X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fadmins_functions.php;h=8c692aa43b70c0b986b5edc1c4b3f814cd50479f;hp=427353749031c0d932eb0bb9847621432ae1d536;hb=4b32c7be676d4a191c869a5745f2890240852fb0;hpb=40aa5cf7efd1660f97e439c0674fa7cd36c1ebae diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index 4273537490..8c692aa43b 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -1,7 +1,7 @@ = '0.1.2') && (isset($GLOBALS['cache_array']['admin_acls'])) && (count($GLOBALS['cache_array']['admin_acls']) > 0)) { + if ((isExtensionInstalledAndNewer('cache', '0.1.2')) && (isset($GLOBALS['cache_array']['admin_acls'])) && (count($GLOBALS['cache_array']['admin_acls']) > 0)) { // Lookup in cache if ((!empty($action)) && (isset($GLOBALS['cache_array']['admin_acls']['action_menu'][$adminId])) & ($GLOBALS['cache_array']['admin_acls']['action_menu'][$adminId] == $action)) { // Main menu line found @@ -139,14 +140,14 @@ LIMIT 1", list($adminId) = SQL_FETCHROW($result); // Rewrite email address to contact link - $email = "{?URL?}/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($adminId); + $email = '{%url=modules.php?module=' . $mod . '&what=admins_contct&admin=' . bigintval($adminId) . '%}'; } // END - if // Free memory SQL_FREERESULT($result); } elseif ((is_int($email)) && ($email > 0)) { - // Direct ID given - $email = "{?URL?}/modules.php?module=".$mod."&what=admins_contct&admin=".bigintval($email); + // Direct id given + $email = '{%url=modules.php?module=' . $mod . '&what=admins_contct&admin=' . bigintval($email) . '%}'; } // Return rewritten (?) email address @@ -154,52 +155,61 @@ LIMIT 1", } // Change a lot admin account -function adminsChangeAdminAccount ($postData) { +function adminsChangeAdminAccount ($postData, $element = '') { // Begin the update - $cache_update = 0; + $cache_update = '0'; foreach ($postData['login'] as $id => $login) { - // Secure ID number + // Secure id number $id = bigintval($id); // When both passwords match update admin account - if ($postData['pass1'][$id] == $postData['pass2'][$id]) { - // Save only when both passwords are the same (also when they are empty) - $add = ''; $cache_update = '1'; - - // Generate hash - $hash = generateHash($postData['pass1'][$id]); - - // Save password when set - if (!empty($postData['pass1'][$id])) $add = sprintf(", password='%s'", SQL_ESCAPE($hash)); - - // Get admin's ID - $adminId = getCurrentAdminId(); - $salt = substr(getAdminHash($adminId), 0, -40); - - // Rewrite cookie when it's own account - if ($adminId == $id) { - // Set timeout cookie - setSession('admin_last', time()); - - if ($login != getSession('admin_login')) { - // Update login cookie - setSession('admin_login', $login); - - // Update password cookie as well? - if (!empty($add)) setSession('admin_md5', $hash); - } elseif (generateHash($postData['pass1'][$id], $salt) != getSession('admin_md5')) { - // Update password cookie - setSession('admin_md5', $hash); - } - } // END - if - - // Get default ACL from admin to check if we can allow him to change the default ACL - $default = getAdminDefaultAcl(getCurrentAdminId()); + if ((!empty($element)) && (isset($postData[$element]))) { + // Save this setting + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `%s`='%s' WHERE `id`=%s LIMIT 1", + array($element, $postData[$element][$id], $id), __FILE__, __LINE__); - // Update admin account - if ($default == 'allow') { - // Allow changing default ACL - SQL_QUERY_ESC("UPDATE + // Admin account saved + $message = getMessage('ADMIN_ACCOUNT_SAVED'); + } elseif ((isset($postData['pass1'])) && (isset($postData['pass2']))) { + // Update only if both passwords match + if (($postData['pass1'][$id] == $postData['pass2'][$id])) { + // Save only when both passwords are the same (also when they are empty) + $add = ''; $cache_update = 1; + + // Generate hash + $hash = generateHash($postData['pass1'][$id]); + + // Save password when set + if (!empty($postData['pass1'][$id])) $add = sprintf(", `password`='%s'", SQL_ESCAPE($hash)); + + // Get admin's id + $adminId = getCurrentAdminId(); + $salt = substr(getAdminHash(getAdminLogin($adminId)), 0, -40); + + // Rewrite cookie when it's own account + if ($adminId == $id) { + // Set timeout cookie + setSession('admin_last', time()); + + if ($login != getSession('admin_login')) { + // Update login cookie + setSession('admin_login', $login); + + // Update password cookie as well? + if (!empty($add)) setSession('admin_md5', $hash); + } elseif (generateHash($postData['pass1'][$id], $salt) != getSession('admin_md5')) { + // Update password cookie + setSession('admin_md5', $hash); + } + } // END - if + + // Get default ACL from admin to check if we can allow him to change the default ACL + $default = getAdminDefaultAcl(getCurrentAdminId()); + + // Update admin account + if ($default == 'allow') { + // Allow changing default ACL + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login`='%s'".$add.", @@ -209,16 +219,16 @@ SET WHERE `id`=%s LIMIT 1", - array( - $login, - $postData['email'][$id], - $postData['mode'][$id], - $postData['la_mode'][$id], - $id - ), __FUNCTION__, __LINE__); - } else { - // Do not allow it here - SQL_QUERY_ESC("UPDATE + array( + $login, + $postData['email'][$id], + $postData['mode'][$id], + $postData['la_mode'][$id], + $id + ), __FUNCTION__, __LINE__); + } else { + // Do not allow it here + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login`='%s'".$add.", @@ -227,26 +237,49 @@ SET WHERE `id`=%s LIMIT 1", - array( - $login, - $postData['email'][$id], - $postData['la_mode'][$id], - $id - ), __FUNCTION__, __LINE__); - } + array( + $login, + $postData['email'][$id], + $postData['la_mode'][$id], + $id + ), __FUNCTION__, __LINE__); + } - // Admin account saved - $message = getMessage('ADMIN_ACCOUNT_SAVED'); + // Admin account saved + $message = getMessage('ADMIN_ACCOUNT_SAVED'); + } else { + // Passwords did not match + $message = getMessage('ADMINS_ERROR_PASS_MISMATCH'); + } } else { - // Passwords did not match - $message = getMessage('ADMINS_ERROR_PASS_MISMATCH'); - } + // Update whole array + $SQL = 'UPDATE `{?_MYSQL_PREFIX?}_admins` SET '; + foreach ($postData as $entry => $value) { + // Skip login/id entry + if (in_array($entry, array('login', 'id'))) continue; + + // Do we have a non-string (e.g. number, NOW() or back-tick at the beginning? + if ((bigintval($value[$id], true, false) === $value[$id]) || ($value[$id] == 'NOW()') || (substr($value[$id], 0, 1) == '`')) { + // No need for ticks (') + $SQL .= '`' . $entry . '`=' . $value[$id] . ','; + } else { + // Strings need ticks (') around them + $SQL .= '`' . $entry . "`='" . SQL_ESCAPE($value[$id]) . "',"; + } + } // END - foreach + + // Remove last tick and finish query + $SQL = substr($SQL, 0, -1) . ' WHERE `id`=%s LIMIT 1'; - // Display message - if (!empty($message)) { - loadTemplate('admin_settings_saved', false, $message); + // Run it + SQL_QUERY_ESC($SQL, array(bigintval($id)), __FUNCTION__, __LINE__); } - } + } // END - foreach + + // Display message + if (!empty($message)) { + loadTemplate('admin_settings_saved', false, $message); + } // END - if // Remove cache file runFilterChain('post_admin_edited', postRequestArray()); @@ -260,7 +293,7 @@ function adminsEditAdminAccount ($postData) { // Begin the edit loop $OUT = ''; $SW = 