X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Flibs%2Fadmins_functions.php;h=d10f3bdc328582e32fc554fc948f66f49ff35419;hp=48cff14598335f4ee5ba8294896737888a85803a;hb=3608f72d51e8126720024704398cf738e61f890b;hpb=3b85bd5030ad591b0c5cb038ca534a7b50e1b319 diff --git a/inc/libs/admins_functions.php b/inc/libs/admins_functions.php index 48cff14598..d10f3bdc32 100644 --- a/inc/libs/admins_functions.php +++ b/inc/libs/admins_functions.php @@ -39,7 +39,7 @@ if (!defined('__SECURITY')) { // Check ACL for menu combination function ADMINS_CHECK_ACL($act, $wht) { - global $cacheArray, $_CONFIG, $cacheInstance; + global $cacheArray, $cacheInstance; // If action is login or logout allow allways! $default = "allow"; if (($act == "login") || ($act == "logout")) return true; @@ -48,12 +48,11 @@ function ADMINS_CHECK_ACL($act, $wht) { $ret = false; // Get admin's ID - $aid = GET_ADMIN_ID(get_session('admin_login')); + $aid = GET_CURRENT_ADMIN_ID(); // Get admin's defult access right $default = GET_ADMIN_DEFAULT_ACL($aid); - if (!empty($wht)) { // Check for parent menu: // First get it's action value @@ -87,7 +86,7 @@ function ADMINS_CHECK_ACL($act, $wht) { } if ($lines == 1) { // Count cache hits - if (isset($_CONFIG['cache_hits'])) { $_CONFIG['cache_hits']++; } else { $_CONFIG['cache_hits'] = 1; } + incrementConfigEntry('cache_hits'); break; } } @@ -183,58 +182,58 @@ function ADMINS_CHANGE_ADMIN_ACCOUNT($POST) { if (!empty($POST['pass1'][$id])) $ADD = sprintf(", password='%s'", SQL_ESCAPE($hash)); // Get admin's ID - $aid = GET_ADMIN_ID(get_session('admin_login')); + $aid = GET_CURRENT_ADMIN_ID(); $salt = substr(GET_ADMIN_HASH($aid), 0, -40); // Rewrite cookie when it's own account if ($aid == $id) { // Set timeout cookie - set_session("admin_last", time()); + set_session('admin_last', time()); if ($login != get_session('admin_login')) { // Update login cookie - set_session("admin_login", $login); + set_session('admin_login', $login); // Update password cookie as well? - if (!empty($ADD)) set_session("admin_md5", $hash); + if (!empty($ADD)) set_session('admin_md5', $hash); } elseif (generateHash($POST['pass1'][$id], $salt) != get_session('admin_md5')) { // Update password cookie - set_session("admin_md5", $hash); + set_session('admin_md5', $hash); } } // END - if // Get default ACL from admin to check if we can allow him to change the default ACL - $default = GET_ADMIN_DEFAULT_ACL(GET_ADMIN_ID(get_session('admin_login'))); + $default = GET_ADMIN_DEFAULT_ACL(GET_CURRENT_ADMIN_ID()); // Update admin account if ($default == "allow") { // Allow changing default ACL - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login='%s'".$ADD.", email='%s', default_acl='%s', la_mode='%s' WHERE id=%s LIMIT 1", - array( - $login, - $POST['email'][$id], - $POST['mode'][$id], - $POST['la_mode'][$id], - $id -), __FILE__, __LINE__); + array( + $login, + $POST['email'][$id], + $POST['mode'][$id], + $POST['la_mode'][$id], + $id + ), __FILE__, __LINE__); } else { // Do not allow it here - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET login='%s'".$ADD.", email='%s', la_mode='%s' WHERE id=%s LIMIT 1", - array( - $login, - $POST['email'][$id], - $POST['la_mode'][$id], - $id -), __FILE__, __LINE__); + array( + $login, + $POST['email'][$id], + $POST['la_mode'][$id], + $id + ), __FILE__, __LINE__); } // Purge cache @@ -249,7 +248,7 @@ WHERE id=%s LIMIT 1", // Display message if (!empty($MSG)) { - LOAD_TEMPLATE("admin_settings_saved", false, "".$MSG.""); + LOAD_TEMPLATE("admin_settings_saved", false, $MSG); } } @@ -259,6 +258,9 @@ WHERE id=%s LIMIT 1", // Make admin accounts editable function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) { + // "Resolve" current's admin access mode + $currMode = GET_ADMIN_DEFAULT_ACL(GET_CURRENT_ADMIN_ID()); + // Begin the edit loop $SW = 2; $OUT = ""; foreach ($POST['sel'] as $id => $sel) { @@ -267,7 +269,7 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) { // Get the admin's data $result = SQL_QUERY_ESC("SELECT login, email, default_acl AS mode, la_mode FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", - array($id), __FILE__, __LINE__); + array($id), __FILE__, __LINE__); if ((SQL_NUMROWS($result) == 1) && ($sel == 1)) { // Entry found $content = SQL_FETCHARRAY($result); @@ -278,7 +280,7 @@ function ADMINS_EDIT_ADMIN_ACCOUNTS ($POST) { $content['id'] = $id; // Shall we allow changing default ACL? - if ($content['mode'] == "allow") { + if ($currMode == "allow") { // Allow chaning it $content['mode'] = ADD_OPTION_LINES("/ARRAY/", array("allow", "deny"), array(ADMINS_ALLOW_MODE, ADMINS_DENY_MODE), $content['mode']); } else { @@ -349,14 +351,14 @@ function ADMINS_REMOVE_ADMIN_ACCOUNTS ($POST) { $id = bigintval($id); // Delete only when it's not your own account! - if (($del == 1) && (GET_ADMIN_ID(get_session('admin_login')) != $id)) { + if (($del == 1) && (GET_CURRENT_ADMIN_ID() != $id)) { // Rewrite his tasks to all admins - $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin=0 WHERE assigned_admin=%s", + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET assigned_admin=0 WHERE assigned_admin=%s", array($id), __FILE__, __LINE__); // Remove account - $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", - array($id), __FILE__, __LINE__); + SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins WHERE id=%s LIMIT 1", + array($id), __FILE__, __LINE__); // Purge cache CACHE_PURGE_ADMIN_MENU($id); @@ -395,5 +397,16 @@ function ADMINS_LIST_ADMIN_ACCOUNTS() { LOAD_TEMPLATE("admin_list_admins"); } +// Filter for adding extra data to the query +function FILTER_ADD_EXTRA_SQL_DATA ($ADD = "") { + // Is the admins extension updated? (should be!) + if (GET_EXT_VERSION("admins") >= "0.3") $ADD .= ", default_acl AS def_acl"; + if (GET_EXT_VERSION("admins") >= "0.6.7") $ADD .= ", la_mode"; + if (GET_EXT_VERSION("admins") >= "0.7.2") $ADD .= ", login_failures, UNIX_TIMESTAMP(last_failure) AS last_failure"; + + // Return it + return $ADD; +} + // ?>