X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=0c32844379b89018a2b34a4dc563cbaeacb4a81e;hp=6efa17c2590da99255656c04eb493f19ac4dd788;hb=7967841ac94cdcbd10b4d5c011a1e0a9982ec600;hpb=4d6226782aa4ba157dca8c3891412ba50159481f diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 6efa17c259..0c32844379 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -39,20 +39,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // -function REGISTER_ADMIN ($user, $md5) +function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER) { $ret = "failed"; $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($user), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 0) - { + if (SQL_NUMROWS($result) == 0) { // Ok, let's create the admin login - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')", - array($user, $md5), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')", + array($user, $md5, $email), __FILE__, __LINE__); $ret = "done"; - } - else - { + } else { // Free memory SQL_FREERESULT($result); @@ -64,37 +61,32 @@ function REGISTER_ADMIN ($user, $md5) // Only be executed on login procedure! function CHECK_ADMIN_LOGIN ($admin_login, $password) { - global $ADMINS, $CONFIG, $CACHE; + global $cacheArray, $_CONFIG, $cacheInstance; $ret = "404"; $pass = ""; - if (!empty($ADMINS['aid'][$admin_login])) - { + if (!empty($cacheArray['admins']['aid'][$admin_login])) { // Get password from cache - $pass = $ADMINS['password'][$admin_login]; + $pass = $cacheArray['admins']['password'][$admin_login]; $ret = "pass"; - $CONFIG['cache_hits']++; - } - else - { + $_CONFIG['cache_hits']++; + } else { // Get password from DB $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { $ret = "pass"; list($pass) = SQL_FETCHROW($result); SQL_FREERESULT($result); } } - //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."
"; - if ((strlen($pass) == 32) && ($pass == md5($password))) - { + //* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."
"; + if ((strlen($pass) == 32) && ($pass == md5($password))) { // Generate new hash $pass = generateHash($password); - if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done"; - } - elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) - { + + // Is the sql_patches not installed, than we cannot have a valid hashed password here! + if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done"; + } elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) { // Old hashing way return $ret; } @@ -104,133 +96,175 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) $salt = __SALT; // Check if password is same - if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) - { + //* DEBUG: */ echo "*".$ret.",".$pass.",".$password.",".$salt."*
\n"; + if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) { + // Change the passord hash here + $pass = generateHash($password); + // Update password $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", array($pass, $admin_login), __FILE__, __LINE__); // Shall I remove the cache file? - if ((EXT_IS_ACTIVE("cache")) && ($CACHE != false)) - { - if ($CACHE->cache_file("admins", true)) $CACHE->cache_destroy(); + if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) { + if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy(); } - // Password matches! - $ret = "done"; - } - elseif ((empty($salt)) && ($ret == "pass")) - { + // Login has failed by default... ;-) + $ret = "failed"; + + // Password matches so login here + if (LOGIN_ADMIN($admin_login, $pass)) { + // All done now + $ret = "done"; + } + } elseif ((empty($salt)) && ($ret == "pass")) { // Something bad went wrong $ret = "failed"; + } elseif ($ret == "done") { + // Try to login here if we have the old hashing way (sql_patches not installed?) + if (!LOGIN_ADMIN($admin_login, $pass)) { + // Something went wrong + $ret = "failed"; + } } + + // Return the result + //* DEBUG: */ die("RETURN=".$ret); return $ret; } + +// Try to login the admin by setting some session/cookie variables +function LOGIN_ADMIN ($adminLogin, $passHash) { + // Now set all session variables and return the result + return ( + ( + set_session("admin_md5", generatePassString($passHash)) + ) && ( + set_session("admin_login", $adminLogin) + ) && ( + set_session("admin_last", time()) + ) && ( + set_session("admin_to", $_POST['timeout']) + ) + ); +} + // Only be executed on cookie checking -function CHECK_ADMIN_COOKIES ($admin_login, $password) -{ - global $ADMINS, $CONFIG; +function CHECK_ADMIN_COOKIES ($admin_login, $password) { + global $cacheArray, $_CONFIG; $ret = "404"; $pass = ""; - if (!empty($ADMINS['aid'][$admin_login])) - { + if (!empty($cacheArray['admins']['aid'][$admin_login])) { // Get password from cache - $pass = $ADMINS['password'][$admin_login]; + $pass = $cacheArray['admins']['password'][$admin_login]; $ret = "pass"; - $CONFIG['cache_hits']++; - } - else - { + $_CONFIG['cache_hits']++; + } else { // Get password from DB $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { + // Entry found $ret = "pass"; + + // Fetch password list($pass) = SQL_FETCHROW($result); - SQL_FREERESULT($result); } + + // Free result + SQL_FREERESULT($result); } - //* DEBUG: */ echo "*".$pass."/".$password."
