X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=66e71dc1597fabab8b6131b71bebfce077362659;hp=7976506243625b366d4a6e0c9453420b302b421d;hb=57227d33e870ec5cd271209c4a978a52b45c2dd6;hpb=c2e17d983fcbc0c3bd1dd37908d87c678f0367df

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 7976506243..66e71dc159 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 08/31/2003 *
- * ===============                              Last change: 11/23/2004 *
+ * Mailer v0.2.1-FINAL                                Start: 08/31/2003 *
+ * ===================                          Last change: 11/23/2004 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : admin-inc.php                                    *
@@ -51,7 +51,7 @@ function addAdminAccount ($user, $md5, $email) {
 		array($user), __FUNCTION__, __LINE__);
 
 	// Is the entry there?
-	if (SQL_NUMROWS($result) == 0) {
+	if (SQL_NUMROWS($result) == '0') {
 		// Ok, let's create the admin login
 		SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
 			array(
@@ -59,6 +59,8 @@ function addAdminAccount ($user, $md5, $email) {
 				$md5,
 				$email
 			), __FUNCTION__, __LINE__);
+
+		// All done
 		$ret = 'done';
 	} // END - if
 
@@ -114,12 +116,13 @@ function ifAdminLoginDataIsValid ($admin, $password) {
 		SQL_FREERESULT($result);
 	}
 
-	//* DEBUG: */ outputHtml("*".$data['password'].'/'.md5($password).'/'.$ret."<br />");
+	//* DEBUG: */ outputHtml('*' . $data['password'] . '/' . md5($password) .'/' . $ret . '*<br />');
 	if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
 		// Generate new hash
 		$data['password'] = generateHash($password);
 
 		// Is the sql_patches not installed, than we cannot have a valid hashed password here!
+		//* DEBUG: */ outputHtml($ret . ',' . intval(isExtensionInstalledAndOlder('sql_patches', '0.3.6')) . '/' . intval(!isExtensionInstalled('sql_patches')).'<br />');
 		if (($ret == 'pass') && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) $ret = 'done';
 	} elseif ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches'))) {
 		// Old hashing way
@@ -133,8 +136,8 @@ function ifAdminLoginDataIsValid ($admin, $password) {
 	$salt = substr($data['password'], 0, -40);
 
 	// Check if password is same
-	//* DEBUG: */ outputHtml("*".$ret.','.$data['password'].','.$password.','.$salt."*<br />");
-	if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) {
+	//* DEBUG: */ outputHtml('*' . $ret . ',' . $data['password'] . ',' . $password . ',' . $salt . '*<br />');
+	if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == md5($password))) {
 		// Re-hash the plain passord with new random salt
 		$data['password'] = generateHash($password);
 
@@ -210,8 +213,6 @@ function doAdminLogin ($adminLogin, $passHash) {
 		setSession('admin_login', $adminLogin)
 	) && (
 		setSession('admin_last', time())
-	) && (
-		setSession('admin_to', bigintval(postRequestElement('timeout')))
 	));
 }
 
@@ -228,7 +229,7 @@ function ifAdminCookiesAreValid ($admin, $password) {
 	//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).")<br />");
 
 	// Check if password matches
-	if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {
+	if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass))) && (isAdmin())) {
 		// Passwords matches!
 		$ret = 'done';
 	} // END - if
@@ -238,7 +239,10 @@ function ifAdminCookiesAreValid ($admin, $password) {
 }
 
 // Do an admin action
-function doAdminAction ($what) {
+function doAdminAction () {
+	// Get default what
+	$what = getWhat();
+
 	//* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."*<br />");
 
 	// Remove any spaces from variable
@@ -246,14 +250,14 @@ function doAdminAction ($what) {
 		// Default admin action is the overview page
 		$what = 'overview';
 	} else {
-		// Compile out some chars
-		$what = compileCode($what, false, false, false);
+		// Secure it
+		$what = secureString($what);
 	}
 
 	// Get action value
 	$action = getModeAction(getModule(), $what);
 
-	// Define admin login name and ID number
+	// Define admin login name and id number
 	$content['login'] = getSession('admin_login');
 	$content['id']    = getCurrentAdminId();
 
