X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=28dc8a33f192bbf8fcb2f2eb511ad111df8600e3;hp=ffdab4e9b2be7d23068c1312fe87fe32158bc6c4;hb=a6f5926aeaf7917cb4bca3d29ffd0e8e6290fb4e;hpb=8268379f7f0f38f5cd605714ecd5cbfacff0e282 diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index ffdab4e9b2..28dc8a33f1 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -1,7 +1,7 @@ "); + //* DEBUG: */ outputHtml('*' . $data['password'] . '/' . md5($password) .'/' . $ret . '*
'); if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) { // Generate new hash $data['password'] = generateHash($password); // Is the sql_patches not installed, than we cannot have a valid hashed password here! + //* DEBUG: */ outputHtml($ret . ',' . intval(isExtensionInstalledAndOlder('sql_patches', '0.3.6')) . '/' . intval(!isExtensionInstalled('sql_patches')).'
'); if (($ret == 'pass') && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) $ret = 'done'; } elseif ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches'))) { // Old hashing way @@ -133,8 +136,8 @@ function ifAdminLoginDataIsValid ($admin, $password) { $salt = substr($data['password'], 0, -40); // Check if password is same - //* DEBUG: */ outputHtml("*".$ret.','.$data['password'].','.$password.','.$salt."*
"); - if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) { + //* DEBUG: */ outputHtml('*' . $ret . ',' . $data['password'] . ',' . $password . ',' . $salt . '*
'); + if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == md5($password))) { // Re-hash the plain passord with new random salt $data['password'] = generateHash($password); @@ -194,7 +197,7 @@ function ifAdminLoginDataIsValid ($admin, $password) { // Try to login the admin by setting some session/cookie variables function doAdminLogin ($adminLogin, $passHash) { // Reset failure counter on matching admins version - if ((isExtensionInstalledAndNewer('admins', '0.7.0')) && ((isExtensionOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) { + if ((isExtensionInstalledAndNewer('admins', '0.7.0')) && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) { // Reset counter on out-dated sql_patches version SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login_failures`=0, `last_failure`='0000-00-00 00:00:00' WHERE `login`='%s' LIMIT 1", array($adminLogin), __FUNCTION__, __LINE__); @@ -205,13 +208,11 @@ function doAdminLogin ($adminLogin, $passHash) { // Now set all session variables and return the result return (( - setSession('admin_md5', generatePassString($passHash)) + setSession('admin_md5', generatePassString(generateHash($passHash, '', false))) ) && ( setSession('admin_login', $adminLogin) ) && ( setSession('admin_last', time()) - ) && ( - setSession('admin_to', bigintval(postRequestElement('timeout'))) )); } @@ -225,10 +226,10 @@ function ifAdminCookiesAreValid ($admin, $password) { $pass = getAdminHash($admin); if ($pass != '-1') $ret = 'pass'; - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).")
"); + //* DEBUG: */ outputHtml(__FUNCTION__ . '(' . __LINE__."):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).")