"; + //* DEBUG: */ echo __FUNCTION__.":".$pass."(".strlen($pass).")/".$password."(".strlen($password).")
\n"; // Check if password matches - if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password))) - { + if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) { // Passwords matches! $ret = "done"; } + + // Return result return $ret; } // -function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) -{ - $done = false; $seek++; $found = false; - if (file_exists($file)) - { +function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) { + // Initialize some variables + $done = false; + $seek++; + $found = false; + + // Is the file there and read-/write-able? + if ((FILE_READABLE($file)) && (is_writeable($file))) { $search = "CFG: ".$comment; $tmp = $file.".tmp"; - $fp = fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); - if ($fp) - { - $fp_tmp = fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); - if ($fp_tmp) - { - while (! feof($fp)) - { + + // Open the source file + $fp = @fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); + + // Is the resource valid? + if (is_resource($fp)) { + // Open temporary file + $fp_tmp = @fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); + + // Is the resource again valid? + if (is_resource($fp_tmp)) { + while (!feof($fp)) { + // Read from source file $line = fgets ($fp, 1024); + if (strpos($line, $search) > -1) { $next = 0; $found = true; } - if ($next > -1) - { - if ($next == $seek) - { + + if ($next > -1) { + if ($next == $seek) { $next = -1; $line = $prefix . $DATA . $suffix."\n"; - } - else - { + } else { $next++; } } + + // Write to temp file fputs($fp_tmp, $line); } + + // Close temp file fclose($fp_tmp); + // Finished writing tmp file $done = true; } + + // Close source file fclose($fp); - if (($done) && ($found)) - { + + if (($done) && ($found)) { // Copy back tmp file and delete tmp :-) @copy($tmp, $file); @unlink($tmp); - define ('_FATAL', false); - } - elseif (!$found) - { + define('_FATAL', false); + } elseif (!$found) { OUTPUT_HTML("CHANGE: 404!"); - define ('_FATAL', true); - } - else - { + define('_FATAL', true); + } else { OUTPUT_HTML("TMP: UNDONE!"); - define ('_FATAL', true); + define('_FATAL', true); } } - } - else - { - OUTPUT_HTML("404: ".$file."
"); + } else { + // File not found, not readable or writeable + OUTPUT_HTML("404: ".$file."
"); } } + // function ADMIN_DO_ACTION($wht) { - global $menuDesription, $menuTitle, $CONFIG, $EXTENSIONS, $link, $DATA; + global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $DATA, $DEPTH; //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*
\n"; if (EXT_IS_ACTIVE("cache")) { // Include cache instance - global $CACHE; + global $cacheInstance; } // Remove any spaces from variable @@ -249,8 +283,8 @@ function ADMIN_DO_ACTION($wht) $act = GET_ACTION($GLOBALS['module'], $wht); // Define admin login name and ID number - define('__ADMIN_LOGIN', SQL_ESCAPE($_COOKIE['admin_login'])); - define('__ADMIN_ID' , GET_ADMIN_ID($_COOKIE['admin_login'])); + define('__ADMIN_LOGIN', get_session('admin_login')); + define('__ADMIN_ID' , GET_ADMIN_ID(get_session('admin_login'))); // Preload templates if (EXT_IS_ACTIVE("admins")) { @@ -266,7 +300,7 @@ function ADMIN_DO_ACTION($wht) // Check if action/what pair is valid $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu -WHERE action='%s' AND ((what='%s' AND what != 'overview') OR (what='' AND '%s'='overview')) +WHERE action='%s' AND ((what='%s' AND what != 'overview') OR ((what='' OR what IS NULL) AND '%s'='overview')) LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { @@ -274,8 +308,8 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); SQL_FREERESULT($result); // Is valid but does the inlcude file exists? - $INC = sprintf(PATH."inc/modules/admin/action-%s.php", $act); - if ((file_exists($INC)) && (is_readable($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) + $INC = sprintf("%sinc/modules/admin/action-%s.php", PATH, $act); + if ((FILE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) { // Ok, we finally load the admin action module include($INC); @@ -304,7 +338,7 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); // function ADD_ADMIN_MENU($act, $wht,$return=false) { - global $_GET, $menuDesription, $menuTitle, $link; + global $menuDesription, $menuTitle; $SUB = false; // Menu descriptions @@ -312,7 +346,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $menuTitle = array(); // Build main menu - $result_main = SQL_QUERY("SELECT action, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE what='' ORDER BY sort, id DESC", __FILE__, __LINE__); + $result_main = SQL_QUERY("SELECT action, title, descr FROM "._MYSQL_PREFIX."_admin_menu WHERE (what='' OR what IS NULL) ORDER BY sort, id DESC", __FILE__, __LINE__); $OUT = ""; if (SQL_NUMROWS($result_main) > 0) { @@ -338,24 +372,24 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $menuDesription[$menu] = $descr; } $OUT .= " - -  · "; - if (($menu == $act) && (empty($wht))) + +  · "; + if (($menu == $act) && (empty($wht))) { $OUT .= ""; } else { - $OUT .= "[ "; + $OUT .= "["; } $OUT .= $title; - if (($menu == $act) && (empty($wht))) + if (($menu == $act) && (empty($wht))) { $OUT .= ""; } else { - $OUT .= " ]"; + $OUT .= "]"; } $OUT .= " \n"; @@ -366,13 +400,13 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $menuDesription = array(); $menuTitle = array(); $SUB = true; $OUT .= " -   - - \n"; - while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) + + + \n"; } $OUT .= "\n"; @@ -455,9 +489,8 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) } } // -function ADD_MEMBER_SELECTION_BOX($add_all = false, $return = false, $none = false, $def = "0") +function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $none=false) { - global $_GET; // Output selection form with all confirmed user accounts listed $result = SQL_QUERY("SELECT userid, surname, family FROM "._MYSQL_PREFIX."_user_data ORDER BY userid", __FILE__, __LINE__); $OUT = ""; @@ -478,42 +511,39 @@ function ADD_MEMBER_SELECTION_BOX($add_all = false, $return = false, $none = fal // Remeber options in constant define('_MEMBER_SELECTION', $OUT); - if (!$return) - { + if (!$return) { // Display selection box define('__LANG_VALUE', GET_LANGUAGE()); // Load template LOAD_TEMPLATE("admin_member_selection_box", false, $GLOBALS['what']); + } else { + // Return content + return "\n"; } } // -function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") -{ +function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") { $wht = "what != ''"; - if ($MODE == "action") $wht = "what='' AND action !='login'"; + if ($MODE == "action") $wht = "(what='' OR what IS NULL) AND action !='login'"; $result = SQL_QUERY_ESC("SELECT %s, title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$wht." ORDER BY sort", array($MODE), __FILE__, __LINE__); - if (SQL_NUMROWS($result) > 0) - { + if (SQL_NUMROWS($result) > 0) { // Load menu as selection $OUT = "\n"; - } - else - { + } else { // No menus??? $OUT = ADMIN_PROBLEM_NO_MENU; } @@ -521,41 +551,20 @@ function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") // Return output return $OUT; } -// -function ADMIN_SAVE_SETTINGS (&$POST, $TABLE="_config", $WHERE="config=0", $translateComma = array(), $alwaysAdd=false) -{ - global $CONFIG, $CFG_CACHE, $CACHE; +// Save settings to the database +function ADMIN_SAVE_SETTINGS (&$POST, $tableName="_config", $whereStatement="config=0", $translateComma=array(), $alwaysAdd=false) { + global $_CONFIG, $cacheArray, $cacheInstance; + + // Prepare all arrays, variables $DATA = array(); - $skip = false; $TEST2 = ""; - foreach ($POST as $id=>$val) { + $skip = false; + + // Now, walk through all entries and prepare them for saving + foreach ($POST as $id => $val) { // Process only formular field but not submit buttons ;) if ($id != "ok") { // Do not save the ok value - $TEST = substr($id, -3); - if ((($TEST == "_ye") || ($TEST == "_mo") || ($TEST == "_we") || ($TEST == "_da") || ($TEST == "_ho") || ($TEST == "_mi") || ($TEST == "_se")) && (isset($val))) { - // Found a multi-selection for timings? - $TEST = substr($id, 0, -3); - if ((isset($POST[$TEST."