X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=288510d631cd95a701c338fb6a2a3765ebc7ea51;hp=e7b1acb6195185bad6baabc8fb6e00b097cabaea;hb=d22205247313f4b67db5c9aa3aac07cd9d073bce;hpb=59bd8a9805c51c895a92cc12825f4cbdfd792597 diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index e7b1acb619..288510d631 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -44,13 +44,13 @@ function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER) { // Lookup the user $result = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admins` WHERE login='%s' LIMIT 1", - array($user), __FILE__, __LINE__); + array($user), __FUNCTION__, __LINE__); // Is the entry there? if (SQL_NUMROWS($result) == 0) { // Ok, let's create the admin login SQL_QUERY_ESC("INSERT INTO `{!_MYSQL_PREFIX!}_admins` (login, password, email) VALUES ('%s', '%s', '%s')", - array($user, $md5, $email), __FILE__, __LINE__); + array($user, $md5, $email), __FUNCTION__, __LINE__); $ret = "done"; } // END - if @@ -90,7 +90,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { // Get password from DB $result = SQL_QUERY_ESC("SELECT password".$ADD." FROM `{!_MYSQL_PREFIX!}_admins` WHERE id=%s LIMIT 1", - array($aid), __FILE__, __LINE__); + array($aid), __FUNCTION__, __LINE__); // Entry found? if (SQL_NUMROWS($result) == 1) { @@ -139,11 +139,11 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { // Update password and reset login failures SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET password='%s',login_failures=0,last_failure='0000-00-00 00:00:00' WHERE id=%s LIMIT 1", - array($data['password'], $aid), __FILE__, __LINE__); + array($data['password'], $aid), __FUNCTION__, __LINE__); } else { // Update password SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET password='%s' WHERE id=%s LIMIT 1", - array($data['password'], $aid), __FILE__, __LINE__); + array($data['password'], $aid), __FUNCTION__, __LINE__); } // Rebuild cache @@ -172,7 +172,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { if (($ret == "pass") && (GET_EXT_VERSION("admins") >= "0.7.0")) { // Update counter SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET login_failures=login_failures+1,last_failure=NOW() WHERE id=%s LIMIT 1", - array($aid), __FILE__, __LINE__); + array($aid), __FUNCTION__, __LINE__); // Rebuild cache REBUILD_CACHE("admins", "admin"); @@ -189,7 +189,7 @@ function LOGIN_ADMIN ($adminLogin, $passHash) { if ((GET_EXT_VERSION("admins") >= "0.7.0") && ((EXT_VERSION_IS_OLDER("sql_patches", "0.3.6")) || (GET_EXT_VERSION("sql_patches") == ""))) { // Reset counter on out-dated sql_patches version SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET login_failures=0,last_failure='0000-00-00 00:00:00' WHERE login='%s' LIMIT 1", - array($adminLogin), __FILE__, __LINE__); + array($adminLogin), __FUNCTION__, __LINE__); // Rebuild cache REBUILD_CACHE("admins", "admin"); @@ -204,7 +204,7 @@ function LOGIN_ADMIN ($adminLogin, $passHash) { ) && ( set_session('admin_last', time()) ) && ( - set_session('admin_to', bigintval($_POST['timeout'])) + set_session('admin_to', bigintval(REQUEST_POST('timeout'))) ) ); } @@ -231,8 +231,8 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { } // -function ADMIN_DO_ACTION($wht) { - global $menuDesription, $menuTitle, $DATA; +function ADMIN_DO_ACTION ($wht) { + global $DATA; //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*
\n"; // Remove any spaces from variable @@ -266,27 +266,26 @@ function ADMIN_DO_ACTION($wht) { // Check if action/what pair is valid $result_action = SQL_QUERY_ESC("SELECT id FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND ((what='%s' AND what != 'overview') OR ((what='' OR `what` IS NULL) AND '%s'='overview')) -LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); +LIMIT 1", array($act, $wht, $wht), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result_action) == 1) { - // Is valid but does the inlcude file exists? $INC = sprintf("inc/modules/admin/action-%s.php", $act); - if ((INCLUDE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) { + if ((INCLUDE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && ($GLOBALS['acl_allow'] === true)) { // Ok, we finally load the admin action module LOAD_INC($INC); - } elseif (__ACL_ALLOW == false) { + } elseif ($GLOBALS['acl_allow'] === false) { // Access denied LOAD_TEMPLATE("admin_menu_failed", false, getMessage('ADMIN_ACCESS_DENIED')); - addFatalMessage(getMessage('ADMIN_ACCESS_DENIED')); + addFatalMessage(__FUNCTION__, __LINE__, getMessage('ADMIN_ACCESS_DENIED')); } else { // Include file not found! :-( LOAD_TEMPLATE("admin_menu_failed", false, sprintf(getMessage('ADMIN_ACTION_404'), $act)); - addFatalMessage(getMessage('ADMIN_ACTION_404'), $act); + addFatalMessage(__FUNCTION__, __LINE__, getMessage('ADMIN_ACTION_404'), $act); } } else { // Invalid action/what pair found! LOAD_TEMPLATE("admin_menu_failed", false, sprintf(getMessage('ADMIN_ACTION_INVALID'), $act."