"); // Check if password matches - if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) { + if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass))) && (isAdmin())) { // Passwords matches! $ret = 'done'; } // END - if @@ -238,7 +239,10 @@ function ifAdminCookiesAreValid ($admin, $password) { } // Do an admin action -function doAdminAction ($what) { +function doAdminAction () { + // Get default what + $what = getWhat(); + //* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."*
"); // Remove any spaces from variable @@ -246,14 +250,14 @@ function doAdminAction ($what) { // Default admin action is the overview page $what = 'overview'; } else { - // Compile out some chars - $what = compileCode($what, false, false, false); + // Secure it + $what = secureString($what); } // Get action value $action = getModeAction(getModule(), $what); - // Define admin login name and ID number + // Define admin login name and id number $content['login'] = getSession('admin_login'); $content['id'] = getCurrentAdminId(); @@ -287,7 +291,14 @@ WHERE ) ) ) -LIMIT 1", array($action, $what, $what), __FUNCTION__, __LINE__); +LIMIT 1", + array( + $action, + $what, + $what + ), __FUNCTION__, __LINE__); + + // Do we have an entry? if (SQL_NUMROWS($result_action) == 1) { // Is valid but does the inlcude file exists? $inc = sprintf("inc/modules/admin/action-%s.php", $action); @@ -296,14 +307,14 @@ LIMIT 1", array($action, $what, $what), __FUNCTION__, __LINE__); loadInclude($inc); } elseif ($GLOBALS['acl_allow'] === false) { // Access denied - loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACCESS_DENIED'), $what)); + loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what)); } else { // Include file not found! :-( - loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_404'), $action)); + loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action)); } } else { // Invalid action/what pair found! - loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_INVALID'), $action.'/'.$what)); + loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what)); } // Free memory @@ -333,9 +344,11 @@ WHERE ORDER BY `sort` ASC, `id` DESC", __FUNCTION__, __LINE__); + + // Do we have entries? if (SQL_NUMROWS($result_main) > 0) { - $OUT = "
 
\n"; - $OUT .= "'; } // Is there a cache instance again? @@ -467,7 +494,7 @@ ORDER BY } // Create member selection box -function addMemberSelectionBox ($def='0', $add_all=false, $return=false, $none=false, $field='userid') { +function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=false, $field='userid') { // Output selection form with all confirmed user accounts listed $result = SQL_QUERY("SELECT `userid`, `surname`, `family` FROM `{?_MYSQL_PREFIX?}_user_data` ORDER BY `userid` ASC", __FUNCTION__, __LINE__); @@ -475,13 +502,13 @@ function addMemberSelectionBox ($def='0', $add_all=false, $return=false, $none=f $OUT = ''; // USe this only for adding points (e.g. adding refs really makes no sence ;-) ) - if ($add_all === true) $OUT = " \n"; - elseif ($none === true) $OUT = " \n"; + if ($add_all === true) $OUT = ' '; + elseif ($none === true) $OUT = ' '; while ($content = SQL_FETCHARRAY($result)) { - $OUT .= " '; } // END - while // Free memory @@ -496,7 +523,7 @@ function addMemberSelectionBox ($def='0', $add_all=false, $return=false, $none=f loadTemplate('admin_member_selection_box', false, $content); } else { // Return content in selection frame - return "\n"; + return ''; } } @@ -505,8 +532,9 @@ function addMemberSelectionBox ($def='0', $add_all=false, $return=false, $none=f // @DEPRECATED function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') { $what = "`what` != ''"; - if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND action !='login'"; - $result = SQL_QUERY_ESC("SELECT %s, title FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort`", + if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND `action` !='login'"; + + $result = SQL_QUERY_ESC("SELECT %s, `title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC", array($mode), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result) > 0) { // Load menu as selection @@ -534,18 +562,18 @@ function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') { } // Wrapper for $_POST and adminSaveSettings -function adminSaveSettingsFromPostData ($tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) { +function adminSaveSettingsFromPostData ($tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false, $displayMessage = true) { // Get the array $postData = postRequestArray(); // Call the lower function - adminSaveSettings($postData, $tableName, $whereStatement, $translateComma, $alwaysAdd); + adminSaveSettings($postData, $tableName, $whereStatement, $translateComma, $alwaysAdd, $displayMessage); } // Save settings to the database -function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) { +function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false, $displayMessage = true) { // Prepare all arrays, variables - $DATA = array(); + $tableData = array(); $skip = false; // Now, walk through all entries and prepare them for saving @@ -553,13 +581,10 @@ function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement // Process only formular field but not submit buttons ;) if ($id != 'ok') { // Do not save the ok value - convertSelectionsToTimestamp($postData, $DATA, $id, $skip); - - // Shall we process this ID? It muss not be empty, of course - if (($skip === false) && (!empty($id))) { - // Save this entry - $val = compileCode($val); + convertSelectionsToTimestamp($postData, $tableData, $id, $skip); + // Shall we process this id? It muss not be empty, of course + if (($skip === false) && (!empty($id)) && ((!isset($GLOBALS['skip_config'][$id]))) || ($tableName != '_config')) { // Translate the value? (comma to dot!) if ((is_array($translateComma)) && (in_array($id, $translateComma))) { // Then do it here... :) @@ -568,14 +593,17 @@ function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement // Shall we add numbers or strings? $test = (float)$val; - if ("".$val."" == ''.$test."") { + if ('' . $val . '' == '' . $test . '') { // Add numbers - $DATA[] = sprintf("`%s`=%s", $id, $test); + $tableData[] = sprintf("`%s`=%s", $id, $test); } else { // Add strings - $DATA[] = sprintf("`%s`='%s'", $id, trim($val)); + $tableData[] = sprintf("`%s`='%s'", $id, trim($val)); } + // Do not add a config entry twice + $GLOBALS['skip_config'][$id] = true; + // Update current configuration setConfigEntry($id, $val); } // END - if @@ -586,40 +614,41 @@ function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement $result = false; if ($alwaysAdd === false) { if (!empty($whereStatement)) { - $result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}".$tableName."` WHERE ".$whereStatement." LIMIT 1", __FUNCTION__, __LINE__); + $result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` WHERE " . $whereStatement . " LIMIT 1", __FUNCTION__, __LINE__); } else { - $result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}".$tableName."` LIMIT 1", __FUNCTION__, __LINE__); + $result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` LIMIT 1", __FUNCTION__, __LINE__); } } // END - if if (SQL_NUMROWS($result) == 1) { // "Implode" all data to single string - $DATA_UPDATE = implode(", ", $DATA); + $updatedData = implode(', ', $tableData); // Generate SQL string $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}%s` SET %s WHERE %s LIMIT 1", - $tableName, - $DATA_UPDATE, - $whereStatement + $tableName, + $updatedData, + $whereStatement ); } else { // Add Line (does only work with auto_increment! - $KEYs = array(); $values = array(); - foreach ($DATA as $entry) { + $keys = array(); $values = array(); + foreach ($tableData as $entry) { // Split up $line = explode('=', $entry); - $KEYs[] = $line[0]; $values[] = $line[1]; + $keys[] = $line[0]; + $values[] = $line[1]; } // END - foreach // Add both in one line - $KEYs = implode(", ", $KEYs); - $values = implode(", ", $values); + $keys = implode('`, `', $keys); + $values = implode(', ', $values); // Generate SQL string - $sql = sprintf("INSERT INTO {?_MYSQL_PREFIX?}%s (%s) VALUES (%s)", - $tableName, - $KEYs, - $values + $sql = sprintf("INSERT INTO `{?_MYSQL_PREFIX?}%s` (%s) VALUES (%s)", + $tableName, + $keys, + $values ); } @@ -629,11 +658,17 @@ function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement // Simply run generated SQL string SQL_QUERY($sql, __FUNCTION__, __LINE__); + // Remember affected rows + $affected = SQL_AFFECTEDROWS(); + // Rebuild cache rebuildCacheFile('config', 'config'); - // Settings saved - loadTemplate('admin_settings_saved', false, getMessage('SETTINGS_SAVED')); + // Settings saved, so display message? + if ($displayMessage === true) loadTemplate('admin_settings_saved', false, getMessage('SETTINGS_SAVED')); + + // Return affected rows + return $affected; } // Generate a selection box @@ -677,26 +712,34 @@ function adminAddMenuSelectionBox ($menu, $type, $name, $default = '') { // Creates a user-profile link for the admin. This function can also be used for many other purposes function generateUserProfileLink ($userid, $title = '', $what = 'list_user') { - if (($title == '') && ($title != '0')) { + if (($title == '') && ($userid > 0)) { // Set userid as title $title = $userid; - } // END - if + } elseif ($userid == 0) { + // User id zero is invalid + return '' . $userid . ''; + } if (($title == '0') && ($what == 'list_refs')) { // Return title again return $title; - } // END - if + } elseif (isExtensionActive('nickname')) { + // Get nickname + $nick = getNickname($userid); + + // Is it not empty, use it as title else the userid + if (!empty($nick)) $title = $nick . '(' . $userid . ')'; else $title = $userid; + } // Return link - //* DEBUG: */ outputHtml("a:".$title."