_ye"])) && (isset($POST[$TEST."_mo"])) && (isset($POST[$TEST."_we"])) && (isset($POST[$TEST."_da"])) && (isset($POST[$TEST."_ho"])) && (isset($POST[$TEST."_mi"])) && (isset($POST[$TEST."_se"])) && ($TEST != $TEST2)) { - // Generate timestamp - $POST[$TEST] = CREATE_TIMESTAMP_FROM_SELECTIONS($TEST, $POST); - $DATA[] = "$TEST='".$POST[$TEST]."'"; - - // Remove data from array - unset($POST[$TEST."_ye"]); - unset($POST[$TEST."_mo"]); - unset($POST[$TEST."_we"]); - unset($POST[$TEST."_da"]); - unset($POST[$TEST."_ho"]); - unset($POST[$TEST."_mi"]); - unset($POST[$TEST."_se"]); - - // Skip adding - unset($id); $skip = true; $TEST2 = $TEST; - } - } else { - // Process this entry - $skip = false; $TEST2 = ""; - } + CONVERT_SELECTIONS_TO_TIMESTAMP($POST, $DATA, $id, $skip); // Shall we process this ID? It muss not be empty, of course if ((!$skip) && (!empty($id))) { @@ -566,7 +575,7 @@ function ADMIN_SAVE_SETTINGS (&$POST, $TABLE="_config", $WHERE="config=0", $tran if ((is_array($translateComma)) && (in_array($id, $translateComma))) { // Then do it here... :) $val = str_replace(",", ".", $val); - } + } // END - if // Shall we add numbers or strings? $test = (float)$val; @@ -579,27 +588,27 @@ function ADMIN_SAVE_SETTINGS (&$POST, $TABLE="_config", $WHERE="config=0", $tran } // Update current configuration - $CONFIG[$id] = $val; - } - } - } + $_CONFIG[$id] = $val; + } // END - if + } // END - if + } // END - foreach // Check if entry does exist $result = false; if (!$alwaysAdd) { - if (!empty($WHERE)) { - $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$TABLE." WHERE ".$WHERE." LIMIT 1", __FILE__, __LINE__); + if (!empty($whereStatement)) { + $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$tableName." WHERE ".$whereStatement." LIMIT 1", __FILE__, __LINE__); } else { - $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$TABLE." LIMIT 1", __FILE__, __LINE__); + $result = SQL_QUERY("SELECT * FROM "._MYSQL_PREFIX.$tableName." LIMIT 1", __FILE__, __LINE__); } - } + } // END - if if (SQL_NUMROWS($result) == 1) { // "Implode" all data to single string $DATA_UPDATE = implode(", ", $DATA); // Generate SQL string - $SQL = "UPDATE "._MYSQL_PREFIX.$TABLE." SET ".$DATA_UPDATE." WHERE ".$WHERE." LIMIT 1"; + $SQL = "UPDATE "._MYSQL_PREFIX.$tableName." SET ".$DATA_UPDATE." WHERE ".$whereStatement." LIMIT 1"; } else { // Add Line (does only work with auto_increment! $KEYs = array(); $VALUEs = array(); @@ -607,14 +616,14 @@ function ADMIN_SAVE_SETTINGS (&$POST, $TABLE="_config", $WHERE="config=0", $tran // Split up $line = explode("=", $entry); $KEYs[] = $line[0]; $VALUEs[] = $line[1]; - } + } // END - foreach // Add both in one line $KEYs = implode(", ", $KEYs); $VALUEs = implode(", ", $VALUEs); // Generate SQL string - $SQL = "INSERT INTO "._MYSQL_PREFIX.$TABLE." (".$KEYs.") VALUES(".$VALUEs.")"; + $SQL = "INSERT INTO "._MYSQL_PREFIX.$tableName." (".$KEYs.") VALUES(".$VALUEs.")"; } // Free memory @@ -624,80 +633,82 @@ function ADMIN_SAVE_SETTINGS (&$POST, $TABLE="_config", $WHERE="config=0", $tran $result = SQL_QUERY($SQL, __FILE__, __LINE__); // Is the config table updated and the cache extension installed? - if ((GET_EXT_VERSION("cache") >= "0.1.2") && ($TABLE == "_config")) { + if ((GET_EXT_VERSION("cache") >= "0.1.2") && ($tableName == "_config")) { // Remove it here... - if ($CACHE->cache_file("config", true)) $CACHE->cache_destroy(); - unset($CFG_CACHE); - } + if ($cacheInstance->cache_file("config", true)) $cacheInstance->cache_destroy(); + unset($cacheArray); + } // END - if // Settings saved LOAD_TEMPLATE("admin_settings_saved", false, "".SETTINGS_SAVED.""); } // function ADMIN_MAKE_MENU_SELECTION($menu, $type, $name, $default="") { + // Open the requested menu directory + $handle = opendir(sprintf("%sinc/modules/%s/", PATH, $menu)) or mxchange_die("Cannot load menu ".$menu."!"); + // Init the selection box $OUT = "\n"; return $OUT; } // -function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user") -{ - if (($title == "") && ($title != "0")) { $title = $uid; } - if (($title == "0") && ($wht == "list_refs")) - { +function ADMIN_USER_PROFILE_LINK($uid, $title="", $wht="list_user") { + if (($title == "") && ($title != "0")) { + // Set userid as title + $title = $uid; + } // END - if + + if (($title == "0") && ($wht == "list_refs")) { // Return title again return $title; - } + } // END - if - //* DEBUG: */ echo "A:".$title."