/".$wht)); - addFatalMessage(getMessage('ADMIN_ACTION_INVALID'), $act."/".$wht); + addFatalMessage(__FUNCTION__, __LINE__, getMessage('ADMIN_ACTION_INVALID'), $act."/".$wht); } // Free memory @@ -297,18 +296,16 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__); } // function ADD_ADMIN_MENU($act, $wht, $return=false) { - global $menuDesription, $menuTitle; - // Init variables $SUB = false; $OUT = ""; // Menu descriptions - $menuDesription = array(); - $menuTitle = array(); + $GLOBALS['menu']['description'] = array(); + $GLOBALS['menu']['title'] = array(); // Is there a cache instance? - if ((is_object($GLOBALS['cache_instance'])) && (getConfig('cache_admin_menu') == "Y")) { + if ((isset($GLOBALS['cache_instance'])) && (is_object($GLOBALS['cache_instance'])) && (getConfig('cache_admin_menu') == "Y")) { // Create cache name $cacheName = "admin_".$act."_".$wht."_".GET_LANGUAGE()."_".strtolower(get_session('admin_login')); @@ -319,8 +316,8 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { // Extract all parts $OUT = base64_decode($data['output'][0]); - $menuTitle = unserialize(base64_decode($data['title'][0])); - $menuDescription = unserialize(base64_decode($data['descr'][0])); + $GLOBALS['menu']['title'] = unserialize(base64_decode($data['title'][0])); + $GLOBALS['menu']['description'] = unserialize(base64_decode($data['descr'][0])); // Return or output content? if ($return) { @@ -332,7 +329,7 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { } // END - if // Build main menu - $result_main = SQL_QUERY("SELECT action, title, descr FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) ORDER BY `sort`, id DESC", __FILE__, __LINE__); + $result_main = SQL_QUERY("SELECT action, title, descr FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE (what='' OR `what` IS NULL) ORDER BY `sort`, id DESC", __FUNCTION__, __LINE__); if (SQL_NUMROWS($result_main) > 0) { $OUT = "\n"; @@ -347,8 +344,8 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { if ($ACL === true) { if (!$SUB) { // Insert compiled menu title and description - $menuTitle[$menu] = $title; - $menuDesription[$menu] = $descr; + $GLOBALS['menu']['title'][$menu] = $title; + $GLOBALS['menu']['description'][$menu] = $descr; } $OUT .= "\n"; $result_what = SQL_QUERY_ESC("SELECT what, title, descr FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ORDER BY `sort`, id DESC", - array($menu), __FILE__, __LINE__); + array($menu), __FUNCTION__, __LINE__); if ((SQL_NUMROWS($result_what) > 0) && ($act == $menu)) { - $menuDesription = array(); - $menuTitle = array(); $SUB = true; + $GLOBALS['menu']['description'] = array(); + $GLOBALS['menu']['title'] = array(); $SUB = true; $OUT .= "
 
@@ -373,11 +370,11 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { $OUT .= "
  @@ -394,8 +391,8 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { $readable = INCLUDE_READABLE($INC); if ($ACL === true) { // Insert compiled title and description - $menuTitle[$wht_sub] = $title_what; - $menuDesription[$wht_sub] = $desc_what; + $GLOBALS['menu']['title'][$wht_sub] = $title_what; + $GLOBALS['menu']['description'][$wht_sub] = $desc_what; $OUT .= "
