
+
+	// Default is $data as inclusion list
+	$INC_POOL = $data;
 
 	// Is it an array?
-	if ((!isset($INC_POOL)) || (!is_array($INC_POOL))) {
+	if ((!isset($data)) || (!is_array($data))) {
 		// Then abort here
 		DEBUG_LOG(__FILE__, __LINE__, "INC_POOL is no array!");
 		return $data;
-	} // END - if
+	} elseif (isset($data['inc_pool'])) {
+		// Use this as new inclusion pool!
+		$INC_POOL = $data['inc_pool'];
+	}
 
 	// Check for added include files
 	if (count($INC_POOL) > 0) {
 		// Loads every include file
-		foreach ($INC_POOL as $fqfn) {
-			require_once($fqfn);
+		foreach ($INC_POOL as $FQFN) {
+			require_once($FQFN);
 		} // END - foreach
 
-		// Remove array
-		unset($INC_POOL);
+		// Reset array
+		if (isset($data['inc_pool'])) $data['inc_pool'] = array();
 	} // END - if
 
-	// Return $data
+	// Continue with processing
 	return $data;
 }
 
 // Filter for running SQL commands
-function FILTER_RUN_SQLS ($dry_run) {
-	global $SQLs;
-
+function FILTER_RUN_SQLS ($data) {
 	// Is the array there?
-	if ((is_array($SQLs)) && (!$dry_run)) {
+	if ((isset($data['sqls'])) && ((!isset($data['dry_run'])) || ($data['dry_run'] == false))) {
 		// Run SQL commands
-		foreach ($SQLs as $sql) {
+		foreach ($data['sqls'] as $sql) {
 			$sql = trim($sql);
 			if (!empty($sql)) {
 				// Do we have an "ALTER TABLE" command?
@@ -429,10 +436,7 @@ function FILTER_RUN_SQLS ($dry_run) {
 				}
 			} // END - if
 		} // END - foreach
-	} elseif (GET_EXT_VERSION("sql_patches") == "") {
-		// Remove SQLs if extension is not installed
-		$SQLs = array();
-	}
+	} // END - if
 }
 
 // Filter for updating/validating login data
@@ -473,8 +477,8 @@ function FILTER_UPDATE_LOGIN_DATA () {
 			} // END - if
 
 			// Update last module / online time
-			$result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",
-			 array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);
+			SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1",
+				array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__);
 		}
 	}  else {
 		// Destroy session, we cannot update!
@@ -482,5 +486,27 @@ function FILTER_UPDATE_LOGIN_DATA () {
 	}
 }
 
+// Filter for checking admin ACL
+function FILTER_CHECK_ADMIN_ACL () {
+	// Extension not installed so it's always allowed to access everywhere!
+	$ret = true;
+
+	// Ok, Cookie-Update done
+	if (GET_EXT_VERSION("admins") >= "0.3") {
+		// Check if action GET variable was set
+		$action = SQL_ESCAPE($GLOBALS['action']);
+		if (!empty($GLOBALS['what'])) {
+			// Get action value by what-value
+			$action = GET_ACTION("admin", $GLOBALS['what']);
+		} // END - if
+
+		// Check for access control line of current menu entry
+		$ret = ADMINS_CHECK_ACL($action, $GLOBALS['what']);
+	} // END - if
+
+	// Return result
+	return $ret;
+}
+
 //
 ?>