2; foreach ($postData['sel'] as $id => $selected) { - // Secure ID number + // Secure id number $id = bigintval($id); // Get the admin's data @@ -305,12 +338,12 @@ function adminsDeleteAdminAccount ($postData) { // Delete accounts $OUT = ''; $SW = 2; foreach ($postData['sel'] as $id => $selected) { - // Secure ID number + // Secure id number $id = bigintval($id); // Get the admin's data $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", - array($id), __FUNCTION__, __LINE__); + array($id), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Entry found $content = SQL_FETCHARRAY($result); @@ -339,9 +372,9 @@ function adminsDeleteAdminAccount ($postData) { // Remove the given accounts function adminsRemoveAdminAccount ($postData) { // Begin removal - $cache_update = 0; + $cache_update = '0'; foreach ($postData['sel'] as $id => $del) { - // Secure ID number + // Secure id number $id = bigintval($id); // Delete only when it's not your own account! @@ -386,35 +419,24 @@ function adminsListAdminAccounts() { loadTemplate('admin_list_admins', false, $OUT); } -// Filter for adding extra data to the query -function FILTER_ADD_EXTRA_SQL_DATA ($add = '') { - // Is the admins extension updated? (should be!) - if (getExtensionVersion('admins') >= '0.3.0') $add .= ', `default_acl` AS def_acl'; - if (getExtensionVersion('admins') >= '0.6.7') $add .= ', `la_mode`'; - if (getExtensionVersion('admins') >= '0.7.2') $add .= ', `login_failures`, UNIX_TIMESTAMP(`last_failure`) AS last_failure'; - - // Return it - return $add; -} - // Sends out mail to all administrators -// IMPORTANT: Please use SEND_ADMIN_NOTIFCATION() for now! -function sendAdminsEmails ($subj, $template, $content, $UID) { +// IMPORTANT: Please use sendAdminNotification() instead of calling this function directly +function sendAdminsEmails ($subj, $template, $content, $userid) { // Trim template name $template = trim($template); // Load email template - $message = loadEmailTemplate($template, $content, $UID); + $message = loadEmailTemplate($template, $content, $userid); // Check which admin shall receive this mail $result = SQL_QUERY_ESC("SELECT `admin_id` FROM `{?_MYSQL_PREFIX?}_admins_mails` WHERE `mail_template`='%s' ORDER BY `admin_id` ASC", array($template), __FUNCTION__, __LINE__); - if (SQL_NUMROWS($result) == 0) { + if (SQL_HASZERONUMS($result)) { // Create new entry (to all admins) SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins_mails` (`admin_id`, `mail_template`) VALUES (0, '%s')", array($template), __FUNCTION__, __LINE__); } else { - // Load admin IDs... + // Load admin ids... // @TODO This can be, somehow, rewritten $adminIds = array(); while ($content = SQL_FETCHARRAY($result)) { @@ -427,26 +449,26 @@ function sendAdminsEmails ($subj, $template, $content, $UID) { // Init result $result = false; - // "implode" IDs and query string + // "implode" ids and query string $adminId = implode(',', $adminIds); if ($adminId == '-1') { if (isExtensionActive('events')) { // Add line to user events - EVENTS_ADD_LINE($subj, $message, $UID); + EVENTS_ADD_LINE($subj, $message, $userid); } else { // Log error for debug - logDebugMessage(__FUNCTION__, __LINE__, sprintf("Extension 'events' missing: tpl=%s,subj=%s,UID=%s", + logDebugMessage(__FUNCTION__, __LINE__, sprintf("Extension 'events' missing: tpl=%s,subj=%s,userid=%s", $template, $subj, - $UID + $userid )); } - } elseif ($adminId == '0') { + } elseif (($adminId == '0') || (empty($adminId))) { // Select all email adresses $result = SQL_QUERY("SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` ORDER BY `id` ASC", __FUNCTION__, __LINE__); } else { - // If Admin-ID is not "to-all" select + // If Admin-Id is not "to-all" select $result = SQL_QUERY_ESC("SELECT `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id` IN (%s) ORDER BY `id` ASC", array($adminId), __FUNCTION__, __LINE__); } @@ -461,5 +483,228 @@ function sendAdminsEmails ($subj, $template, $content, $UID) { SQL_FREERESULT($result); } +// "Getter" for current admin's expert settings +function getAminsExpertSettings () { + // Default is has not the right + $data['expert_settings'] = 'N'; + + // Get current admin login + $admin = getAdminLogin(getCurrentAdminId()); + + // Lookup settings in cache + if (isset($GLOBALS['cache_array']['admin']['expert_settings'][$admin])) { + // Use cache + $data['expert_settings'] = $GLOBALS['cache_array']['admin']['expert_settings'][$admin]; + + // Update cache hits + incrementStatsEntry('cache_hits'); + } elseif (!isExtensionInstalled('cache')) { + // Load from database + $result = SQL_QUERY_ESC("SELECT `expert_settings` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", + array($admin), __FUNCTION__, __LINE__); + + // Entry found? + if (SQL_NUMROWS($result) == 1) { + // Fetch data + $data = SQL_FETCHARRAY($result); + + // Set cache + $GLOBALS['cache_array']['admin']['expert_settings'][$admin] = $data['expert_settings']; + } // END - if + + // Free memory + SQL_FREERESULT($result); + } + + // Return the result + return $data['expert_settings']; +} + +// "Getter" for current admin's expert warning (if he wants to see them or not +function getAminsExpertWarning () { + // Default is has not the right + $data['expert_warning'] = 'N'; + + // Get current admin login + $admin = getAdminLogin(getCurrentAdminId()); + + // Lookup warning in cache + if (isset($GLOBALS['cache_array']['admin']['expert_warning'][$admin])) { + // Use cache + $data['expert_warning'] = $GLOBALS['cache_array']['admin']['expert_warning'][$admin]; + + // Update cache hits + incrementStatsEntry('cache_hits'); + } elseif (!isExtensionInstalled('cache')) { + // Load from database + $result = SQL_QUERY_ESC("SELECT `expert_warning` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", + array($admin), __FUNCTION__, __LINE__); + + // Entry found? + if (SQL_NUMROWS($result) == 1) { + // Fetch data + $data = SQL_FETCHARRAY($result); + + // Set cache + $GLOBALS['cache_array']['admin']['expert_warning'][$admin] = $data['expert_warning']; + } // END - if + + // Free memory + SQL_FREERESULT($result); + } + + // Return the result + return $data['expert_warning']; +} + +// Get login_failures number from administrator's login name +function getAdminLoginFailures ($adminLogin) { + // Admin login should not be empty + if (empty($adminLogin)) { + debug_report_bug('adminLogin is empty.'); + } // END - if + + // By default no admin is found + $data['login_failures'] = '-1'; + + // Check cache + if (isset($GLOBALS['cache_array']['admin']['login_failures'][$adminLogin])) { + // Use it if found to save SQL queries + $data['login_failures'] = $GLOBALS['cache_array']['admin']['login_failures'][$adminLogin]; + + // Update cache hits + incrementStatsEntry('cache_hits'); + } elseif (!isExtensionActive('cache')) { + // Load from database + $result = SQL_QUERY_ESC("SELECT `login_failures` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", + array($adminLogin), __FUNCTION__, __LINE__); + + // Do we have an entry? + if (SQL_NUMROWS($result) == 1) { + // Get it + $data = SQL_FETCHARRAY($result); + } // END - if + + // Free result + SQL_FREERESULT($result); + } + + // Return the login_failures + return $data['login_failures']; +} + +// Get last_failure number from administrator's login name +function getAdminLastFailure ($adminLogin) { + // Admin login should not be empty + if (empty($adminLogin)) { + debug_report_bug('adminLogin is empty.'); + } // END - if + + // By default no admin is found + $data['last_failure'] = '-1'; + + // Check cache + if (isset($GLOBALS['cache_array']['admin']['last_failure'][$adminLogin])) { + // Use it if found to save SQL queries + $data['last_failure'] = $GLOBALS['cache_array']['admin']['last_failure'][$adminLogin]; + + // Update cache hits + incrementStatsEntry('cache_hits'); + } elseif (!isExtensionActive('cache')) { + // Load from database + $result = SQL_QUERY_ESC("SELECT UNIX_TIMESTAMP(`last_failure`) AS `last_failure` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", + array($adminLogin), __FUNCTION__, __LINE__); + + // Do we have an entry? + if (SQL_NUMROWS($result) == 1) { + // Get it + $data = SQL_FETCHARRAY($result); + } // END - if + + // Free result + SQL_FREERESULT($result); + } + + // Return the last_failure + return $data['last_failure']; +} + +//***************************************************************************** +// Below only filter functions +//***************************************************************************** + +// Filter for adding extra data to the query +function FILTER_ADD_EXTRA_SQL_DATA ($add = '') { + // Is the admins extension updated? (should be!) + if (getExtensionVersion('admins') >= '0.3.0') $add .= ', `default_acl` AS def_acl'; + if (getExtensionVersion('admins') >= '0.6.7') $add .= ', `la_mode`'; + if (getExtensionVersion('admins') >= '0.7.2') $add .= ', `login_failures`, UNIX_TIMESTAMP(`last_failure`) AS last_failure'; + if (getExtensionVersion('admins') >= '0.7.3') $add .= ', `expert_settings`, `expert_warning`'; + + // Return it + return $add; +} + +// Reset the login failures +function FILTER_RESET_ADMINS_LOGIN_FAILURES ($data) { + // Store it in session + setSession('mxchange_admin_failures' , getAdminLoginFailures($data['login'])); + setSession('mxchange_admin_last_failure', getAdminLastFailure($data['login'])); + + // Prepare update data + $postData['login'][getCurrentAdminId()] = $data['login']; + $postData['login_failures'][getCurrentAdminId()] = '0'; + $postData['last_failure'][getCurrentAdminId()] = '0000-00-00 00:00:00'; + + // Change it in the admin + adminsChangeAdminAccount($postData); + + // Always make sure the cache is destroyed + rebuildCache('admin'); + + // Return the data for further processing + return $data; +} + +// Count the login failure +function FILTER_COUNT_ADMINS_LOGIN_FAILURE ($data) { + // Prepare update data + $postData['login'][getCurrentAdminId()] = $data['login']; + $postData['login_failures'][getCurrentAdminId()] = '`login_failures`+1'; + $postData['last_failure'][getCurrentAdminId()] = 'NOW()'; + + // Change it in the admin + adminsChangeAdminAccount($postData); + + // Always make sure the cache is destroyed + rebuildCache('admin'); + + // Return the data for further processing + return $data; +} + +// Rehashes the given plain admin password and stores it the database +function FILTER_REHASH_ADMINS_PASSWORD ($data) { + // Generate new hash + $newHash = generateHash($data['plain_pass']); + + // Prepare update data + $postData['login'][getCurrentAdminId()] = $data['login']; + $postData['password'][getCurrentAdminId()] = $newHash; + + // Change it in the admin + adminsChangeAdminAccount($postData); + + // Update cookie/session and data array + setSession('admin_md5', encodeHashForCookie($newHash)); + $data['pass_hash'] = $newHash; + + // Always make sure the cache is destroyed + rebuildCache('admin'); + + // Return the data for further processing + return $data; +} + // [EOF] ?>