X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=df9eeac2674c86c6f08e0f03b12cc46d9daf16ff;hp=4cce611c952a78030bd4db5954dcc2ef7a297552;hb=0533bba499e23b91209b91f40737058a36f40ffe;hpb=7e500b4e3a3c25881e5d7da8ff77d86344ae4cd7 diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 4cce611c95..df9eeac267 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -1,7 +1,7 @@ $adminId); + // Get admin id from login + $adminId = getAdminId($adminLogin); - // Is the cache valid? - if (isAdminHashSet($admin)) { - // Get password from cache - $data['password'] = getAdminHash($admin); - $ret = 'pass'; - incrementStatsEntry('cache_hits'); + // Continue only with found admin ids + if ($adminId > 0) { + // Then we need to lookup the login name by getting the admin hash + $adminHash = getAdminHash($adminId); - // Include more admins data? - if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($GLOBALS['cache_array']['admin']['login_failures'][$adminId]))) { - // Load them here - $data['login_failures'] = $GLOBALS['cache_array']['admin']['login_failures'][$adminId]; - $data['last_failure'] = $GLOBALS['cache_array']['admin']['last_failure'][$adminId]; - } // END - if - } elseif (!isExtensionActive('cache')) { - // Add extra data via filter now - $add = runFilterChain('sql_admin_extra_data'); + // If this is fine, we can continue + if ($adminHash != '-1') { + // Get admin id and set it as current + setCurrentAdminId($adminId); - // Get password from DB - $result = SQL_QUERY_ESC("SELECT `password`" . $add . " FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", - array($adminId), __FUNCTION__, __LINE__); + // Now, we need to encode the password in the same way the one is encoded in database + $testHash = generateHash($adminPassword, $adminHash); - // Entry found? - if (SQL_NUMROWS($result) == 1) { - // Login password found - $ret = 'pass'; - - // Fetch data - $data = SQL_FETCHARRAY($result); - } // END - if - - // Free result - SQL_FREERESULT($result); - } - - //* DEBUG: */ outputHtml("*".$data['password'].'/'.md5($password).'/'.$ret."
"); - if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) { - // Generate new hash - $data['password'] = generateHash($password); - - // Is the sql_patches not installed, than we cannot have a valid hashed password here! - if (($ret == 'pass') && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) $ret = 'done'; - } elseif ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches'))) { - // Old hashing way - return $ret; - } elseif (!isset($data['password'])) { - // Password not found, so no valid login! - return $ret; - } - - // Generate salt of password - $salt = substr($data['password'], 0, -40); - - // Check if password is same - //* DEBUG: */ outputHtml("*".$ret.','.$data['password'].','.$password.','.$salt."*
"); - if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) { - // Re-hash the plain passord with new random salt - $data['password'] = generateHash($password); - - // Do we have 0.7.0 of admins or later? - // Remmeber login failures if available - if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($data['login_failures']))) { - // Store it in session - setSession('mxchange_admin_failures', $data['login_failures']); - setSession('mxchange_admin_last_fail', $data['last_failure']); - - // Update password and reset login failures - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s',`login_failures`=0,`last_failure`='0000-00-00 00:00:00' WHERE `id`=%s LIMIT 1", - array($data['password'], $adminId), __FUNCTION__, __LINE__); - } else { - // Update password - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `id`=%s LIMIT 1", - array($data['password'], $adminId), __FUNCTION__, __LINE__); - } - - // Rebuild cache - rebuildCacheFile('admin', 'admin'); - - // Login has failed by default... ;-) - $ret = 'failed1'; - - // Password matches so login here - if (doAdminLogin($admin, $data['password'])) { - // All done now - $ret = 'done'; - } // END - if - } elseif ((empty($salt)) && ($ret == 'pass')) { - // Something bad went wrong - $ret = 'failed_salt'; - } elseif ($ret == 'done') { - // Try to login here if we have the old hashing way (sql_patches not installed?) - if (!doAdminLogin($admin, $data['password'])) { - // Something went wrong - $ret = 'failed2'; + // If they both match, the login data is valid + if ($testHash == $adminHash) { + // All fine + $ret = 'done'; + } else { + // Set status + $ret = 'password'; + } } // END - if - } - - // Count login failure if admins extension version is 0.7.0+ - if (($ret == 'pass') && (getExtensionVersion('admins') >= '0.7.0')) { - // Update counter - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `id`=%s LIMIT 1", - array($adminId), __FUNCTION__, __LINE__); - - // Rebuild cache - rebuildCacheFile('admin', 'admin'); } // END - if - // Return the result - //* DEBUG: */ die('RETURN=' . $ret); - return $ret; -} + // Prepare data array + $data = array( + 