 --> "; @@ -452,19 +449,20 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { // Compile and run the code here. This inserts all constants into the // HTML output. Costs me some time to figure this out... *sigh* Quix0r - $eval = "\$OUT = \"".COMPILE_CODE(SQL_ESCAPE($OUT))."\";"; + // @TODO Is this eval longer needed? + $eval = "\$OUT = \"".COMPILE_CODE(smartAddSlashes($OUT))."\";"; eval($eval); // Is there a cache instance again? - if ((is_object($GLOBALS['cache_instance'])) && (getConfig('cache_admin_menu') == "Y")) { + if ((isset($GLOBALS['cache_instance'])) && (is_object($GLOBALS['cache_instance'])) && (getConfig('cache_admin_menu') == "Y")) { // Init cache $GLOBALS['cache_instance']->init($cacheName); // Prepare cache data $data = array( 'output' => base64_encode($OUT), - 'title' => $menuTitle, - 'descr' => $menuDesription + 'title' => $GLOBALS['menu']['title'], + 'descr' => $GLOBALS['menu']['description'] ); // Write the data away @@ -485,7 +483,7 @@ function ADD_ADMIN_MENU($act, $wht, $return=false) { function ADD_MEMBER_SELECTION_BOX ($def="0", $add_all=false, $return=false, $none=false, $field="userid") { // Output selection form with all confirmed user accounts listed - $result = SQL_QUERY("SELECT userid, surname, family FROM `{!_MYSQL_PREFIX!}_user_data` ORDER BY userid", __FILE__, __LINE__); + $result = SQL_QUERY("SELECT userid, surname, family FROM `{!_MYSQL_PREFIX!}_user_data` ORDER BY userid", __FUNCTION__, __LINE__); $OUT = ""; // USe this only for adding points (e.g. adding refs really makes no sence ;-) ) @@ -520,7 +518,7 @@ function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") { $wht = "`what` != ''"; if ($MODE == "action") $wht = "(what='' OR `what` IS NULL) AND action !='login'"; $result = SQL_QUERY_ESC("SELECT %s, title FROM `{!_MYSQL_PREFIX!}_admin_menu` WHERE ".$wht." ORDER BY `sort`", - array($MODE), __FILE__, __LINE__); + array($MODE), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result) > 0) { // Load menu as selection $OUT = "\n \n"; // Walk through all files while ($file = readdir($handle)) { @@ -691,7 +698,7 @@ function ADMIN_USER_PROFILE_LINK ($uid, $title="", $wht="list_user") { //* DEBUG: */ echo "a:".$title."
"; // Return link - return "".$title.""; + return "".$title.""; } // Check "logical-area-mode" @@ -711,7 +718,7 @@ function ADMIN_CHECK_MENU_MODE () { } elseif (GET_EXT_VERSION("admins") >= "0.6.7") { // Load from database when version of "admins" is enough $result = SQL_QUERY_ESC("SELECT la_mode FROM `{!_MYSQL_PREFIX!}_admins` WHERE id=%s LIMIT 1", - array($aid), __FILE__, __LINE__); + array($aid), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load data list($ADMIN) = SQL_FETCHROW($result); @@ -741,7 +748,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { if (!empty($selected)) { // Determine new status $result = SQL_QUERY_ESC("SELECT %s FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", - array($row, $table, $idRow, $id), __FILE__, __LINE__); + array($row, $table, $idRow, $id), __FUNCTION__, __LINE__); // Row found? if (SQL_NUMROWS($result) == 1) { @@ -753,7 +760,7 @@ function ADMIN_CHANGE_ACTIVATION_STATUS ($IDs, $table, $row, $idRow = "id") { // Change this status SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_%s` SET %s='%s' WHERE %s=%s LIMIT 1", - array($table, $row, $newStatus, $idRow, $id), __FILE__, __LINE__); + array($table, $row, $newStatus, $idRow, $id), __FUNCTION__, __LINE__); // Count up affected rows $cnt += SQL_AFFECTEDROWS(); @@ -784,7 +791,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="") } // END - if // Is the raw userid set? - if ($_POST['uid_raw'][$id] > 0) { + if (REQUEST_POST('uid_raw', $id) > 0) { // Generate subject $subjectLine = constant('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT'); @@ -796,7 +803,7 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="") } // Send email out - SEND_EMAIL($_POST['uid_raw'][$id], $subjectLine, $mail); + SEND_EMAIL(REQUEST_POST('uid_raw', $id), $subjectLine, $mail); } // END - if // Generate subject @@ -804,9 +811,9 @@ function ADMIN_SEND_BUILD_MAILS ($mode, $table, $content, $id, $subjectPart="") // Send admin notification out if (!empty($subjectPart)) { - SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, $_POST['uid_raw'][$id]); + SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".strtolower($subjectPart)."_".$table, $content, REQUEST_POST('uid_raw', $id)); } else { - SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, $_POST['uid_raw'][$id]); + SEND_ADMIN_NOTIFICATION($subjectLine, "admin_".$mode."_".