@@ -287,7 +291,14 @@ WHERE
 			)
 		)
 	)
-LIMIT 1", array($action, $what, $what), __FUNCTION__, __LINE__);
+LIMIT 1",
+		array(
+			$action,
+			$what,
+			$what
+		), __FUNCTION__, __LINE__);
+
+	// Do we have an entry?
 	if (SQL_NUMROWS($result_action) == 1) {
 		// Is valid but does the inlcude file exists?
 		$inc = sprintf("inc/modules/admin/action-%s.php", $action);
@@ -296,14 +307,14 @@ LIMIT 1", array($action, $what, $what), __FUNCTION__, __LINE__);
 			loadInclude($inc);
 		} elseif ($GLOBALS['acl_allow'] === false) {
 			// Access denied
-			loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACCESS_DENIED'), $what));
+			loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what));
 		} else {
 			// Include file not found! :-(
-			loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_404'), $action));
+			loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action));
 		}
 	} else {
 		// Invalid action/what pair found!
-		loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_INVALID'), $action.'/'.$what));
+		loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what));
 	}
 
 	// Free memory
@@ -333,9 +344,11 @@ WHERE
 ORDER BY
 	`sort` ASC,
 	`id` DESC", __FUNCTION__, __LINE__);
+
+	// Do we have entries?
 	if (SQL_NUMROWS($result_main) > 0) {
-		$OUT = "<div style=\"height:7px\" class=\"seperator\">&nbsp;</div>\n";
-		$OUT .= "<ul class=\"admin_menu_main\">\n";
+		$OUT  = '<div style="height:7px" class="seperator">&nbsp;</div>';
+		$OUT .= '<ul class="admin_menu_main">';
 		// @TODO Rewrite this to $content = SQL_FETCHARRAY()
 		while (list($menu, $title, $descr) = SQL_FETCHROW($result_main)) {
 			if ((isExtensionActive('admins')) && (getExtensionVersion('admins') > '0.2.0')) {
@@ -345,31 +358,45 @@ ORDER BY
 				$ACL = true;
 			}
 
+			// Filename
+			$inc = sprintf("inc/modules/admin/action-%s.php", $menu);
+
+			// Is the file readable?
+			$readable = isIncludeReadable($inc);
+
 			if ($ACL === true) {
 				if ($SUB === false) {
 					// Insert compiled menu title and description
 					$GLOBALS['menu']['title'][$menu]      = $title;
 					$GLOBALS['menu']['description'][$menu] = $descr;
 				}
-				$OUT .= "<li class=\"admin_menu\">
-<div class=\"nobr\"><strong>&middot;</strong>&nbsp;";
+				$OUT .= '<li class="admin_menu">
+<div class="nobr"><strong>&middot;</strong>&nbsp;';
 
-				if (($menu == $action) && (empty($what))) {
-					$OUT .= "<strong>";
+				if ($readable === true) {
+					if (($menu == $action) && (empty($what))) {
+						$OUT .= '<strong>';
+					} else {
+						$OUT .= '[<a href="{%url=modules.php?module=admin&amp;action=' . $menu . '%}">';
+					}
 				} else {
-					$OUT .= "[<a href=\"{?URL?}/modules.php?module=admin&amp;action=".$menu."\">";
+					$OUT .= '<em style="cursor:help" class="admin_note" title="{--MENU_ACTION_404--}">';
 				}
 
 				$OUT .= $title;
 
-				if (($menu == $action) && (empty($what))) {
-					$OUT .= "</strong>";
+				if ($readable === true) {
+					if (($menu == $action) && (empty($what))) {
+						$OUT .= '</strong>';
+					} else {
+						$OUT .= '</a>]';
+					}
 				} else {
-					$OUT .= "</a>]";
+					$OUT .= '</em>';
 				}
 
-				$OUT .= "</div>
-</li>\n";
+				$OUT .= '</div>
+</li>';
 
