X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=6a726a464d0147e080a948ddb609fa64719f7b6b;hp=426440e50d6ffc9673a842aee76af5068e03d0d6;hb=de5910b8e5deb9285a7ac57c26ebd894f4e1afbf;hpb=5567f0a4ba3e655d5ae53b518e86ad9737faad79

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 426440e50d..6a726a464d 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -1,7 +1,7 @@
 <?php
 /************************************************************************
- * MXChange v0.2.1                                    Start: 08/31/2003 *
- * ===============                              Last change: 11/23/2004 *
+ * Mailer v0.2.1-FINAL                                Start: 08/31/2003 *
+ * ===================                          Last change: 11/23/2004 *
  *                                                                      *
  * -------------------------------------------------------------------- *
  * File              : admin-inc.php                                    *
@@ -42,23 +42,25 @@ if (!defined('__SECURITY')) {
 } // END - if
 
 // Register an administrator account
-function addAdminAccount ($user, $md5, $email) {
+function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
 	// Login does already exist
 	$ret = 'already';
 
 	// Lookup the admin
 	$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1",
-		array($user), __FUNCTION__, __LINE__);
+		array($adminLogin), __FUNCTION__, __LINE__);
 
 	// Is the entry there?
-	if (SQL_NUMROWS($result) == 0) {
+	if (SQL_NUMROWS($result) == '0') {
 		// Ok, let's create the admin login
 		SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
 			array(
-				$user,
-				$md5,
-				$email
+				$adminLogin,
+				$passHash,
+				$adminEmail
 			), __FUNCTION__, __LINE__);
+
+		// All done
 		$ret = 'done';
 	} // END - if
 
@@ -69,171 +71,72 @@ function addAdminAccount ($user, $md5, $email) {
 	return $ret;
 }
 
-// Only be executed on login procedure!
-function ifAdminLoginDataIsValid ($admin, $password) {
-	// By default no admin is found
+// This function will be executed when the admin is not logged in and has submitted his login data
+function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) {
+	// First of all, no admin login is found
 	$ret = '404';
 
-	// Get admin id
-	$adminId = getAdminId($admin);
-
-	// Init array with admin id by default
-	$data = array('admin_id' => $adminId);
-
-	// Is the cache valid?
-	if (isAdminHashSet($admin)) {
-		// Get password from cache
-		$data['password'] = getAdminHash($admin);
-		$ret = 'pass';
-		incrementStatsEntry('cache_hits');
-
-		// Include more admins data?
-		if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($GLOBALS['cache_array']['admin']['login_failures'][$adminId]))) {
-			// Load them here
-			$data['login_failures'] = $GLOBALS['cache_array']['admin']['login_failures'][$adminId];
-			$data['last_failure']   = $GLOBALS['cache_array']['admin']['last_failure'][$adminId];
-		} // END - if
-	} elseif (!isExtensionActive('cache')) {
-		// Add extra data via filter now
-		$add = runFilterChain('sql_admin_extra_data');
+	// Then we need to lookup the login name by getting the admin hash
+	$adminHash = getAdminHash($adminLogin);
 
-		// Get password from DB
-		$result = SQL_QUERY_ESC("SELECT `password`" . $add . " FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1",
-			array($adminId), __FUNCTION__, __LINE__);
+	// If this is fine, we can continue
+	if ($adminHash != '-1') {
+		// Get admin id and set it as current
+		setCurrentAdminId(getAdminId($adminLogin));
 
-		// Entry found?
-		if (SQL_NUMROWS($result) == 1) {
-			// Login password found
-			$ret = 'pass';
+		// Now, we need to encode the password in the same way the one is encoded in database
+		$testHash = generateHash($adminPassword, $adminHash);
 