"; + //* DEBUG: */ echo "A:".$title."
"; // Return link return "".$title.""; } // -function ADMIN_CHECK_MENU_MODE() -{ - global $CONFIG, $ADMINS, $_COOKIE; +function ADMIN_CHECK_MENU_MODE() { + global $_CONFIG, $cacheArray; // Set the global mode as the mode for all admins - $MODE = $CONFIG['admin_menu']; $ADMIN = $MODE; + $MODE = $_CONFIG['admin_menu']; $ADMIN = $MODE; // Check individual settings of current admin - if (isset($ADMINS['la_mode'][$_COOKIE['admin_login']])) - { + if (isset($cacheArray['admins']['la_mode'][get_session('admin_login')])) { // Load from cache - $ADMIN = $ADMINS['la_mode'][$_COOKIE['admin_login']]; - $CONFIG['cache_hits']++; - } - elseif (GET_EXT_VERSION("admins") >= "0.6.7") - { + $ADMIN = $cacheArray['admins']['la_mode'][get_session('admin_login')]; + $_CONFIG['cache_hits']++; + } elseif (GET_EXT_VERSION("admins") >= "0.6.7") { // Load from database when version of "admins" is enough $result = SQL_QUERY_ESC("SELECT la_mode FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", - array($_COOKIE['admin_login']), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + array(get_session('admin_login')), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { // Load data list($ADMIN) = SQL_FETCHROW($result); } @@ -714,8 +725,8 @@ function ADMIN_CHECK_MENU_MODE() } // Change activation status function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { - global $CONFIG; - $cnt = 0; $newStatus = 'Y'; + global $_CONFIG; + $cnt = 0; $newStatus = "Y"; if ((is_array($IDs)) && (count($IDs) > 0)) { // "Walk" all through and count them foreach ($IDs as $id=>$selected) { @@ -725,17 +736,17 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { // Should always be 1 ;-) if ($selected == 1) { // Determine new status - $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%d LIMIT 1", + $result = SQL_QUERY_ESC("SELECT %s FROM "._MYSQL_PREFIX."_%s WHERE %s=%s LIMIT 1", array($row, $table, $idRow, $id), __FILE__, __LINE__); // Row found? if (SQL_NUMROWS($result) == 1) { // Load the status list($currStatus) = SQL_FETCHROW($result); - if ($currStatus == 'Y') $newStatus='N'; else $newStatus = 'Y'; + if ($currStatus == "Y") $newStatus='N'; else $newStatus = "Y"; // Change this status - SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%d LIMIT 1", + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_%s SET %s='%s' WHERE %s=%s LIMIT 1", array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__); // Count up affected rows @@ -754,57 +765,221 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_NOTHING_SELECTED_CHANGE); } } -// Delete rows by given ID numbers -function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $row, $columns = array(), $filterFunctions = array(), $deleteNow=false, $idRow="id") { - global $CONFIG; +// Build a special template list +function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn) { + global $_CONFIG; $OUT = ""; $SW = 2; - if ((is_array($IDs)) && (count($IDs) > 0)) { - // "Walk" through all entries and count them + + // "Walk" through all entries + foreach ($IDs as $id => $selected) { + // Secure ID number + $id = bigintval($id); + + // Will always be 1 ;-) + if ($selected == 1) { + // Get result from a given column array and table name + $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id); + + // Is there one entry? + if (SQL_NUMROWS($result) == 1) { + // Load all data + $content = SQL_FETCHARRAY($result); + + // Filter all data + foreach ($content as $key=>$value) { + // Search index + $idx = array_search($key, $columns, true); + + // Handle the call in external function + $content[$key] = HANDLE_EXTRA_VALUES($filterFunctions[$idx], $value, $extraValues[$idx]); + } // END - foreach + + // Add color switching + $content['sw'] = $SW; + + // Then list it again... + $OUT .