 				// Check for menu entries
 				$result_what = SQL_QUERY_ESC("SELECT
@@ -392,7 +419,7 @@ ORDER BY
 				if ((ifAdminMenuHasEntries($menu)) && (SQL_NUMROWS($result_what) > 0)) {
 					$GLOBALS['menu']['description'] = array();
 					$GLOBALS['menu']['title'] = array(); $SUB = true;
-					$OUT .= "<li class=\"admin_menu_sub\"><ul class=\"admin_menu_sub\">\n";
+					$OUT .= '<li class="admin_menu_sub"><ul class="admin_menu_sub">';
 					// @TODO Rewrite this to $content = SQL_FETCHARRAY()
 					while (list($what_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) {
 						// Check for access level
@@ -414,47 +441,47 @@ ORDER BY
 							// Insert compiled title and description
 							$GLOBALS['menu']['title'][$what_sub]      = $title_what;
 							$GLOBALS['menu']['description'][$what_sub] = $desc_what;
-							$OUT .= "<li class=\"admin_menu\">
-		<div class=\"nobr\"><strong>--&gt;</strong>&nbsp;";
+							$OUT .= '<li class="admin_menu">
+<div class="nobr"><strong>--&gt;</strong>&nbsp;';
 							if ($readable === true) {
 								if ($what == $what_sub) {
-									$OUT .= "<strong>";
+									$OUT .= '<strong>';
 								} else {
-									$OUT .= "[<a href=\"{?URL?}/modules.php?module=admin&amp;what=".$what_sub."\">";
+									$OUT .= '[<a href="{%url=modules.php?module=admin&amp;what=' . $what_sub . '%}">';
 								}
 							} else {
-								$OUT .= "<em style=\"cursor:help\" class=\"admin_note\" title=\"{--MENU_WHAT_404--}\">";
+								$OUT .= '<em style="cursor:help" class="admin_note" title="{--MENU_WHAT_404--}">';
 							}
 
 							$OUT .= $title_what;
 
 							if ($readable === true) {
 								if ($what == $what_sub) {
-									$OUT .= "</strong>";
+									$OUT .= '</strong>';
 								} else {
-									$OUT .= "</a>]";
+									$OUT .= '</a>]';
 								}
 							} else {
-								$OUT .= "</em>";
+								$OUT .= '</em>';
 							}
-							$OUT .= "</div>
-</li>\n";
+							$OUT .= '</div>
+</li>';
 						} // END - if
 					} // END - while
 
 					// Free memory
 					SQL_FREERESULT($result_what);
-					$OUT .= "</ul>
-</li>\n";
+					$OUT .= '</ul>
+</li>';
 				} // END - if
 
-				$OUT .= "<li style=\"height:7px\" class=\"seperator\">&nbsp;</li>\n";
+				$OUT .= '<li style="height:7px" class="seperator">&nbsp;</li>';
 			} // END - if
 		} // END - while
 
 		// Free memory
 		SQL_FREERESULT($result_main);
-		$OUT .= "</ul>\n";
+		$OUT .= '</ul>';
 	}
 
 	// Is there a cache instance again?
@@ -475,13 +502,13 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal
 	$OUT = '';
 
 	// USe this only for adding points (e.g. adding refs really makes no sence ;-) )
-	if ($add_all === true)   $OUT = "      <option value=\"all\">{--ALL_MEMBERS--}</option>\n";
-	 elseif ($none === true) $OUT = "      <option value=\"0\">{--SELECT_NONE--}</option>\n";
+	if ($add_all === true)   $OUT = '      <option value="all">{--ALL_MEMBERS--}</option>';
+	 elseif ($none === true) $OUT = '      <option value="0">{--SELECT_NONE--}</option>';
 
 	while ($content = SQL_FETCHARRAY($result)) {
-		$OUT .= "      <option value=\"".bigintval($content['userid'])."\"";
+		$OUT .= '      <option value="' . bigintval($content['userid']) . '"';
 		if ($def == $content['userid']) $OUT .= ' selected="selected"';
-		$OUT .= ">".$content['surname']." ".$content['family']." (".bigintval($content['userid']).")</option>\n";
+		$OUT .= '>' . $content['surname'] . ' ' . $content['family'] . ' (' . bigintval($content['userid']) . ')</option>';
 	} // END - while
 
 	// Free memory
@@ -496,7 +523,7 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal
 		loadTemplate('admin_member_selection_box', false, $content);
 	} else {
 		// Return content in selection frame
-		return "<select class=\"admin_select\" name=\"".$field."\" size=\"1\">\n".$OUT."</select>\n";
+		return '<select class="admin_select" name="' . $field . '" size="1">' . $OUT . '</select>';
 	}
 }
 