"); - return '[' . $title . ']'; + return '[' . $title . ']'; } // Check "logical-area-mode" function adminGetMenuMode () { // Set the global mode as the mode for all admins $mode = getConfig('admin_menu'); - $ADMIN = $mode; + $adminMode = $mode; // Get admin id $adminId = getCurrentAdminId(); @@ -704,23 +747,25 @@ function adminGetMenuMode () { // Check individual settings of current admin if (isset($GLOBALS['cache_array']['admin']['la_mode'][$adminId])) { // Load from cache - $ADMIN = $GLOBALS['cache_array']['admin']['la_mode'][$adminId]; + $adminMode = $GLOBALS['cache_array']['admin']['la_mode'][$adminId]; incrementStatsEntry('cache_hits'); } elseif (isExtensionInstalledAndNewer('admins', '0.6.7')) { // Load from database when version of 'admins' is enough $result = SQL_QUERY_ESC("SELECT la_mode FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($adminId), __FUNCTION__, __LINE__); + + // Do we have an entry? if (SQL_NUMROWS($result) == 1) { // Load data - list($ADMIN) = SQL_FETCHROW($result); - } + list($adminMode) = SQL_FETCHROW($result); + } // END - if // Free memory SQL_FREERESULT($result); } // Check what the admin wants and set it when it's not the global mode - if ($ADMIN != 'global') $mode = $ADMIN; + if ($adminMode != 'global') $mode = $adminMode; // Return admin-menu's mode return $mode; @@ -728,11 +773,11 @@ function adminGetMenuMode () { // Change activation status function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') { - $cnt = 0; $newStatus = 'Y'; + $cnt = '0'; $newStatus = 'Y'; if ((is_array($IDs)) && (count($IDs) > 0)) { // "Walk" all through and count them foreach ($IDs as $id => $selected) { - // Secure the ID number + // Secure the id number $id = bigintval($id); // Should always be set... ;-) @@ -782,7 +827,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') { } // END - if // Is the raw userid set? - if (postRequestElement('userid_raw', $id) > 0) { + if (postRequestParameter('userid_raw', $id) > 0) { // Generate subject $subjectLine = getMessage('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT'); @@ -794,7 +839,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') { } // Send email out - sendEmail(postRequestElement('userid_raw', $id), $subjectLine, $mail); + sendEmail(postRequestParameter('userid_raw', $id), $subjectLine, $mail); } // END - if // Generate subject @@ -802,9 +847,9 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') { // Send admin notification out if (!empty($subjectPart)) { - sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestElement('userid_raw', $id)); + sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter('userid_raw', $id)); } else { - sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestElement('userid_raw', $id)); + sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestParameter('userid_raw', $id)); } } @@ -814,7 +859,7 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, // "Walk" through all entries foreach ($IDs as $id => $selected) { - // Secure ID number + // Secure id number $id = bigintval($id); // Get result from a given column array and table name @@ -860,9 +905,9 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, // Load master template loadTemplate(sprintf("admin_%s_%s", - $listType, - $table - ), false, $OUT + $listType, + $table + ), false, $OUT ); } @@ -949,7 +994,7 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti } // END - if } -// Delete rows by given ID numbers +// Delete rows by given id numbers function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $deleteNow=false, $idColumn='id', $userIdColumn='userid') { // All valid entries? (We hope so here!) if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { @@ -962,7 +1007,7 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunct $idList = ''; foreach ($IDs as $id => $sel) { // Is there a userid? - if (isPostRequestElementSet('userid_raw', $id)) { + if (isPostRequestParameterSet('userid_raw', $id)) { // Load all data from that id $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1", array($table, $idColumn, $id), __FUNCTION__, __LINE__); @@ -999,14 +1044,14 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunct } // END - if } -// Edit rows by given ID numbers +// Edit rows by given id numbers function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $editNow=false, $idColumn='id', $userIdColumn='userid') { // All valid entries? (We hope so here!) if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { // Shall we change here or list for editing? if ($editNow === true) { // Change them all - $affected = 0; + $affected = '0'; foreach ($IDs as $id => $sel) { // Prepare content array (new values) $content = array(); @@ -1051,7 +1096,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio } // END - foreach // Finish SQL command - $sql = substr($sql, 0, -1) . " WHERE `".