X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=38a180263d479516d47596ad8aa042dd61ee3e2e;hp=891d19cfec49742bc32b9a466ca7f9e91afa9f9c;hb=8fad776382e63b3f73f8dbe289f229d79cfc2c22;hpb=29385a0483bbcbbe940a32a49d488b1d5add15c5 diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 891d19cfec..38a180263d 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -14,12 +14,10 @@ * $Date:: $ * * $Tag:: 0.2.1-FINAL $ * * $Author:: $ * - * Needs to be in all Files and every File needs "svn propset * - * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009, 2010 by Mailer Developer Team * - * For more information visit: http://www.mxchange.org * + * Copyright (c) 2009 - 2012 by Mailer Developer Team * + * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * @@ -54,7 +52,7 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) { // Is the entry there? if (SQL_HASZERONUMS($result)) { // Ok, let's create the admin login - SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')", + SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`,`password`,`email`) VALUES ('%s', '%s', '%s')", array( $adminLogin, $passHash, @@ -74,32 +72,40 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) { // This function will be executed when the admin is not logged in and has submitted his login data function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) { - // First of all, no admin login is found + // First of all, no admin login is found, so the admin hash is null $ret = '404'; + $adminHash = NULL; - // Then we need to lookup the login name by getting the admin hash - $adminHash = getAdminHash($adminLogin); + // Get admin id from login + $adminId = getAdminId($adminLogin); - // If this is fine, we can continue - if ($adminHash != '-1') { - // Get admin id and set it as current - setCurrentAdminId(getAdminId($adminLogin)); + // Continue only with found admin ids + if ($adminId > 0) { + // Then we need to lookup the login name by getting the admin hash + $adminHash = getAdminHash($adminId); - // Now, we need to encode the password in the same way the one is encoded in database - $testHash = generateHash($adminPassword, $adminHash); + // If this is fine, we can continue + if ($adminHash != '-1') { + // Get admin id and set it as current + setCurrentAdminId($adminId); - // If they both match, the login data is valid - if ($testHash == $adminHash) { - // All fine - $ret = 'done'; - } else { - // Set status - $ret = 'pass'; - } + // Now, we need to encode the password in the same way the one is encoded in database + $testHash = generateHash($adminPassword, $adminHash); + + // If they both match, the login data is valid + if ($testHash == $adminHash) { + // All fine + $ret = 'done'; + } else { + // Did not match! + $ret = 'password'; + } + } // END - if } // END - if // Prepare data array $data = array( + 'id' => $adminId, 'login' => $adminLogin, 'plain_pass' => $adminPassword, 'pass_hash' => $adminHash @@ -124,7 +130,7 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) { if ($adminHash != '-1') { // Now, we need to encode the password in the same way the one is encoded in database $testHash = encodeHashForCookie($adminHash); - //* DEBUG: */ debugOutput('adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash); // If they both match, the login data is valid if ($testHash == $passHash) { @@ -132,49 +138,38 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) { $ret = 'done'; } else { // Set status - $ret = 'pass'; + $ret = 'password'; } } // END - if // Return status - //* DEBUG: */ debugOutput('ret='.$ret); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'ret='.$ret); return $ret; } // Do an admin action function doAdminAction () { - // Get default what - $what = getWhat(); - - //* DEBUG: */ debugOutput(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*'); - - // Remove any spaces from variable - if (empty($what)) { - // Default admin action is the overview page - $what = 'overview'; - } else { - // Secure it - $what = secureString($what); - } + // Determine correct 'what' value + $what = determineWhat(); // Get action value $action = getActionFromModuleWhat(getModule(), $what); - // Define admin login name and id number - $content['login'] = getSession('admin_login'); - $content['id'] = getCurrentAdminId(); - - // Preload templates + // Load welcome template if (isExtensionActive('admins')) { - $content['welcome'] = loadTemplate('admin_welcome_admins', true, $content); + // @TODO This and the next getCurrentAdminId() call might be moved into the templates? + $content['welcome'] = loadTemplate('admin_welcome_admins', true, getCurrentAdminId()); } else { - $content['welcome'] = loadTemplate('admin_welcome', true, $content); + $content['welcome'] = loadTemplate('admin_welcome', true, getCurrentAdminId()); } + + // Load header, footer, render menu + $content['header'] = loadTemplate('admin_header' , true, $content); $content['footer'] = loadTemplate('admin_footer' , true, $content); - $content['menu'] = addAdminMenu($action, $what, true); + $content['menu'] = addAdminMenu($action, $what); - // Tableset header - loadTemplate('admin_main_header', false, $content); + // Load main template + loadTemplate('admin_main', false, $content); // Check if action/what pair is valid $result_action = SQL_QUERY_ESC("SELECT @@ -185,12 +180,12 @@ WHERE `action`='%s' AND ( ( - `what`='%s' AND `what` != 'overview' + `what`='%s' AND `what` != 'welcome' ) OR ( ( `what`='' OR `what` IS NULL ) AND ( - '%s'='overview' + '%s'='welcome' ) ) ) @@ -201,7 +196,7 @@ LIMIT 1", $what ), __FUNCTION__, __LINE__); - // Do we have an entry? + // Is there an entry? if (SQL_NUMROWS($result_action) == 1) { // Is valid but does