@@ -505,13 +532,14 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal
 // @DEPRECATED
 function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') {
 	$what = "`what` != ''";
-	if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND action !='login'";
-	$result = SQL_QUERY_ESC("SELECT %s, title FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort`",
+	if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND `action` !='login'";
+
+	$result = SQL_QUERY_ESC("SELECT %s, `title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC",
 		array($mode), __FUNCTION__, __LINE__);
 	if (SQL_NUMROWS($result) > 0) {
 		// Load menu as selection
 		$OUT = "<select name=\"".$mode."_menu";
-		if ((!empty($defid)) || ($defid == 0)) $OUT .= "[".$defid."]";
+		if ((!empty($defid)) || ($defid == '0')) $OUT .= "[".$defid."]";
 		$OUT .= "\" size=\"1\" class=\"admin_select\">
 	<option value=\"\">{--SELECT_NONE--}</option>\n";
 		// @TODO Try to rewrite this to $content = SQL_FETCHARRAY(). Please look some lines above for the dynamic query
@@ -534,18 +562,18 @@ function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') {
 }
 
 // Wrapper for $_POST and adminSaveSettings
-function adminSaveSettingsFromPostData ($tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) {
+function adminSaveSettingsFromPostData ($tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false, $displayMessage = true) {
 	// Get the array
 	$postData = postRequestArray();
 
 	// Call the lower function
-	adminSaveSettings($postData, $tableName, $whereStatement, $translateComma, $alwaysAdd);
+	adminSaveSettings($postData, $tableName, $whereStatement, $translateComma, $alwaysAdd, $displayMessage);
 }
 
 // Save settings to the database
-function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement = "config=0", $translateComma = array(), $alwaysAdd = false) {
+function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false, $displayMessage = true) {
 	// Prepare all arrays, variables
-	$DATA = array();
+	$tableData = array();
 	$skip = false;
 
 	// Now, walk through all entries and prepare them for saving
@@ -553,13 +581,10 @@ function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement
 		// Process only formular field but not submit buttons ;)
 		if ($id != 'ok') {
 			// Do not save the ok value
-			convertSelectionsToTimestamp($postData, $DATA, $id, $skip);
-
-			// Shall we process this ID? It muss not be empty, of course
-			if (($skip === false) && (!empty($id))) {
-				// Save this entry
-				$val = compileCode($val);
+			convertSelectionsToTimestamp($postData, $tableData, $id, $skip);
 
+			// Shall we process this id? It muss not be empty, of course
+			if (($skip === false) && (!empty($id)) && (!isset($GLOBALS['skip_config'][$id]))) {
 				// Translate the value? (comma to dot!)
 				if ((is_array($translateComma)) && (in_array($id, $translateComma))) {
 					// Then do it here... :)
@@ -568,14 +593,17 @@ function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement
 
 				// Shall we add numbers or strings?
 				$test = (float)$val;
-				if ("".$val."" == ''.$test."") {
+				if ('' . $val . '' == '' . $test . '') {
 					// Add numbers
-					$DATA[] = sprintf("`%s`=%s", $id, $test);
+					$tableData[] = sprintf("`%s`=%s", $id, $test);
 				} else {
 					// Add strings
-					$DATA[] = sprintf("`%s`='%s'", $id, trim($val));
+					$tableData[] = sprintf("`%s`='%s'", $id, trim($val));
 				}
 
+				// Do not add a config entry twice
+				$GLOBALS['skip_config'][$id] = true;
+
 				// Update current configuration
 				setConfigEntry($id, $val);
 			} // END - if
@@ -586,40 +614,41 @@ function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement
 	$result = false;
 	if ($alwaysAdd === false) {
 		if (!empty($whereStatement)) {
-			$result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}".$tableName."` WHERE ".$whereStatement." LIMIT 1", __FUNCTION__, __LINE__);
+			$result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` WHERE " . $whereStatement . " LIMIT 1", __FUNCTION__, __LINE__);
 		} else {
-			$result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}".$tableName."` LIMIT 1", __FUNCTION__, __LINE__);
+			$result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` LIMIT 1", __FUNCTION__, __LINE__);
 		}
 	} // END - if
 
 	if (SQL_NUMROWS($result) == 1) {
 		// "Implode" all data to single string
-		$DATA_UPDATE = implode(', ', $DATA);
+		$updatedData = implode(', ', $tableData);
 