-			// Fetch data
-			$data = SQL_FETCHARRAY($result);
-		} // END - if
-
-		// Free result
-		SQL_FREERESULT($result);
-	}
-
-	//* DEBUG: */ outputHtml("*".$data['password'].'/'.md5($password).'/'.$ret."<br />");
-	if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
-		// Generate new hash
-		$data['password'] = generateHash($password);
-
-		// Is the sql_patches not installed, than we cannot have a valid hashed password here!
-		if (($ret == 'pass') && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) $ret = 'done';
-	} elseif ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches'))) {
-		// Old hashing way
-		return $ret;
-	} elseif (!isset($data['password'])) {
-		// Password not found, so no valid login!
-		return $ret;
-	}
-
-	// Generate salt of password
-	$salt = substr($data['password'], 0, -40);
-
-	// Check if password is same
-	//* DEBUG: */ outputHtml("*".$ret.','.$data['password'].','.$password.','.$salt."*<br />");
-	if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) {
-		// Re-hash the plain passord with new random salt
-		$data['password'] = generateHash($password);
-
-		// Do we have 0.7.0 of admins or later?
-		// Remmeber login failures if available
-		if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($data['login_failures']))) {
-			// Store it in session
-			setSession('mxchange_admin_failures', $data['login_failures']);
-			setSession('mxchange_admin_last_fail', $data['last_failure']);
-
-			// Update password and reset login failures
-			SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s',`login_failures`=0,`last_failure`='0000-00-00 00:00:00' WHERE `id`=%s LIMIT 1",
-				array($data['password'], $adminId), __FUNCTION__, __LINE__);
+		// If they both match, the login data is valid
+		if ($testHash == $adminHash) {
+			// All fine
+			$ret = 'done';
 		} else {
-			// Update password
-			SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `id`=%s LIMIT 1",
-				array($data['password'], $adminId), __FUNCTION__, __LINE__);
+			// Set status
+			$ret = 'pass';
 		}
-
-		// Rebuild cache
-		rebuildCacheFile('admin', 'admin');
-
-		// Login has failed by default... ;-)
-		$ret = 'failed1';
-
-		// Password matches so login here
-		if (doAdminLogin($admin, $data['password'])) {
-			// All done now
-			$ret = 'done';
-		} // END - if
-	} elseif ((empty($salt)) && ($ret == 'pass')) {
-		// Something bad went wrong
-		$ret = 'failed_salt';
-	} elseif ($ret == 'done') {
-		// Try to login here if we have the old hashing way (sql_patches not installed?)
-		if (!doAdminLogin($admin, $data['password'])) {
-			// Something went wrong
-			$ret = 'failed2';
-		} // END - if
-	}
-
-	// Count login failure if admins extension version is 0.7.0+
-	if (($ret == 'pass') && (getExtensionVersion('admins') >= '0.7.0')) {
-		// Update counter
-		SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `id`=%s LIMIT 1",
-			array($adminId), __FUNCTION__, __LINE__);
-
-		// Rebuild cache
-		rebuildCacheFile('admin', 'admin');
 	} // END - if
 
-	// Return the result
-	//* DEBUG: */ die('RETURN=' . $ret);
-	return $ret;
-}
+	// Prepare data array
+	$data = array(
+		'login'      => $adminLogin,
+		'plain_pass' => $adminPassword,
+		'pass_hash'  => $adminHash
+	);
 
-// Try to login the admin by setting some session/cookie variables
-function doAdminLogin ($adminLogin, $passHash) {
-	// Reset failure counter on matching admins version
-	if ((isExtensionInstalledAndNewer('admins', '0.7.0')) && ((isExtensionOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) {
-		// Reset counter on out-dated sql_patches version
-		SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login_failures`=0, `last_failure`='0000-00-00 00:00:00' WHERE `login`='%s' LIMIT 1",
-			array($adminLogin), __FUNCTION__, __LINE__);
+	// Run a special filter
+	runFilterChain('do_admin_login_' . $ret, $data);
 
-		// Rebuild cache
-		rebuildCacheFile('admin', 'admin');
-	} // END - if
-
-	// Now set all session variables and return the result
-	return ((
-		setSession('admin_md5', generatePassString($passHash))
-	) && (
-		setSession('admin_login', $adminLogin)
-	) && (
-		setSession('admin_last', time())
-	) && (
-		setSession('admin_to', bigintval(postRequestElement('timeout')))
-	));
+	// Return status
+	return $ret;
 }
 
 // Only be executed on cookie checking
-function ifAdminCookiesAreValid ($admin, $password) {
-	// By default no admin cookies are found
-	$ret  = '404';
-	$pass = '';
+function ifAdminCookiesAreValid ($adminLogin, $passHash) {
+	// First of all, no admin login is found
+	$ret = '404';
 
-	// Get hash
-	$pass = getAdminHash($admin);
-	if ($pass != '-1') $ret = 'pass';
+	// Then we need to lookup the login name by getting the admin hash
+	$adminHash = getAdminHash($adminLogin);
 
-	//* DEBUG: */ outputHtml(__FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).")<br />");
+	// If this is fine, we can continue
+	if ($adminHash != '-1') {
+		// Now, we need to encode the password in the same way the one is encoded in database
+		$testHash = encodeHashForCookie($adminHash);
+		//* DEBUG: */ outputHtml('adminLogin='.$adminLogin.',<br />passHash='.$passHash.',<br />adminHash='.$adminHash.',<br />testHash='.$testHash.'<br />');
 
-	// Check if password matches
-	if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass))) && (isAdmin())) {
-		// Passwords matches!
-		$ret = 'done';
+		// If they both match, the login data is valid
+		if ($testHash == $passHash) {
+			// All fine
+			$ret = 'done';
+		} else {
+			// Set status
+			$ret = 'pass';
+		}
 	} // END - if
 
-	// Return result
+	// Return status
+	//* DEBUG: */ outputHtml('ret='.$ret);
 	return $ret;
 }
 