$idColumn."`=".bigintval($id)." LIMIT 1"; + $sql = substr($sql, 0, -1) . " WHERE `" . $idColumn . "`=" . bigintval($id) . " LIMIT 1"; // Run this query SQL_QUERY($sql, __FUNCTION__, __LINE__); @@ -1088,32 +1133,32 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio } // END - if } -// Un-/lock rows by given ID numbers +// Un-/lock rows by given id numbers function adminLockEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $lockNow=false, $idColumn='id', $userIdColumn='userid') { // All valid entries? (We hope so here!) if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($lockNow === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? if ($lockNow === true) { // Un-/lock entries - adminBuilderStatusHandler("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - adminListBuilder("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } -// Undelete rows by given ID numbers +// Undelete rows by given id numbers function adminUndeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $undeleteNow=false, $idColumn='id', $userIdColumn='userid') { // All valid entries? (We hope so here!) if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($undeleteNow === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? if ($undeleteNow === true) { // Undelete entries - adminBuilderStatusHandler("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - adminListBuilder("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } @@ -1138,15 +1183,12 @@ function sendAdminPasswordResetLink ($email) { // Init output $OUT = ''; - // Compile out security characters (must be for looking up!) - $email = compileCode($email); - // Look up administator login $result = SQL_QUERY_ESC("SELECT `id`, `login`, `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1", array($email), __FUNCTION__, __LINE__); // Is there an account? - if (SQL_NUMROWS($result) == 0) { + if (SQL_NUMROWS($result) == '0') { // No account found! return getMessage('ADMIN_NO_LOGIN_WITH_EMAIL'); } // END - if @@ -1158,7 +1200,7 @@ function sendAdminPasswordResetLink ($email) { SQL_FREERESULT($result); // Generate hash for reset link - $content['hash'] = generateHash(getConfig('URL').':'.$content['id'].':'.$content['login'].':'.$content['password'], substr($content['password'], 10)); + $content['hash'] = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $content['login'] . ':' . $content['password'], substr($content['password'], 10)); // Remove some data unset($content['id']); @@ -1179,12 +1221,9 @@ function adminResetValidateHashLogin ($hash, $login) { // By default nothing validates... ;) $valid = false; - // Compile the login for lookup - $login = compileCode($login); - // Then try to find that user $result = SQL_QUERY_ESC("SELECT `id`, `password`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", - array($login), __FUNCTION__, __LINE__); + array($login), __FUNCTION__, __LINE__); // Is an account here? if (SQL_NUMROWS($result) == 1) { @@ -1192,7 +1231,7 @@ function adminResetValidateHashLogin ($hash, $login) { $content = SQL_FETCHARRAY($result); // Generate hash again - $hashFromData = generateHash(getConfig('URL').':'.$content['id'].':'.$login.':'.$content['password'], substr($content['password'], 10)); + $hashFromData = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $login . ':' . $content['password'], substr($content['password'], 10)); // Does both match? $valid = ($hash == $hashFromData); @@ -1211,7 +1250,7 @@ function doResetAdminPassword ($login, $password) { $passHash = ''; // Now check if we have sql_patches installed - if (getExtensionVersion('sql_patches') >= '0.3.6') { + if (isExtensionInstalledAndNewer('sql_patches', '0.3.6')) { // Use new way of hashing $passHash = generateHash($password); } else { @@ -1262,17 +1301,24 @@ function adminUpdateTaskData ($id, $row, $data) { // Update the task SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_task_system` SET `%s`='%s' WHERE `id`=%s LIMIT 1", - array($row, $data, bigintval($id)), __FUNCTION__, __LINE__); + array( + $row, + $data, + bigintval($id) + ), __FUNCTION__, __LINE__); } // Checks wether if the admin menu has entries function ifAdminMenuHasEntries ($action) { return ( (( + // Is the entry set? isset($GLOBALS['admin_menu_has_entries'][$action]) ) && ( + // And do we have a menu for this action? $GLOBALS['admin_menu_has_entries'][$action] === true )) || ( + // Login has always a menu $action == 'login' ) ); @@ -1288,37 +1334,109 @@ function adminCreateUserLink ($userid) { // Is the userid set correctly? if ($userid > 0) { // Create a link to that profile - return '{?URL?