 		// Generate SQL string
 		$sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}%s` SET %s WHERE %s LIMIT 1",
-		$tableName,
-		$DATA_UPDATE,
-		$whereStatement
+			$tableName,
+			$updatedData,
+			$whereStatement
 		);
 	} else {
 		// Add Line (does only work with auto_increment!
-		$KEYs = array(); $values = array();
-		foreach ($DATA as $entry) {
+		$keys = array(); $values = array();
+		foreach ($tableData as $entry) {
 			// Split up
 			$line = explode('=', $entry);
-			$KEYs[] = $line[0]; $values[] = $line[1];
+			$keys[] = $line[0];
+			$values[] = $line[1];
 		} // END - foreach
 
 		// Add both in one line
-		$KEYs = implode(', ', $KEYs);
+		$keys = implode('`, `', $keys);
 		$values = implode(', ', $values);
 
 		// Generate SQL string
-		$sql = sprintf("INSERT INTO {?_MYSQL_PREFIX?}%s (%s) VALUES (%s)",
-		$tableName,
-		$KEYs,
-		$values
+		$sql = sprintf("INSERT INTO `{?_MYSQL_PREFIX?}%s` (%s) VALUES (%s)",
+			$tableName,
+			$keys,
+			$values
 		);
 	}
 
@@ -629,11 +658,17 @@ function adminSaveSettings (&$postData, $tableName = "_config", $whereStatement
 	// Simply run generated SQL string
 	SQL_QUERY($sql, __FUNCTION__, __LINE__);
 
+	// Remember affected rows
+	$affected = SQL_AFFECTEDROWS();
+
 	// Rebuild cache
 	rebuildCacheFile('config', 'config');
 
-	// Settings saved
-	loadTemplate('admin_settings_saved', false, getMessage('SETTINGS_SAVED'));
+	// Settings saved, so display message?
+	if ($displayMessage === true) loadTemplate('admin_settings_saved', false, getMessage('SETTINGS_SAVED'));
+
+	// Return affected rows
+	return $affected;
 }
 
 // Generate a selection box
@@ -677,26 +712,34 @@ function adminAddMenuSelectionBox ($menu, $type, $name, $default = '') {
 
 // Creates a user-profile link for the admin. This function can also be used for many other purposes
 function generateUserProfileLink ($userid, $title = '', $what = 'list_user') {
-	if (($title == '') && ($title != 0)) {
+	if (($title == '') && ($userid > 0)) {
 		// Set userid as title
 		$title = $userid;
-	} // END - if
+	} elseif ($userid == 0) {
+		// User id zero is invalid
+		return '<strong>' . $userid . '</strong>';
+	}
 
-	if (($title == 0) && ($what == 'list_refs')) {
+	if (($title == '0') && ($what == 'list_refs')) {
 		// Return title again
 		return $title;
-	} // END - if
+	} elseif (isExtensionActive('nickname')) {
+		// Get nickname
+		$nick = getNickname($userid);
+
+		// Is it not empty, use it as title else the userid
+		if (!empty($nick)) $title = $nick . '(' . $userid . ')'; else $title = $userid;
+	}
 
 	// Return link
-	//* DEBUG: */ outputHtml("a:".$title."<br />");
-	return '[<a href="{?URL?}/modules.php?module=admin&amp;what=' . $what . '&amp;userid=' . $userid . '" title="{--ADMIN_USER_PROFILE_TITLE--}">' . $title . '</a>]';
+	return '[<a href="{%url=modules.php?module=admin&amp;what=' . $what . '&amp;userid=' . $userid . '%}" title="{--ADMIN_USER_PROFILE_TITLE--}">' . $title . '</a>]';
 }
 
 // Check "logical-area-mode"
 function adminGetMenuMode () {
 	// Set the global mode as the mode for all admins
 	$mode = getConfig('admin_menu');
-	$ADMIN = $mode;
+	$adminMode = $mode;
 
 	// Get admin id
 	$adminId = getCurrentAdminId();
@@ -704,23 +747,25 @@ function adminGetMenuMode () {
 	// Check individual settings of current admin
 	if (isset($GLOBALS['cache_array']['admin']['la_mode'][$adminId])) {
 		// Load from cache
-		$ADMIN = $GLOBALS['cache_array']['admin']['la_mode'][$adminId];
+		$adminMode = $GLOBALS['cache_array']['admin']['la_mode'][$adminId];
 		incrementStatsEntry('cache_hits');
 	} elseif (isExtensionInstalledAndNewer('admins', '0.6.7')) {
 		// Load from database when version of 'admins' is enough
 		$result = SQL_QUERY_ESC("SELECT la_mode FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1",
 			array($adminId), __FUNCTION__, __LINE__);
+
+		// Do we have an entry?
 		if (SQL_NUMROWS($result) == 1) {
 			// Load data
-			list($ADMIN) = SQL_FETCHROW($result);
-		}
+			list($adminMode) = SQL_FETCHROW($result);
+		} // END - if
 