@@ -242,7 +145,7 @@ function doAdminAction () {
 	// Get default what
 	$what = getWhat();
 
-	//* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."*<br />");
+	//* DEBUG: */ outputHtml(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*<br />');
 
 	// Remove any spaces from variable
 	if (empty($what)) {
@@ -254,7 +157,7 @@ function doAdminAction () {
 	}
 
 	// Get action value
-	$action = getModeAction(getModule(), $what);
+	$action = getActionFromModuleWhat(getModule(), $what);
 
 	// Define admin login name and id number
 	$content['login'] = getSession('admin_login');
@@ -272,12 +175,6 @@ function doAdminAction () {
 	// Tableset header
 	loadTemplate('admin_main_header', false, $content);
 
-	// Is sql_patches not yet installed?
-	if (!isExtensionInstalled('sql_patches')) {
-		// Output warning
-		loadTemplate('admin_settings_saved', false, getMessage('ADMIN_WARNING_SQL_PATCHES_MISSING'));
-	} // END - if
-
 	// Check if action/what pair is valid
 	$result_action = SQL_QUERY_ESC("SELECT
 	`id`
@@ -297,7 +194,13 @@ WHERE
 		)
 	)
 LIMIT 1",
-		array($action, $what, $what), __FUNCTION__, __LINE__);
+		array(
+			$action,
+			$what,
+			$what
+		), __FUNCTION__, __LINE__);
+
+	// Do we have an entry?
 	if (SQL_NUMROWS($result_action) == 1) {
 		// Is valid but does the inlcude file exists?
 		$inc = sprintf("inc/modules/admin/action-%s.php", $action);
@@ -306,14 +209,14 @@ LIMIT 1",
 			loadInclude($inc);
 		} elseif ($GLOBALS['acl_allow'] === false) {
 			// Access denied
-			loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACCESS_DENIED'), $what));
+			loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what));
 		} else {
 			// Include file not found! :-(
-			loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_404'), $action));
+			loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action));
 		}
 	} else {
 		// Invalid action/what pair found!
-		loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_INVALID'), $action.'/'.$what));
+		loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what));
 	}
 
 	// Free memory
@@ -346,8 +249,7 @@ ORDER BY
 
 	// Do we have entries?
 	if (SQL_NUMROWS($result_main) > 0) {
-		$OUT = "<div style=\"height:7px\" class=\"seperator\">&nbsp;</div>\n";
-		$OUT .= "<ul class=\"admin_menu_main\">\n";
+		$OUT .= '<ul class="admin_menu_main">';
 		// @TODO Rewrite this to $content = SQL_FETCHARRAY()
 		while (list($menu, $title, $descr) = SQL_FETCHROW($result_main)) {
 			if ((isExtensionActive('admins')) && (getExtensionVersion('admins') > '0.2.0')) {
@@ -369,33 +271,33 @@ ORDER BY
 					$GLOBALS['menu']['title'][$menu]      = $title;
 					$GLOBALS['menu']['description'][$menu] = $descr;
 				}
-				$OUT .= "<li class=\"admin_menu\">
-<div class=\"nobr\"><strong>&middot;</strong>&nbsp;";
+				$OUT .= '<li class="admin_menu">
+<div class="nobr"><strong>&middot;</strong>&nbsp;';
 
 				if ($readable === true) {
 					if (($menu == $action) && (empty($what))) {
-						$OUT .= "<strong>";
+						$OUT .= '<strong>';
 					} else {
-						$OUT .= "[<a href=\"{?URL?}/modules.php?module=admin&amp;action=".$menu."\">";
+						$OUT .= '[<a href="{%url=modules.php?module=admin&amp;action=' . $menu . '%}">';
 					}
 				} else {
-					$OUT .= "<em style=\"cursor:help\" class=\"admin_note\" title=\"{--MENU_ACTION_404--}\">";
+					$OUT .= '<em style="cursor:help" class="admin_note" title="{--MENU_ACTION_404--}">';
 				}
 
 				$OUT .= $title;
 
 				if ($readable === true) {
 					if (($menu == $action) && (empty($what))) {
-						$OUT .= "</strong>";
+						$OUT .= '</strong>';
 					} else {
-						$OUT .= "</a>]";
+						$OUT .= '</a>]';
 					}
 				} else {
-					$OUT .= "</em>";
+					$OUT .= '</em>';
 				}
 
-				$OUT .= "</div>
-</li>\n";
+				$OUT .= '</div>
+</li>';
 