}/modules.php?module=admin&what=list_user&userid='.bigintval($userid); + return '{%url=modules.php?module=admin&what=list_user&userid=' . bigintval($userid) . '%}'; } // END - if // Return a link to the user list - return '{?URL?}/modules.php?module=admin&what=list_user'; + return '{%url=modules.php?module=admin&what=list_user%}'; } -// ----------------------------------------------------------------------------- -// --- Filter functions --- -// ----------------------------------------------------------------------------- - -// Filter for checking admin ACL -function FILTER_CHECK_ADMIN_ACL () { - // Extension not installed so it's always allowed to access everywhere! - $ret = true; - - // Ok, Cookie-Update done - if ((isExtensionInstalledAndNewer('admins', '0.3.0')) && (isExtensionActive('admins'))) { - // Check if action GET variable was set - $action = getAction(); - if (isWhatSet()) { - // Get action value by what-value - $action = getModeAction('admin', getWhat()); - } // END - if +// Generate a "link" for the given admin id (admin_id) +function generateAdminLink ($adminId) { + // No assigned admin is default + $adminLink = '{--ADMIN_NO_ADMIN_ASSIGNED--}'; + + // Zero? = Not assigned + if (bigintval($adminId) > 0) { + // Load admin's login + $login = getAdminLogin($adminId); + + // Is the login valid? + if ($login != '***') { + // Is the extension there? + if (isExtensionActive('admins')) { + // Admin found + $adminLink = '' . $login . ''; + } else { + // Extension not found + $adminLink = getMaskedMessage('EXTENSION_PROBLEM_NOT_INSTALLED', 'admins'); + } + } else { + // Maybe deleted? + $adminLink = '
' . getMaskedMessage('ADMIN_ID_404', $adminId) . '
'; + } + } // END - if + + // Return result + return $adminLink; +} + +// Verifies if the current admin has confirmed to alter expert settings +// +// Return values: +// 'failed' = Something goes wrong (default) +// 'agreed' = Has verified and and confirmed it to see them +// 'forbidden' = Has not the proper right to alter them +// 'update' = Need to update extension 'admins' +// 'ask' = A form was send to the admin +function doVerifyExpertSettings () { + // Default return status is failed + $return = 'failed'; + + // Is the extension installed and recent? + if (isExtensionInstalledAndNewer('admins', '0.7.3')) { + // Okay, load the status + $expertSettings = getAminsExpertSettings(); + + // Is he allowed? + if ($expertSettings == 'Y') { + // Okay, does he want to see them? + if (getAminsExpertWarning() == 'Y') { + // Ask for them + if (isFormSent()) { + // Is the element set, then we need to change the admin + if (isPostRequestParameterSet('expert_settings')) { + // Get it and prepare final post data array + $postData['login'][getCurrentAdminId()] = getAdminLogin(getCurrentAdminId()); + $postData['expert_warning'][getCurrentAdminId()] = 'N'; + + // Change it in the admin + adminsChangeAdminAccount($postData, 'expert_warning'); + + // Clear form + unsetPostRequestParameter('ok'); + } // END - if + + // All fine! + $return = 'agreed'; + } else { + // Send form + loadTemplate('admin_expert_settings_form'); + + // Asked for it + $return = 'ask'; + } + } else { + // Do not display + $return = 'agreed'; + } + } else { + // Forbidden + $return = 'forbidden'; + } + } else { + // Out-dated extension or not installed + $return = 'update'; + } - // Check for access control line of current menu entry - $ret = adminsCheckAdminAcl($action, getWhat()); + // Output message for other status than ask/agreed + if (($return != 'ask') && ($return != 'agreed')) { + // Output message + loadTemplate('admin_settings_saved', false, getMessage('ADMIN_EXPERT_SETTINGS_STATUS_' . strtoupper($return))); } // END - if - // Set it here - $GLOBALS['acl_allow'] = $ret; + // Return status + return $return; } // [EOF]