 		// Free memory
 		SQL_FREERESULT($result);
 	}
 
 	// Check what the admin wants and set it when it's not the global mode
-	if ($ADMIN != 'global') $mode = $ADMIN;
+	if ($adminMode != 'global') $mode = $adminMode;
 
 	// Return admin-menu's mode
 	return $mode;
@@ -728,11 +773,11 @@ function adminGetMenuMode () {
 
 // Change activation status
 function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') {
-	$cnt = 0; $newStatus = 'Y';
+	$cnt = '0'; $newStatus = 'Y';
 	if ((is_array($IDs)) && (count($IDs) > 0)) {
 		// "Walk" all through and count them
 		foreach ($IDs as $id => $selected) {
-			// Secure the ID number
+			// Secure the id number
 			$id = bigintval($id);
 
 			// Should always be set... ;-)
@@ -782,7 +827,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') {
 	} // END - if
 
 	// Is the raw userid set?
-	if (postRequestElement('userid_raw', $id) > 0) {
+	if (postRequestParameter('userid_raw', $id) > 0) {
 		// Generate subject
 		$subjectLine = getMessage('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
 
@@ -794,7 +839,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') {
 		}
 
 		// Send email out
-		sendEmail(postRequestElement('userid_raw', $id), $subjectLine, $mail);
+		sendEmail(postRequestParameter('userid_raw', $id), $subjectLine, $mail);
 	} // END - if
 
 	// Generate subject
@@ -802,9 +847,9 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') {
 
 	// Send admin notification out
 	if (!empty($subjectPart)) {
-		sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestElement('userid_raw', $id));
+		sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter('userid_raw', $id));
 	} else {
-		sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestElement('userid_raw', $id));
+		sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestParameter('userid_raw', $id));
 	}
 }
 
@@ -814,7 +859,7 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions,
 
 	// "Walk"Â through all entries
 	foreach ($IDs as $id => $selected) {
-		// Secure ID number
+		// Secure id number
 		$id = bigintval($id);
 
 		// Get result from a given column array and table name
@@ -860,9 +905,9 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions,
 
 	// Load master template
 	loadTemplate(sprintf("admin_%s_%s",
-	$listType,
-	$table
-	), false, $OUT
+		$listType,
+		$table
+		), false, $OUT
 	);
 }
 
@@ -949,7 +994,7 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti
 	} // END - if
 }
 
-// Delete rows by given ID numbers
+// Delete rows by given id numbers
 function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $deleteNow=false, $idColumn='id', $userIdColumn='userid') {
 	// All valid entries? (We hope so here!)
 	if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) {
@@ -962,7 +1007,7 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunct
 			$idList = '';
 			foreach ($IDs as $id => $sel) {
 				// Is there a userid?
-				if (isPostRequestElementSet('userid_raw', $id)) {
+				if (isPostRequestParameterSet('userid_raw', $id)) {
 					// Load all data from that id
 					$result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1",
 					array($table, $idColumn, $id), __FUNCTION__, __LINE__);
@@ -999,14 +1044,14 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunct
 	} // END - if
 }
 
-// Edit rows by given ID numbers
+// Edit rows by given id numbers
 function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $editNow=false, $idColumn='id', $userIdColumn='userid') {
 	// All valid entries? (We hope so here!)
 	if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) {
 		// Shall we change here or list for editing?
 		if ($editNow === true) {
 			// Change them all
-			$affected = 0;
+			$affected = '0';
 			foreach ($IDs as $id => $sel) {
 				// Prepare content array (new values)
 				$content = array();
@@ -1051,7 +1096,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio
 				} // END - foreach
 
 				// Finish SQL command
-				$sql = substr($sql, 0, -1) . " WHERE `".$idColumn."`=".bigintval($id)." LIMIT 1";
+				$sql = substr($sql, 0, -1) . " WHERE `" . $idColumn . "`=" . bigintval($id) . " LIMIT 1";
 