 				// Check for menu entries
 				$result_what = SQL_QUERY_ESC("SELECT
@@ -418,7 +320,7 @@ ORDER BY
 				if ((ifAdminMenuHasEntries($menu)) && (SQL_NUMROWS($result_what) > 0)) {
 					$GLOBALS['menu']['description'] = array();
 					$GLOBALS['menu']['title'] = array(); $SUB = true;
-					$OUT .= "<li class=\"admin_menu_sub\"><ul class=\"admin_menu_sub\">\n";
+					$OUT .= '<li class="admin_menu_sub"><ul class="admin_menu_sub">';
 					// @TODO Rewrite this to $content = SQL_FETCHARRAY()
 					while (list($what_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) {
 						// Check for access level
@@ -440,47 +342,45 @@ ORDER BY
 							// Insert compiled title and description
 							$GLOBALS['menu']['title'][$what_sub]      = $title_what;
 							$GLOBALS['menu']['description'][$what_sub] = $desc_what;
-							$OUT .= "<li class=\"admin_menu\">
-		<div class=\"nobr\"><strong>--&gt;</strong>&nbsp;";
+							$OUT .= '<li class="admin_menu">
+<div class="nobr"><strong>--&gt;</strong>&nbsp;';
 							if ($readable === true) {
 								if ($what == $what_sub) {
-									$OUT .= "<strong>";
+									$OUT .= '<strong>';
 								} else {
-									$OUT .= "[<a href=\"{?URL?}/modules.php?module=admin&amp;what=".$what_sub."\">";
+									$OUT .= '[<a href="{%url=modules.php?module=admin&amp;what=' . $what_sub . '%}">';
 								}
 							} else {
-								$OUT .= "<em style=\"cursor:help\" class=\"admin_note\" title=\"{--MENU_WHAT_404--}\">";
+								$OUT .= '<em style="cursor:help" class="admin_note" title="{--MENU_WHAT_404--}">';
 							}
 
 							$OUT .= $title_what;
 
 							if ($readable === true) {
 								if ($what == $what_sub) {
-									$OUT .= "</strong>";
+									$OUT .= '</strong>';
 								} else {
-									$OUT .= "</a>]";
+									$OUT .= '</a>]';
 								}
 							} else {
-								$OUT .= "</em>";
+								$OUT .= '</em>';
 							}
-							$OUT .= "</div>
-</li>\n";
+							$OUT .= '</div>
+</li>';
 						} // END - if
 					} // END - while
 
 					// Free memory
 					SQL_FREERESULT($result_what);
-					$OUT .= "</ul>
-</li>\n";
+					$OUT .= '</ul>
+</li>';
 				} // END - if
-
-				$OUT .= "<li style=\"height:7px\" class=\"seperator\">&nbsp;</li>\n";
 			} // END - if
 		} // END - while
 
 		// Free memory
 		SQL_FREERESULT($result_main);
-		$OUT .= "</ul>\n";
+		$OUT .= '</ul>';
 	}
 
 	// Is there a cache instance again?
@@ -501,13 +401,13 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal
 	$OUT = '';
 
 	// USe this only for adding points (e.g. adding refs really makes no sence ;-) )
-	if ($add_all === true)   $OUT = "      <option value=\"all\">{--ALL_MEMBERS--}</option>\n";
-	 elseif ($none === true) $OUT = "      <option value=\"0\">{--SELECT_NONE--}</option>\n";
+	if ($add_all === true)   $OUT = '      <option value="all">{--ALL_MEMBERS--}</option>';
+	 elseif ($none === true) $OUT = '      <option value="0">{--SELECT_NONE--}</option>';
 
 	while ($content = SQL_FETCHARRAY($result)) {
-		$OUT .= "      <option value=\"".bigintval($content['userid'])."\"";
+		$OUT .= '      <option value="' . bigintval($content['userid']) . '"';
 		if ($def == $content['userid']) $OUT .= ' selected="selected"';
-		$OUT .= ">".$content['surname']." ".$content['family']." (".bigintval($content['userid']).")</option>\n";
+		$OUT .= '>' . $content['surname'] . ' ' . $content['family'] . ' (' . bigintval($content['userid']) . ')</option>';
 	} // END - while
 
 	// Free memory
@@ -522,7 +422,7 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal
 		loadTemplate('admin_member_selection_box', false, $content);
 	} else {
 		// Return content in selection frame
-		return "<select class=\"admin_select\" name=\"".$field."\" size=\"1\">\n".$OUT."</select>\n";
+		return '<select class="admin_select" name="' . $field . '" size="1">' . $OUT . '</select>';
 	}
 }
 
@@ -531,13 +431,14 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal
 // @DEPRECATED
 function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') {
 	$what = "`what` != ''";
-	if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND action !='login'";
-	$result = SQL_QUERY_ESC("SELECT %s, title FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort`",
+	if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND `action` !='login'";
+
+	$result = SQL_QUERY_ESC("SELECT %s, `title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC",
 		array($mode), __FUNCTION__, __LINE__);
 	if (SQL_NUMROWS($result) > 0) {
 		// Load menu as selection
 		$OUT = "<select name=\"".$mode."_menu";
-		if ((!empty($defid)) || ($defid == 0)) $OUT .= "[".$defid."]";
+		if ((!empty($defid)) || ($defid == '0')) $OUT .= "[".$defid."]";
 		$OUT .= "\" size=\"1\" class=\"admin_select\">
 	<option value=\"\">{--SELECT_NONE--}</option>\n";
 		// @TODO Try to rewrite this to $content = SQL_FETCHARRAY(). Please look some lines above for the dynamic query
@@ -560,18 +461,18 @@ function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') {
 }
 