'id' => $adminId, + 'login' => $adminLogin, + 'plain_pass' => $adminPassword, + 'pass_hash' => $adminHash + ); -// Try to login the admin by setting some session/cookie variables -function doAdminLogin ($adminLogin, $passHash) { - // Reset failure counter on matching admins version - if ((isExtensionInstalledAndNewer('admins', '0.7.0')) && ((isExtensionOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) { - // Reset counter on out-dated sql_patches version - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login_failures`=0, `last_failure`='0000-00-00 00:00:00' WHERE `login`='%s' LIMIT 1", - array($adminLogin), __FUNCTION__, __LINE__); + // Run a special filter + runFilterChain('do_admin_login_' . $ret, $data); - // Rebuild cache - rebuildCacheFile('admin', 'admin'); - } // END - if - - // Now set all session variables and return the result - return (( - setSession('admin_md5', generatePassString($passHash)) - ) && ( - setSession('admin_login', $adminLogin) - ) && ( - setSession('admin_last', time()) - ) && ( - setSession('admin_to', bigintval(postRequestElement('timeout'))) - )); + // Return status + return $ret; } // Only be executed on cookie checking -function ifAdminCookiesAreValid ($admin, $password) { - // By default no admin cookies are found - $ret = '404'; - $pass = ''; +function ifAdminCookiesAreValid ($adminLogin, $passHash) { + // First of all, no admin login is found + $ret = '404'; - // Get hash - $pass = getAdminHash($admin); - if ($pass != '-1') $ret = 'pass'; + // Then we need to lookup the login name by getting the admin hash + $adminHash = getAdminHash($adminLogin); - //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).")
"); + // If this is fine, we can continue + if ($adminHash != '-1') { + // Now, we need to encode the password in the same way the one is encoded in database + $testHash = encodeHashForCookie($adminHash); + //* DEBUG: */ debugOutput('adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash); - // Check if password matches - if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) { - // Passwords matches! - $ret = 'done'; + // If they both match, the login data is valid + if ($testHash == $passHash) { + // All fine + $ret = 'done'; + } else { + // Set status + $ret = 'password'; + } } // END - if - // Return result + // Return status + //* DEBUG: */ debugOutput('ret='.$ret); return $ret; } // Do an admin action -function doAdminAction ($what) { - //* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."*
"); +function doAdminAction () { + // Get default what + $what = getWhat(); + + //* DEBUG: */ debugOutput(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*'); // Remove any spaces from variable if (empty($what)) { // Default admin action is the overview page $what = 'overview'; } else { - // Compile out some chars - $what = compileCode($what, false, false, false); + // Secure it + $what = secureString($what); } // Get action value - $action = getModeAction(getModule(), $what); - - // Define admin login name and ID number - $content['login'] = getSession('admin_login'); - $content['id'] = getCurrentAdminId(); + $action = getActionFromModuleWhat(getModule(), $what); - // Preload templates + // Load welcome template if (isExtensionActive('admins')) { - $content['welcome'] = loadTemplate('admin_welcome_admins', true, $content); + // @TODO This and the next getCurrentAdminId() call might be moved into the templates? + $content['welcome'] = loadTemplate('admin_welcome_admins', true, getCurrentAdminId()); } else { - $content['welcome'] = loadTemplate('admin_welcome', true, $content); + $content['welcome'] = loadTemplate('admin_welcome', true, getCurrentAdminId()); } + + // Load header, footer, render menu + $content['header'] = loadTemplate('admin_header' , true, $content); $content['footer'] = loadTemplate('admin_footer' , true, $content); $content['menu'] = addAdminMenu($action, $what, true); @@ -287,7 +200,14 @@ WHERE ) ) ) -LIMIT 1", array($action, $what, $what), __FUNCTION__, __LINE__); +LIMIT 1", + array( + $action, + $what, + $what + ), __FUNCTION__, __LINE__); + + // Do we have an entry? if (SQL_NUMROWS($result_action) == 1) { // Is valid but does the inlcude file exists? $inc = sprintf("inc/modules/admin/action-%s.php", $action); @@ -296,14 +216,14 @@ LIMIT 1", array($action, $what, $what), __FUNCTION__, __LINE__); loadInclude($inc); } elseif ($GLOBALS['acl_allow'] === false) { // Access denied - loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACCESS_DENIED'), $what)); + loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what)); } else { - // Include file not found! :-( - loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_404'), $action)); + // Include file not found :-( + loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action)); } } else { - // Invalid action/what pair found! - loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_INVALID'), $action.'/'.