X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Ffilters.php;h=d582202ac6a02ac4297ec79673b0d6897687e6af;hp=c0b3702d2eb191ac615e61dbe32cfccedb6f7f63;hb=a17a898cb487fbc80e580d0b7e51f92327f2ea21;hpb=39172de4ecec2f6ddc597a5ae439e7aef79c75ed diff --git a/inc/filters.php b/inc/filters.php index c0b3702d2e..d582202ac6 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -102,6 +102,9 @@ ORDER BY `filter_id` ASC", __FILE__, __LINE__); SQL_FREERESULT($result); } // END - if + // Init filters + REGISTER_FILTER('init', 'UPDATE_LOGIN_DATA'); + // Login failtures handler REGISTER_FILTER('post_youhere_line', 'CALL_HANDLER_LOGIN_FAILTURES'); @@ -122,12 +125,15 @@ ORDER BY `filter_id` ASC", __FILE__, __LINE__); // Run SQLs REGISTER_FILTER('run_sqls', 'RUN_SQLS'); + // Admin ACL check + REGISTER_FILTER('check_admin_acl', 'CHECK_ADMIN_ACL'); + // Register shutdown filters REGISTER_FILTER('shutdown', 'FLUSH_FILTERS'); } // "Registers" a new filter function -function REGISTER_FILTER ($filterName, $filterFunction, $silentAbort = true, $force = false, $add = true) { +function REGISTER_FILTER ($filterName, $filterFunction, $silentAbort = true, $force = false, $dry_run = false) { global $filters, $counter; // Extend the filter function name @@ -152,7 +158,7 @@ function REGISTER_FILTER ($filterName, $filterFunction, $silentAbort = true, $fo } // END - if // Shall we add it? - if ($add) { + if (!$dry_run) { // Simply add it to the array $filters[$filterName][$filterFunction] = "Y"; $counter[$filterName][$filterFunction] = 0; @@ -160,11 +166,13 @@ function REGISTER_FILTER ($filterName, $filterFunction, $silentAbort = true, $fo } // "Unregisters" a filter from the given chain -function UNREGISTER_FILTER ($filterName, $filterFunction, $force = false, $remove = true) { - global $filters, $counter; +function UNREGISTER_FILTER ($filterName, $filterFunction, $force = false, $dry_run = false) { + global $filters, $counter, $loadedFilters; - // Extend the filter function name - $filterFunction = sprintf("FILTER_%s", strtoupper($filterFunction)); + // Extend the filter function name only if not loaded from database + if (!isset($loadedFilters[$filterName][$filterFunction])) { + $filterFunction = sprintf("FILTER_%s", strtoupper($filterFunction)); + } // END - if // Is that filter there? if ((!isset($filters[$filterName][$filterFunction])) && (!$force)) { @@ -174,7 +182,7 @@ function UNREGISTER_FILTER ($filterName, $filterFunction, $force = false, $remov } // END - if // Shall we remove? (default, not while just showing an extension removal) - if ($remove) { + if (!$dry_run) { // Mark for filter removal $filters[$filterName][$filterFunction] = "R"; unset($counter[$filterName][$filterFunction]); @@ -291,7 +299,7 @@ function FILTER_FLUSH_FILTERS () { $removeSQL = substr($removeSQL, 0, -2) . "LIMIT ".$removed; // And run it - $removeSQL; + $SQLs[] = $removeSQL; } // END - if // Shall we update usage counters (ONLY FOR DEBUGGING!) @@ -380,7 +388,7 @@ function FILTER_SOLVE_TASK ($data) { // Filter to load include files function FILTER_LOAD_INCLUDES ($data) { - global $INC_POOL; + global $INC_POOL, $CSS; // Is it an array? if ((!isset($INC_POOL)) || (!is_array($INC_POOL))) { @@ -430,5 +438,74 @@ function FILTER_RUN_SQLS ($dry_run) { } } +// Filter for updating/validating login data +function FILTER_UPDATE_LOGIN_DATA () { + global $LAST; + if (!is_array($LAST)) $LAST = array(); + + // Recheck if logged in + if (!IS_MEMBER()) return false; + + // Secure user ID + $GLOBALS['userid'] = bigintval(get_session('userid')); + + // Extract last online time (life) and how long is auto-login valid (time) + $newl = time() + bigintval(get_session('lifetime')); + + // Load last module and last online time + $result = SQL_QUERY_ESC("SELECT last_module, last_online FROM `"._MYSQL_PREFIX."_user_data` WHERE userid=%s LIMIT 1", array($GLOBALS['userid']), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { + // Load last module and online time + list($mod, $onl) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + + // Maybe first login time? + if (empty($mod)) $mod = "login"; + + if (set_session("userid", $GLOBALS['userid'], $newl, COOKIE_PATH) && set_session("u_hash", get_session('u_hash'), $newl, COOKIE_PATH) && set_session("lifetime", bigintval(get_session('lifetime')), $newl, COOKIE_PATH)) { + // This will be displayed on welcome page! :-) + if (empty($LAST['module'])) { + $LAST['module'] = $mod; $LAST['online'] = $onl; + } // END - if + + // "what" not set? + if (empty($GLOBALS['what'])) { + // Fix it to default + $GLOBALS['what'] = "welcome"; + if (getConfig('index_home') != "") $GLOBALS['what'] = getConfig('index_home'); + } // END - if + + // Update last module / online time + $result = SQL_QUERY_ESC("UPDATE `"._MYSQL_PREFIX."_user_data` SET last_module='%s', last_online=UNIX_TIMESTAMP(), REMOTE_ADDR='%s' WHERE userid=%s LIMIT 1", + array($GLOBALS['what'], GET_REMOTE_ADDR(), $GLOBALS['userid']), __FILE__, __LINE__); + } + } else { + // Destroy session, we cannot update! + destroy_user_session(); + } +} + +// Filter for checking admin ACL +function FILTER_CHECK_ADMIN_ACL () { + // Extension not installed so it's always allowed to access everywhere! + $ret = true; + + // Ok, Cookie-Update done + if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) { + // Check if action GET variable was set + $action = SQL_ESCAPE($GLOBALS['action']); + if (!empty($GLOBALS['what'])) { + // Get action value by what-value + $action = GET_ACTION("admin", $GLOBALS['what']); + } // END - if + + // Check for access control line of current menu entry + $ret = ADMINS_CHECK_ACL($action, $GLOBALS['what']); + } // END - if + + // Return result + return $ret; +} + // ?>