 // Wrapper for $_POST and adminSaveSettings
-function adminSaveSettingsFromPostData ($tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false) {
+function adminSaveSettingsFromPostData ($tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false, $displayMessage = true) {
 	// Get the array
 	$postData = postRequestArray();
 
 	// Call the lower function
-	adminSaveSettings($postData, $tableName, $whereStatement, $translateComma, $alwaysAdd);
+	adminSaveSettings($postData, $tableName, $whereStatement, $translateComma, $alwaysAdd, $displayMessage);
 }
 
 // Save settings to the database
-function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false) {
+function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement = '`config`=0', $translateComma = array(), $alwaysAdd = false, $displayMessage = true) {
 	// Prepare all arrays, variables
-	$DATA = array();
+	$tableData = array();
 	$skip = false;
 
 	// Now, walk through all entries and prepare them for saving
@@ -579,10 +480,10 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
 		// Process only formular field but not submit buttons ;)
 		if ($id != 'ok') {
 			// Do not save the ok value
-			convertSelectionsToTimestamp($postData, $DATA, $id, $skip);
+			convertSelectionsToTimestamp($postData, $tableData, $id, $skip);
 
 			// Shall we process this id? It muss not be empty, of course
-			if (($skip === false) && (!empty($id)) && (!isset($GLOBALS['skip_config'][$id]))) {
+			if (($skip === false) && (!empty($id)) && ((!isset($GLOBALS['skip_config'][$id]))) || ($tableName != '_config')) {
 				// Translate the value? (comma to dot!)
 				if ((is_array($translateComma)) && (in_array($id, $translateComma))) {
 					// Then do it here... :)
@@ -593,10 +494,10 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
 				$test = (float)$val;
 				if ('' . $val . '' == '' . $test . '') {
 					// Add numbers
-					$DATA[] = sprintf("`%s`=%s", $id, $test);
+					$tableData[] = sprintf("`%s`=%s", $id, $test);
 				} else {
 					// Add strings
-					$DATA[] = sprintf("`%s`='%s'", $id, trim($val));
+					$tableData[] = sprintf("`%s`='%s'", $id, trim($val));
 				}
 
 				// Do not add a config entry twice
@@ -612,39 +513,40 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
 	$result = false;
 	if ($alwaysAdd === false) {
 		if (!empty($whereStatement)) {
-			$result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}".$tableName."` WHERE ".$whereStatement." LIMIT 1", __FUNCTION__, __LINE__);
+			$result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` WHERE " . $whereStatement . " LIMIT 1", __FUNCTION__, __LINE__);
 		} else {
-			$result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}".$tableName."` LIMIT 1", __FUNCTION__, __LINE__);
+			$result = SQL_QUERY("SELECT * FROM `{?_MYSQL_PREFIX?}" . $tableName . "` LIMIT 1", __FUNCTION__, __LINE__);
 		}
 	} // END - if
 
 	if (SQL_NUMROWS($result) == 1) {
 		// "Implode" all data to single string
-		$DATA_UPDATE = implode(', ', $DATA);
+		$updatedData = implode(', ', $tableData);
 
 		// Generate SQL string
 		$sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}%s` SET %s WHERE %s LIMIT 1",
 			$tableName,
-			$DATA_UPDATE,
+			$updatedData,
 			$whereStatement
 		);
 	} else {
 		// Add Line (does only work with auto_increment!
-		$KEYs = array(); $values = array();
-		foreach ($DATA as $entry) {
+		$keys = array(); $values = array();
+		foreach ($tableData as $entry) {
 			// Split up
 			$line = explode('=', $entry);
-			$KEYs[] = $line[0]; $values[] = $line[1];
+			$keys[] = $line[0];
+			$values[] = $line[1];
 		} // END - foreach
 
 		// Add both in one line
-		$KEYs = implode('`, `', $KEYs);
+		$keys = implode('`, `', $keys);
 		$values = implode(', ', $values);
 
 		// Generate SQL string
 		$sql = sprintf("INSERT INTO `{?_MYSQL_PREFIX?}%s` (%s) VALUES (%s)",
 			$tableName,
-			$KEYs,
+			$keys,
 			$values
 		);
 	}
@@ -655,11 +557,17 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
 	// Simply run generated SQL string
 	SQL_QUERY($sql, __FUNCTION__, __LINE__);
 