$table, $content, REQUEST_POST('uid_raw', $id)); } } @@ -820,7 +827,7 @@ function ADMIN_BUILD_LIST ($listType, $IDs, $table, $columns, $filterFunctions, $id = bigintval($id); // Get result from a given column array and table name - $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id, __FILE__, __LINE__); + $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id, __FUNCTION__, __LINE__); // Is there one entry? if (SQL_NUMROWS($result) == 1) { @@ -881,7 +888,7 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct // Load data of entry $result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", - array($table, $idColumn, $id), __FILE__, __LINE__); + array($table, $idColumn, $id), __FUNCTION__, __LINE__); // Fetch the data $content = SQL_FETCHARRAY($result); @@ -913,7 +920,7 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct } // END - foreach // Add other columns as well - foreach ($_POST as $key => $entries) { + foreach (REQUEST_POST_ARRAY() as $key => $entries) { // Skip id, raw userid and 'do_$mode' if (!in_array($key, array($idColumn, 'uid_raw', ('do_'.$mode)))) { // Are there brackets () at the end? @@ -939,7 +946,7 @@ function ADMIN_BUILD_STATUS_HANDLER ($mode, $IDs, $table, $columns, $filterFunct ); // Run the SQL - SQL_QUERY($SQL, __FILE__, __LINE__); + SQL_QUERY($SQL, __FUNCTION__, __LINE__); // Do we have an URL? if (isset($content['url'])) { @@ -966,10 +973,10 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu $idList = ""; foreach ($IDs as $id => $sel) { // Is there a userid? - if (isset($_POST['uid_raw'][$id])) { + if (REQUEST_ISSET_POST('uid_raw', $id)) { // Load all data from that id $result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", - array($table, $idColumn, $id), __FILE__, __LINE__); + array($table, $idColumn, $id), __FUNCTION__, __LINE__); // Fetch the data $content = SQL_FETCHARRAY($result); @@ -986,7 +993,7 @@ function ADMIN_DELETE_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFu } // END - foreach // Run the query - SQL_QUERY($SQL, array($table, $idColumn, substr($idList, 0, -1)), __FILE__, __LINE__); + SQL_QUERY($SQL, array($table, $idColumn, substr($idList, 0, -1)), __FUNCTION__, __LINE__); // Was this fine? if (SQL_AFFECTEDROWS() == count($IDs)) { @@ -1019,7 +1026,7 @@ function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc $SQL = sprintf("UPDATE `{!_MYSQL_PREFIX!}_ SET", SQL_ESCAPE($table) ); - foreach ($_POST as $key => $entries) { + foreach (REQUEST_POST_ARRAY() as $key => $entries) { // Skip raw userid which is always invalid if ($key == "uid_raw") { // Continue with next field @@ -1058,14 +1065,14 @@ function ADMIN_EDIT_ENTRIES_CONFIRM ($IDs, $table, $columns=array(), $filterFunc $SQL = substr($SQL, 0, -1) . " WHERE ".$idColumn."=".bigintval($id)." LIMIT 1"; // Run this query - SQL_QUERY($SQL, __FILE__, __LINE__); + SQL_QUERY($SQL, __FUNCTION__, __LINE__); // Add affected rows $affected += SQL_AFFECTEDROWS(); // Load all data from that id $result = SQL_QUERY_ESC("SELECT * FROM `{!_MYSQL_PREFIX!}_%s` WHERE %s=%s LIMIT 1", - array($table, $idColumn, $id), __FILE__, __LINE__); + array($table, $idColumn, $id), __FUNCTION__, __LINE__); // Fetch the data global $DATA; @@ -1148,7 +1155,7 @@ function ADMIN_SEND_PASSWORD_RESET_LINK ($email) { // Look up administator login $result = SQL_QUERY_ESC("SELECT id, login, password FROM `{!_MYSQL_PREFIX!}_admins` WHERE email='%s' LIMIT 1", - array($email), __FILE__, __LINE__); + array($email), __FUNCTION__, __LINE__); // Is there an account? if (SQL_NUMROWS($result) == 0) { @@ -1189,7 +1196,7 @@ function ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN ($hash, $login) { // Then try to find that user $result = SQL_QUERY_ESC("SELECT id, password, email FROM `{!_MYSQL_PREFIX!}_admins` WHERE login='%s' LIMIT 1", - array($login), __FILE__, __LINE__); + array($login), __FUNCTION__, __LINE__); // Is an account here? if (SQL_NUMROWS($result) == 1) { @@ -1225,7 +1232,7 @@ function ADMIN_RESET_PASSWORD ($login, $password) { // Update database SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_admins` SET password='%s' WHERE login='%s' LIMIT 1", - array($passHash, $login), __FILE__, __LINE__); + array($passHash, $login), __FUNCTION__, __LINE__); // Run filters RUN_FILTER('post_admin_reset_pass', array('login' => $login, 'hash' => $passHash)); @@ -1247,7 +1254,7 @@ function ADMIN_DELETE_TASK ($id) { function ADMIN_UPDATE_TASK_DATA ($id, $row, $data) { // Update the task SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_task_system` SET %s='%s' WHERE id=%s LIMIT 1", - array($row, $data, bigintval($id)), __FILE__, __LINE__); + array($row, $data, bigintval($id)), __FUNCTION__, __LINE__); } // ?>