= LOAD_TEMPLATE("admin_".$listType."_".$table."_row", true, $content); + $SW = 3 - $SW; + } + + // Free the result + SQL_FREERESULT($result); + } + } + + // Load master template + LOAD_TEMPLATE("admin_".$listType."_".$table."", false, $OUT); +} +// Delete rows by given ID numbers +function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $deleteNow=false, $idColumn="id", $userIdColumn="userid") { + // All valid entries? (We hope so here!) + if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + // Shall we delete here or list for deletion? if ($deleteNow) { // Delete them + $SQL = "DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_%s WHERE %s IN (%s)"; + $idList = ""; + foreach ($IDs as $id => $sel) { + $idList .= $id.","; + } // END - if + + // Run the query + SQL_QUERY($SQL, array($table, $idColumn, substr($idList, 0, -1)), __FILE__, __LINE__); + + // Was this fine? + if (SQL_AFFECTEDROWS() == count($IDs)) { + // All deleted + LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ALL_ENTRIES_REMOVED); + } else { + // Some are still there :( + LOAD_TEMPLATE("admin_settings_saved", false, sprintf(ADMIN_SOME_ENTRIES_NOT_DELETED, SQL_AFFECTEDROWS(), count($IDs))); + } } else { - // List for confirmation - foreach ($IDs as $id=>$selected) { - // Secure ID number - $id = bigintval($id); - - // Will always be 1 ;-) - if ($selected == 1) { - // Get result from a given column array and table name - $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idRow, $id); - - // Is there one entry? - if (SQL_NUMROWS($result) == 1) { - // Load all data - $content = SQL_FETCHARRAY($result); - - // Filter all data - foreach ($content as $key=>$value) { - // Is a filter function set? - $idx = array_search($key, $columns, true); - if (!empty($filterFunctions[$idx])) { - // Then call it! - $content[$key] = call_user_func($filterFunctions[$idx], $value); - } - } + // List for deletion confirmation + ADMIN_BUILD_LIST("del", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + } + } // END - if +} +// Edit rows by given ID numbers +function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $editNow=false, $idColumn="id", $userIdColumn="userid") { + // All valid entries? (We hope so here!) + if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + // Shall we change here or list for editing? + if ($editNow) { + // Change them + die("EDIT!"); + } else { + // List for editing + ADMIN_BUILD_LIST("edit", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + } + } // END - if +} +// Checks proxy settins by fetching check-updates3.php from www.mxchange.org +function ADMIN_TEST_PROXY_SETTINGS ($settingsArray) { + global $_CONFIG; - // Add color switching - $content['sw'] = $SW; + // By default they are invalid + $valid = false; - // Then list it again... - $OUT .= LOAD_TEMPLATE("admin_del_".$table."_row", true, $content); - $SW = 3 - $SW; - } + // Set temporary the new settings + $_CONFIG = array_merge($_CONFIG, $settingsArray); - // Free the result - SQL_FREERESULT($result); - } - } + // Now get the test URL + $content = GET_URL("check-updates3.php"); - // Load master template - LOAD_TEMPLATE("admin_del_".$table."", false, $OUT); - } + // Is the first line with "200 OK"? + $valid = eregi("200 OK", $content[0]); + + // Return result + return $valid; +} +// Sends out a link to the given email adress so the admin can reset his/her password +function ADMIN_SEND_PASSWORD_RESET_LINK ($email) { + global $_CONFIG; + // Init output + $OUT = ""; + + // Compile out security characters (must be for looking up!) + $email = COMPILE_CODE($email); + + // Look up administator login + $result = SQL_QUERY_ESC("SELECT id, login, password FROM "._MYSQL_PREFIX."