 				// Run this query
 				SQL_QUERY($sql, __FUNCTION__, __LINE__);
@@ -1088,32 +1133,32 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio
 	} // END - if
 }
 
-// Un-/lock rows by given ID numbers
+// Un-/lock rows by given id numbers
 function adminLockEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $lockNow=false, $idColumn='id', $userIdColumn='userid') {
 	// All valid entries? (We hope so here!)
 	if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($lockNow === false) || (count($statusArray) == 1))) {
 		// Shall we un-/lock here or list for locking?
 		if ($lockNow === true) {
 			// Un-/lock entries
-			adminBuilderStatusHandler("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
+			adminBuilderStatusHandler('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
 		} else {
 			// List for editing
-			adminListBuilder("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+			adminListBuilder('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
 		}
 	} // END - if
 }
 
-// Undelete rows by given ID numbers
+// Undelete rows by given id numbers
 function adminUndeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $undeleteNow=false, $idColumn='id', $userIdColumn='userid') {
 	// All valid entries? (We hope so here!)
 	if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($undeleteNow === false) || (count($statusArray) == 1))) {
 		// Shall we un-/lock here or list for locking?
 		if ($undeleteNow === true) {
 			// Undelete entries
-			adminBuilderStatusHandler("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
+			adminBuilderStatusHandler('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
 		} else {
 			// List for editing
-			adminListBuilder("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+			adminListBuilder('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
 		}
 	} // END - if
 }
@@ -1138,15 +1183,12 @@ function sendAdminPasswordResetLink ($email) {
 	// Init output
 	$OUT = '';
 
-	// Compile out security characters (must be for looking up!)
-	$email = compileCode($email);
-
 	//Â Look up administator login
 	$result = SQL_QUERY_ESC("SELECT `id`, `login`, `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1",
 		array($email), __FUNCTION__, __LINE__);
 
 	// Is there an account?
-	if (SQL_NUMROWS($result) == 0) {
+	if (SQL_NUMROWS($result) == '0') {
 		// No account found!
 		return getMessage('ADMIN_NO_LOGIN_WITH_EMAIL');
 	} // END - if
@@ -1158,7 +1200,7 @@ function sendAdminPasswordResetLink ($email) {
 	SQL_FREERESULT($result);
 
 	// Generate hash for reset link
-	$content['hash'] = generateHash(getConfig('URL').':'.$content['id'].':'.$content['login'].':'.$content['password'], substr($content['password'], 10));
+	$content['hash'] = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $content['login'] . ':' . $content['password'], substr($content['password'], 10));
 
 	// Remove some data
 	unset($content['id']);
@@ -1179,12 +1221,9 @@ function adminResetValidateHashLogin ($hash, $login) {
 	// By default nothing validates... ;)
 	$valid = false;
 
-	// Compile the login for lookup
-	$login = compileCode($login);
-
 	// Then try to find that user
 	$result = SQL_QUERY_ESC("SELECT `id`, `password`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1",
-	array($login), __FUNCTION__, __LINE__);
+		array($login), __FUNCTION__, __LINE__);
 
 	// Is an account here?
 	if (SQL_NUMROWS($result) == 1) {
@@ -1192,7 +1231,7 @@ function adminResetValidateHashLogin ($hash, $login) {
 		$content = SQL_FETCHARRAY($result);
 
 		// Generate hash again
-		$hashFromData = generateHash(getConfig('URL').':'.$content['id'].':'.$login.':'.$content['password'], substr($content['password'], 10));
+		$hashFromData = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $login . ':' . $content['password'], substr($content['password'], 10));
 
 		// Does both match?
 		$valid = ($hash == $hashFromData);
@@ -1262,17 +1301,24 @@ function adminUpdateTaskData ($id, $row, $data) {
 
 	// Update the task
 	SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_task_system` SET `%s`='%s' WHERE `id`=%s LIMIT 1",
-		array($row, $data, bigintval($id)), __FUNCTION__, __LINE__);
+		array(
+			$row,
+			$data,
+			bigintval($id)
+		), __FUNCTION__, __LINE__);
 }
 