the inlcude file exists? $inc = sprintf("inc/modules/admin/action-%s.php", $action); @@ -210,14 +205,14 @@ LIMIT 1", loadInclude($inc); } elseif ($GLOBALS['acl_allow'] === false) { // Access denied - loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what)); + loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACCESS_DENIED=' . $what . '%}'); } else { - // Include file not found! :-( - loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action)); + // Include file not found :-( + loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_404=' . $action . '%}'); } } else { - // Invalid action/what pair found! - loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what)); + // Invalid action/what pair found + loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_INVALID=' . $action . '/' . $what . '%}'); } // Free memory @@ -227,19 +222,37 @@ LIMIT 1", loadTemplate('admin_main_footer', false, $content); } +/** + * Checks whether current admin is allowed to access given action/what + * combination (only one is allowed to be null!). + */ +function isAdminAllowedAccessMenu ($action, $what = NULL) { + // Is there cache? + if (!isset($GLOBALS[__FUNCTION__][$action][$what])) { + // ACL is always 'allow' when no ext-admins is installed + // @TODO This can be rewritten into a filter + $GLOBALS[__FUNCTION__][$action][$what] = ((!isExtensionInstalledAndNewer('admins', '0.2.0')) || ((isExtensionActive('admins')) && (isAdminsAllowedByAcl($action, $what)))); + } // END - if + + // Return the cached value + return $GLOBALS[__FUNCTION__][$action][$what]; +} + // Adds an admin menu -function addAdminMenu ($action, $what, $return=false) { +function addAdminMenu ($action, $what) { // Init variables $SUB = false; $OUT = ''; // Menu descriptions $GLOBALS['menu']['description'] = array(); - $GLOBALS['menu']['title'] = array(); + $GLOBALS['menu']['title'] = array(); // Build main menu $result_main = SQL_QUERY("SELECT - `action`, `title`, `descr` + `action` AS `main_action`, + `title` AS `main_title`, + `descr` AS `main_descr` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE @@ -248,61 +261,78 @@ ORDER BY `sort` ASC, `id` DESC", __FUNCTION__, __LINE__); - // Do we have entries? - if (SQL_NUMROWS($result_main) > 0) { + // Are there entries? + if (!SQL_HASZERONUMS($result_main)) { $OUT .= ''; + + // Free memory + SQL_FREERESULT($result_main); + } // END - if + + // Return content + return $OUT; +} + +// Add admin sub menu +function addAdminSubMenu ($mainContent, $action, $what) { + // Init content + $OUT = ''; + + // Check for menu entries + $result_what = SQL_QUERY_ESC("SELECT + `what` AS `sub_what`, + `title` AS `sub_title`, + `descr` AS `sub_descr` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE @@ -312,102 +342,150 @@ WHERE ORDER BY `sort` ASC, `id` DESC", - array($menu), __FUNCTION__, __LINE__); - - // Remember the count for later checks - setAdminMenuHasEntries($menu, ((SQL_NUMROWS($result_what) > 0) && ($action == $menu))); - - // Do we have entries? - if ((ifAdminMenuHasEntries($menu)) && (SQL_NUMROWS($result_what) > 0)) { - $GLOBALS['menu']['description'] = array(); - $GLOBALS['menu']['title'] = array(); $SUB = true; - $OUT .= '
  • '; + } // END - if // Free memory - SQL_FREERESULT($result_main); - $OUT .= ''; - } + SQL_FREERESULT($result_what); + } // END - if - // Is there a cache instance again? - // Return or output content? - if ($return === true) { - return $OUT; - } else { - outputHtml($OUT); - } + // Close li-tag + $OUT .= '
    • '; + + // Return content + return $OUT; } -// Create member selection box -function addMemberSelectionBox ($def = 0, $add_all = false, $return = false, $none = false, $field = 'userid') { +// Create an admin selection box form +function addAdminSelectionBox ($adminId = NULL, $special = '') { + // Default is email as "special column" + $ADD = ',`email` AS `special`'; + + // Is a special column given? + if (!empty($special)) { + // Additional column for SQL query + $ADD = ',`' . $special . '` AS `special`'; + } // END - if + + // Query all entries + $result = SQL_QUERY('SELECT + `id`, + `login` + ' . $ADD . ' +FROM + `{?_MYSQL_PREFIX?}_admins` +ORDER BY + `login` ASC', __FUNCTION__, __LINE__); + + // Init output + $OUT = ''; + + // Load all entries + while ($content = SQL_FETCHARRAY($result)) { + // Add the entry + $OUT .= loadTemplate('select_admins_option', true, $content); + } // END - if + + // Free memory + SQL_FREERESULT($result); + + // Add form to content + $content['form_selection'] = $OUT; + + // Output form + loadTemplate('select_admins_box', false, $content); +} + +// Create a member selection box +function addMemberSelectionBox ($userid = NULL, $add_all = false, $return = false, $none = false, $field = 'userid', $whereStatement = " WHERE `surname` NOT LIKE '{?tester_user_surname_prefix?}%'") { // Output selection form with all confirmed user accounts listed - $result = SQL_QUERY("SELECT `userid`, `surname`, `family` FROM `{?_MYSQL_PREFIX?}_user_data` ORDER BY `userid` ASC", __FUNCTION__, __LINE__); + $result = SQL_QUERY('SELECT + `userid`, + `surname`, + `family` +FROM + `{?_MYSQL_PREFIX?}_user_data` +' . $whereStatement . ' +ORDER BY + `userid` ASC', __FUNCTION__, __LINE__); // Default output $OUT = ''; // USe this only for adding points (e.g. adding refs really makes no sence ;-) ) - if ($add_all === true) $OUT = ' '; - elseif ($none === true) $OUT = ' '; + if ($add_all === true) { + $OUT = ' '; + } elseif ($none === true) { + $OUT = ' '; + } + // Load all entries while ($content = SQL_FETCHARRAY($result)) { + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . intval($userid) . '/' . $content['userid']); $OUT .= ''; + $OUT = '