+	// Remember affected rows
+	$affected = SQL_AFFECTEDROWS();
+
 	// Rebuild cache
-	rebuildCacheFile('config', 'config');
+	rebuildCache('config', 'config');
+
+	// Settings saved, so display message?
+	if ($displayMessage === true) loadTemplate('admin_settings_saved', false, getMessage('SETTINGS_SAVED'));
 
-	// Settings saved
-	loadTemplate('admin_settings_saved', false, getMessage('SETTINGS_SAVED'));
+	// Return affected rows
+	return $affected;
 }
 
 // Generate a selection box
@@ -706,9 +614,12 @@ function generateUserProfileLink ($userid, $title = '', $what = 'list_user') {
 	if (($title == '') && ($userid > 0)) {
 		// Set userid as title
 		$title = $userid;
-	} // END - if
+	} elseif ($userid == 0) {
+		// User id zero is invalid
+		return '<strong>' . $userid . '</strong>';
+	}
 
-	if (($title == 0) && ($what == 'list_refs')) {
+	if (($title == '0') && ($what == 'list_refs')) {
 		// Return title again
 		return $title;
 	} elseif (isExtensionActive('nickname')) {
@@ -720,14 +631,14 @@ function generateUserProfileLink ($userid, $title = '', $what = 'list_user') {
 	}
 
 	// Return link
-	return '[<a href="{?URL?}/modules.php?module=admin&amp;what=' . $what . '&amp;userid=' . $userid . '" title="{--ADMIN_USER_PROFILE_TITLE--}">' . $title . '</a>]';
+	return '[<a href="{%url=modules.php?module=admin&amp;what=' . $what . '&amp;userid=' . $userid . '%}" title="{--ADMIN_USER_PROFILE_TITLE--}">' . $title . '</a>]';
 }
 
 // Check "logical-area-mode"
 function adminGetMenuMode () {
-	// Set the global mode as the mode for all admins
+	// Set the default menu mode as the mode for all admins
 	$mode = getConfig('admin_menu');
-	$ADMIN = $mode;
+	$adminMode = $mode;
 
 	// Get admin id
 	$adminId = getCurrentAdminId();
@@ -735,23 +646,25 @@ function adminGetMenuMode () {
 	// Check individual settings of current admin
 	if (isset($GLOBALS['cache_array']['admin']['la_mode'][$adminId])) {
 		// Load from cache
-		$ADMIN = $GLOBALS['cache_array']['admin']['la_mode'][$adminId];
+		$adminMode = $GLOBALS['cache_array']['admin']['la_mode'][$adminId];
 		incrementStatsEntry('cache_hits');
 	} elseif (isExtensionInstalledAndNewer('admins', '0.6.7')) {
 		// Load from database when version of 'admins' is enough
 		$result = SQL_QUERY_ESC("SELECT la_mode FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1",
 			array($adminId), __FUNCTION__, __LINE__);
+
+		// Do we have an entry?
 		if (SQL_NUMROWS($result) == 1) {
 			// Load data
-			list($ADMIN) = SQL_FETCHROW($result);
-		}
+			list($adminMode) = SQL_FETCHROW($result);
+		} // END - if
 
 		// Free memory
 		SQL_FREERESULT($result);
 	}
 
-	// Check what the admin wants and set it when it's not the global mode
-	if ($ADMIN != 'global') $mode = $ADMIN;
+	// Check what the admin wants and set it when it's not the default mode
+	if ($adminMode != 'global') $mode = $adminMode;
 
 	// Return admin-menu's mode
 	return $mode;
@@ -759,7 +672,7 @@ function adminGetMenuMode () {
 
 // Change activation status
 function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') {
-	$cnt = 0; $newStatus = 'Y';
+	$cnt = '0'; $newStatus = 'Y';
 	if ((is_array($IDs)) && (count($IDs) > 0)) {
 		// "Walk" all through and count them
 		foreach ($IDs as $id => $selected) {
@@ -813,7 +726,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') {
 	} // END - if
 
 	// Is the raw userid set?
-	if (postRequestElement('userid_raw', $id) > 0) {
+	if (postRequestParameter('userid_raw', $id) > 0) {
 		// Generate subject
 		$subjectLine = getMessage('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT');
 
@@ -825,7 +738,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') {
 		}
 
 		// Send email out
-		sendEmail(postRequestElement('userid_raw', $id), $subjectLine, $mail);
+		sendEmail(postRequestParameter('userid_raw', $id), $subjectLine, $mail);
 	} // END - if
 
 	// Generate subject
@@ -833,9 +746,9 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') {
 
 	// Send admin notification out
 	if (!empty($subjectPart)) {
-		sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestElement('userid_raw', $id));
+		sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter('userid_raw', $id));
 	} else {
-		sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestElement('userid_raw', $id));
+		sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestParameter('userid_raw', $id));
 	}
 }
 