 // Checks wether if the admin menu has entries
 function ifAdminMenuHasEntries ($action) {
 	return (
 		((
+			// Is the entry set?
 			isset($GLOBALS['admin_menu_has_entries'][$action])
 		) && (
+			// And do we have a menu for this action?
 			$GLOBALS['admin_menu_has_entries'][$action] === true
 		)) || (
+			// Login has always a menu
 			$action == 'login'
 		)
 	);
@@ -1288,11 +1334,109 @@ function adminCreateUserLink ($userid) {
 	// Is the userid set correctly?
 	if ($userid > 0) {
 		// Create a link to that profile
-		return '{?URL?}/modules.php?module=admin&amp;what=list_user&amp;userid='.bigintval($userid);
+		return '{%url=modules.php?module=admin&amp;what=list_user&amp;userid=' . bigintval($userid) . '%}';
 	} // END - if
 
 	// Return a link to the user list
-	return '{?URL?}/modules.php?module=admin&amp;what=list_user';
+	return '{%url=modules.php?module=admin&amp;what=list_user%}';
+}
+
+// Generate a "link" for the given admin id (admin_id)
+function generateAdminLink ($adminId) {
+	// No assigned admin is default
+	$adminLink = '<span class="admin_note">{--ADMIN_NO_ADMIN_ASSIGNED--}</span>';
+
+	// Zero? = Not assigned
+	if (bigintval($adminId) > 0) {
+		// Load admin's login
+		$login = getAdminLogin($adminId);
+
+		// Is the login valid?
+		if ($login != '***') {
+			// Is the extension there?
+			if (isExtensionActive('admins')) {
+				// Admin found
+				$adminLink = '<a href="' . generateEmailLink(getAdminEmail($adminId), 'admins') . '" title="{--ADMIN_CONTACT_LINK_TITLE--}">' . $login . '</a>';
+			} else {
+				// Extension not found
+				$adminLink = getMaskedMessage('EXTENSION_PROBLEM_NOT_INSTALLED', 'admins');
+			}
+		} else {
+			// Maybe deleted?
+			$adminLink = '<div class="admin_note">' . getMaskedMessage('ADMIN_ID_404', $adminId) . '</div>';
+		}
+	} // END - if
+
+	// Return result
+	return $adminLink;
+}
+
+// Verifies if the current admin has confirmed to alter expert settings
+//
+// Return values:
+// 'failed'    = Something goes wrong (default)
+// 'agreed'    = Has verified and and confirmed it to see them
+// 'forbidden' = Has not the proper right to alter them
+// 'update'    = Need to update extension 'admins'
+// 'ask'       = A form was send to the admin
+function doVerifyExpertSettings () {
+	// Default return status is failed
+	$return = 'failed';
+
+	// Is the extension installed and recent?
+	if (isExtensionInstalledAndNewer('admins', '0.7.3')) {
+		// Okay, load the status
+		$expertSettings = getAminsExpertSettings();
+
+		// Is he allowed?
+		if ($expertSettings == 'Y') {
+			// Okay, does he want to see them?
+			if (getAminsExpertWarning() == 'Y') {
+				// Ask for them
+				if (isFormSent()) {
+					// Is the element set, then we need to change the admin
+					if (isPostRequestParameterSet('expert_settings')) {
+						// Get it and prepare final post data array
+						$postData['login'][getCurrentAdminId()] = getAdminLogin(getCurrentAdminId());
+						$postData['expert_warning'][getCurrentAdminId()] = 'N';
+
+						// Change it in the admin
+						adminsChangeAdminAccount($postData, 'expert_warning');
+
+						// Clear form
+						unsetPostRequestParameter('ok');
+					} // END - if
+
+					// All fine!
+					$return = 'agreed';
+				} else {
+					// Send form
+					loadTemplate('admin_expert_settings_form');
+
+					// Asked for it
+					$return = 'ask';
+				}
+			} else {
+				// Do not display
+				$return = 'agreed';
+			}
+		} else {
+			// Forbidden
+			$return = 'forbidden';
+		}
+	} else {
+		// Out-dated extension or not installed
+		$return = 'update';
+	}
+
+	// Output message for other status than ask/agreed
+	if (($return != 'ask') && ($return != 'agreed')) {
+		// Output message
+		loadTemplate('admin_settings_saved', false, getMessage('ADMIN_EXPERT_SETTINGS_STATUS_' . strtoupper($return)));
+	} // END - if
+
+	// Return status
+	return $return;
 }
 
 // [EOF]