_admins WHERE email='%s' LIMIT 1", + array($email), __FILE__, __LINE__); + + // Is there an account? + if (SQL_NUMROWS($result) == 0) { + // No account found! + return ADMIN_NO_LOGIN_WITH_EMAIL; + } // END - if + + // Load all data + $content = SQL_FETCHARRAY($result); + + // Free result + SQL_FREERESULT($result); + + // Generate hash for reset link + $content['hash'] = generateHash(URL.":".$content['id'].":".$content['login'].":".$content['password'], substr($content['password'], 10)); + + // Remove some data + unset($content['id']); + unset($content['password']); + + // Prepare email + $mailText = LOAD_EMAIL_TEMPLATE("admin_reset_password", $content); + + // Send it out + SEND_EMAIL($email, ADMIN_RESET_PASS_LINK_SUBJ, $mailText); + + // Prepare output + return ADMIN_RESET_LINK_SENT; +} +// Validate hash and login for password reset +function ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN ($hash, $login) { + // By default nothing validates... ;) + $valid = false; + + // Compile the login for lookup + $login = COMPILE_CODE($login); + + // Then try to find that user + $result = SQL_QUERY_ESC("SELECT id, password, email FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", + array($login), __FILE__, __LINE__); + + // Is an account here? + if (SQL_NUMROWS($result) == 1) { + // Load all data + $content = SQL_FETCHARRAY($result); + + // Generate hash again + $hashFromData = generateHash(URL.":".$content['id'].":".$login.":".$content['password'], substr($content['password'], 10)); + + // Does both match? + $valid = ($hash == $hashFromData); + } // END - if + + // Free result + SQL_FREERESULT($result); + + // Return result + return $valid; +} +// Reset the password for the login. Do NOT call this function without calling above function first! +function ADMIN_RESET_PASSWORD ($login, $password) { + // Init hash + $passHash = ""; + + // Now check if we have sql_patches installed + if (GET_EXT_VERSION("sql_patches") >= "0.3.6") { + // Use new way of hashing + $passHash = generateHash($password); + } else { + // Old MD5 method + $passHash = md5($password); } + + // Update database + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", + array($passHash, $login), __FILE__, __LINE__); + + // Return output + return ADMIN_PASSWORD_RESET_DONE; +} +// Solves a task by given id number +function ADMIN_SOLVE_TASK ($id) { + // Update the task data + ADMIN_UPDATE_TASK_DATA($id, "status", "SOLVED"); +} +// Marks a given task as deleted +function ADMIN_DELETE_TASK ($id) { + // Update the task data + ADMIN_UPDATE_TASK_DATA($id, "status", "DELETED"); +} +// Function to update task data +function ADMIN_UPDATE_TASK_DATA ($id, $row, $data) { + // Update the task + SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_task_system SET %s='%s' WHERE id=%s LIMIT 1", + array($row, $data, bigintval($id)), __FILE__, __LINE__); } // ?>
  + \n"; + while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) { // Filename - $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $wht_sub); + $INC = sprintf("%sinc/modules/admin/what-%s.php", PATH, $wht_sub); if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) { $ACL = ADMINS_CHECK_ACL("", $wht_sub); @@ -382,15 +416,15 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) // ACL is "allow"... hmmm $ACL = true; } - $readable = ((file_exists($INC)) && (is_readable($INC))); + $readable = FILE_READABLE($INC); if ($ACL) { // Insert compiled title and description $menuTitle[$wht_sub] = $title_what; $menuDesription[$wht_sub] = $desc_what; $OUT .= " -
-  --> "; + +  --> "; if ($readable) { if ($wht == $wht_sub) @@ -399,7 +433,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) } else { - $OUT .= "[ "; + $OUT .= "["; } } else @@ -415,7 +449,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) } else { - $OUT .= " ]"; + $OUT .= "]"; } } else @@ -430,7 +464,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) // Free memory SQL_FREERESULT($result_what); $OUT .= "
-