@@ -891,9 +804,9 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions,
 
 	// Load master template
 	loadTemplate(sprintf("admin_%s_%s",
-	$listType,
-	$table
-	), false, $OUT
+		$listType,
+		$table
+		), false, $OUT
 	);
 }
 
@@ -993,7 +906,7 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunct
 			$idList = '';
 			foreach ($IDs as $id => $sel) {
 				// Is there a userid?
-				if (isPostRequestElementSet('userid_raw', $id)) {
+				if (isPostRequestParameterSet('userid_raw', $id)) {
 					// Load all data from that id
 					$result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1",
 					array($table, $idColumn, $id), __FUNCTION__, __LINE__);
@@ -1037,7 +950,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio
 		// Shall we change here or list for editing?
 		if ($editNow === true) {
 			// Change them all
-			$affected = 0;
+			$affected = '0';
 			foreach ($IDs as $id => $sel) {
 				// Prepare content array (new values)
 				$content = array();
@@ -1082,7 +995,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio
 				} // END - foreach
 
 				// Finish SQL command
-				$sql = substr($sql, 0, -1) . " WHERE `".$idColumn."`=".bigintval($id)." LIMIT 1";
+				$sql = substr($sql, 0, -1) . " WHERE `" . $idColumn . "`=" . bigintval($id) . " LIMIT 1";
 
 				// Run this query
 				SQL_QUERY($sql, __FUNCTION__, __LINE__);
@@ -1126,10 +1039,10 @@ function adminLockEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio
 		// Shall we un-/lock here or list for locking?
 		if ($lockNow === true) {
 			// Un-/lock entries
-			adminBuilderStatusHandler("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
+			adminBuilderStatusHandler('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
 		} else {
 			// List for editing
-			adminListBuilder("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+			adminListBuilder('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
 		}
 	} // END - if
 }
@@ -1141,10 +1054,10 @@ function adminUndeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFun
 		// Shall we un-/lock here or list for locking?
 		if ($undeleteNow === true) {
 			// Undelete entries
-			adminBuilderStatusHandler("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
+			adminBuilderStatusHandler('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray);
 		} else {
 			// List for editing
-			adminListBuilder("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+			adminListBuilder('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
 		}
 	} // END - if
 }
@@ -1174,7 +1087,7 @@ function sendAdminPasswordResetLink ($email) {
 		array($email), __FUNCTION__, __LINE__);
 
 	// Is there an account?
-	if (SQL_NUMROWS($result) == 0) {
+	if (SQL_NUMROWS($result) == '0') {
 		// No account found!
 		return getMessage('ADMIN_NO_LOGIN_WITH_EMAIL');
 	} // END - if
@@ -1186,7 +1099,7 @@ function sendAdminPasswordResetLink ($email) {
 	SQL_FREERESULT($result);
 
 	// Generate hash for reset link
-	$content['hash'] = generateHash(getConfig('URL').':'.$content['id'].':'.$content['login'].':'.$content['password'], substr($content['password'], 10));
+	$content['hash'] = generateHash(getConfig('URL') . ':' . $content['id'] . ':' . $content['login'] . ':' . $content['password'], substr($content['password'], 10));
 
 	// Remove some data
 	unset($content['id']);
@@ -1232,17 +1145,8 @@ function adminResetValidateHashLogin ($hash, $login) {
 
 // Reset the password for the login. Do NOT call this function without calling above function first!
 function doResetAdminPassword ($login, $password) {
-	// Init hash
-	$passHash = '';
-
-	// Now check if we have sql_patches installed
-	if (isExtensionInstalledAndNewer('sql_patches', '0.3.6')) {
-		// Use new way of hashing
-		$passHash = generateHash($password);
-	} else {
-		// Old MD5 method
-		$passHash = md5($password);
-	}
+	// Generate hash (we already check for sql_patches in generateHash())
+	$passHash = generateHash($password);
 
 	// Update database
 	SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `login`='%s' LIMIT 1",
@@ -1272,7 +1176,7 @@ function adminUpdateTaskData ($id, $row, $data) {
 	// Should be admin!
 	if (!isAdmin()) {
 		// Not an admin so redirect better
-		redirectToUrl('index.php');
+		redirectToUrl('modules.php?module=index');
 	} // END - if
 
 	// Is the id not set, then we need a backtrace here... :(
@@ -1287,17 +1191,24 @@ function adminUpdateTaskData ($id, $row, $data) {
 
 	// Update the task
 	SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_task_system` SET `%s`='%s' WHERE `id`=%s LIMIT 1",
-		array($row, $data, bigintval($id)), __FUNCTION__, __LINE__);
+		array(
+			$row,
+			$data,
+			bigintval($id)
+		), __FUNCTION__, __LINE__);
 }
 
 // Checks wether if the admin menu has entries
 function ifAdminMenuHasEntries ($action) {
 	return (
 		((
+			// Is the entry set?
 			isset($GLOBALS['admin_menu_has_entries'][$action])
 		) && (
+			// And do we have a menu for this action?
 			$GLOBALS['admin_menu_has_entries'][$action] === true
 		)) || (
+			// Login has always a menu
 			$action == 'login'
 		)
 	);
@@ -1313,17 +1224,17 @@ function adminCreateUserLink ($userid) {
 	// Is the userid set correctly?
 	if ($userid > 0) {
 		// Create a link to that profile
-		return '{?URL?}/modules.php?module=admin&amp;what=list_user&amp;userid='.bigintval($userid);
+		return '{%url=modules.php?module=admin&amp;what=list_user&amp;userid=' . bigintval($userid) . '%}';
 	} // END - if
 
 	// Return a link to the user list
-	return '{?URL?}/modules.php?module=admin&amp;what=list_user';
+	return '{%url=modules.php?module=admin&amp;what=list_user%}';
 }
 
 // Generate a "link" for the given admin id (admin_id)
 function generateAdminLink ($adminId) {
 	// No assigned admin is default
-	$adminLink = "<span class=\"admin_note\">{--ADMIN_NO_ADMIN_ASSIGNED--}</span>";
+	$adminLink = '<span class="admin_note">{--ADMIN_NO_ADMIN_ASSIGNED--}</span>';
 
 	// Zero? = Not assigned
 	if (bigintval($adminId) > 0) {
@@ -1335,14 +1246,14 @@ function generateAdminLink ($adminId) {
 			// Is the extension there?
 			if (isExtensionActive('admins')) {
 				// Admin found
-				$adminLink = "<a href=\"".generateEmailLink(getAdminEmail($adminId), 'admins')."\">" . $login."</a>";
+				$adminLink = '<a href="' . generateEmailLink(getAdminEmail($adminId), 'admins') . '" title="{--ADMIN_CONTACT_LINK_TITLE--}">' . $login . '</a>';
 			} else {
 				// Extension not found
-				$adminLink = sprintf(getMessage('EXTENSION_PROBLEM_NOT_INSTALLED'), 'admins');
+				$adminLink = getMaskedMessage('EXTENSION_PROBLEM_NOT_INSTALLED', 'admins');
 			}
 		} else {
 			// Maybe deleted?
-			$adminLink = "<div class=\"admin_note\">".sprintf(getMessage('ADMIN_ID_404'), $adminId)."</div>";
+			$adminLink = '<div class="admin_note">' . getMaskedMessage('ADMIN_ID_404', $adminId) . '</div>';
 		}
 	} // END - if
 
@@ -1350,5 +1261,73 @@ function generateAdminLink ($adminId) {
 	return $adminLink;
 }
 
+// Verifies if the current admin has confirmed to alter expert settings
+//
+// Return values:
+// 'failed'    = Something goes wrong (default)
+// 'agreed'    = Has verified and and confirmed it to see them
+// 'forbidden' = Has not the proper right to alter them
+// 'update'    = Need to update extension 'admins'
+// 'ask'       = A form was send to the admin
+function doVerifyExpertSettings () {
+	// Default return status is failed
+	$return = 'failed';
+
+	// Is the extension installed and recent?
+	if (isExtensionInstalledAndNewer('admins', '0.7.3')) {
+		// Okay, load the status
+		$expertSettings = getAminsExpertSettings();
+
+		// Is he allowed?
+		if ($expertSettings == 'Y') {
+			// Okay, does he want to see them?
+			if (getAminsExpertWarning() == 'Y') {
+				// Ask for them
+				if (isFormSent()) {
+					// Is the element set, then we need to change the admin
+					if (isPostRequestParameterSet('expert_settings')) {
+						// Get it and prepare final post data array
+						$postData['login'][getCurrentAdminId()] = getAdminLogin(getCurrentAdminId());
+						$postData['expert_warning'][getCurrentAdminId()] = 'N';
+
+						// Change it in the admin
+						adminsChangeAdminAccount($postData, 'expert_warning');
+
+						// Clear form
+						unsetPostRequestParameter('ok');
+					} // END - if
+
+					// All fine!
+					$return = 'agreed';
+				} else {
+					// Send form
+					loadTemplate('admin_expert_settings_form');
+
+					// Asked for it
+					$return = 'ask';
+				}
+			} else {
+				// Do not display
+				$return = 'agreed';
+			}
+		} else {
+			// Forbidden
+			$return = 'forbidden';
+		}
+	} else {
+		// Out-dated extension or not installed
+		$return = 'update';
+	}
+
+	// Output message for other status than ask/agreed
+	if (($return != 'ask') && ($return != 'agreed')) {
+		// Output message
+		loadTemplate('admin_settings_saved', false, getMessage('ADMIN_EXPERT_SETTINGS_STATUS_' . strtoupper($return)));
+	} // END - if
+
+	// Return status
+	return $return;
+}
+
 // [EOF]
 ?>