$what)); + // Invalid action/what pair found + loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what)); } // Free memory @@ -313,8 +233,22 @@ LIMIT 1", array($action, $what, $what), __FUNCTION__, __LINE__); loadTemplate('admin_main_footer', false, $content); } +// Checks wether current admin is allowed to access given action/what combination +// (only one is allowed to be null!) +function isAdminAllowedAccessMenu ($action, $what = null) { + // Do we have cache? + if (!isset($GLOBALS[__FUNCTION__][$action][$what])) { + // ACL is always 'allow' when no ext-admins is installed + // @TODO This can be rewritten into a filter + $GLOBALS[__FUNCTION__][$action][$what] = ((!isExtensionInstalledAndNewer('admins', '0.2.0')) || (adminsCheckAdminAcl($action, $what))); + } // END - if + + // Return the cached value + return $GLOBALS[__FUNCTION__][$action][$what]; +} + // Adds an admin menu -function addAdminMenu ($action, $what, $return=false) { +function addAdminMenu ($action, $what, $return = false) { // Init variables $SUB = false; $OUT = ''; @@ -333,43 +267,52 @@ WHERE ORDER BY `sort` ASC, `id` DESC", __FUNCTION__, __LINE__); - if (SQL_NUMROWS($result_main) > 0) { - $OUT = "
 
\n"; - $OUT .= "'; } // Is there a cache instance again? @@ -467,7 +400,7 @@ ORDER BY } // Create member selection box -function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=false, $field='userid') { +function addMemberSelectionBox ($def = 0, $add_all = false, $return = false, $none = false, $field = 'userid') { // Output selection form with all confirmed user accounts listed $result = SQL_QUERY("SELECT `userid`, `surname`, `family` FROM `{?_MYSQL_PREFIX?}_user_data` ORDER BY `userid` ASC", __FUNCTION__, __LINE__); @@ -475,13 +408,13 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal $OUT = ''; // USe this only for adding points (e.g. adding refs really makes no sence ;-) ) - if ($add_all === true) $OUT = " \n"; - elseif ($none === true) $OUT = " \n"; + if ($add_all === true) $OUT = ' '; + elseif ($none === true) $OUT = ' '; while ($content = SQL_FETCHARRAY($result)) { - $OUT .= " '; } // END - while // Free memory @@ -489,14 +422,14 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal if ($return === false) { // Remeber options in constant - $content['member_selection'] = $OUT; + $content['form_selection'] = $OUT; $content['what'] = getWhat(); // Load template - loadTemplate('admin_member_selection_box', false, $content); + loadTemplate('admin_form_selection_box', false, $content); } else { // Return content in selection frame - return "\n"; + return ''; } } @@ -505,28 +438,31 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal // @DEPRECATED function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') { $what = "`what` != ''"; - if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND action !='login'"; - $result = SQL_QUERY_ESC("SELECT %s, title FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort`", + if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND `action` !='login'"; + + $result = SQL_QUERY_ESC("SELECT `%s` AS `menu`, `title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC", array($mode), __FUNCTION__, __LINE__); - if (SQL_NUMROWS($result) > 0) { + if (!SQL_HASZERONUMS($result)) { // Load menu as selection - $OUT = " + '; + // Load all entries + while ($content = SQL_FETCHARRAY($result)) { + $OUT .= ''; // Walk through all files foreach ($menuArray as $file) { // Is this a PHP script? - if ((!isDirectory($file)) && (strpos($file, "".$type.'-') > -1) && (strpos($file, '.php') > 0)) { + if ((!isDirectory($file)) && (strpos($file, '' . $type . '-') > -1) && (strpos($file, '.php') > 0)) { // Then test if the file is readable $test = sprintf("inc/modules/%s/%s", $menu, $file); @@ -660,16 +605,16 @@ function adminAddMenuSelectionBox ($menu, $type, $name, $default = '') { // Is that part different from the overview? if ($part != 'overview') { - $OUT .= " '; } // END - if } // END - if } // END - if } // END - foreach // Close selection box - $OUT .= "\n"; + $OUT .= ''; // Return contents return $OUT; @@ -677,12 +622,15 @@ function adminAddMenuSelectionBox ($menu, $type, $name, $default = '') { // Creates a user-profile link for the admin. This function can also be used for many other purposes function generateUserProfileLink ($userid, $title = '', $what = 'list_user') { - if (($title == '') && ($userid > 0)) { + if (($title == '') && (isValidUserId($userid))) { // Set userid as title $title = $userid; - } // END - if + } elseif ($userid == 0) { + // User id zero is invalid + return '' . $userid . ''; + } - if (($title == 0) && ($what == 'list_refs')) { + if (($title == '0') && ($what == 'list_refs')) { // Return title again return $title; } elseif (isExtensionActive('nickname')) { @@ -690,18 +638,29 @@ function generateUserProfileLink ($userid, $title = '', $what = 'list_user') { $nick = getNickname($userid); // Is it not empty, use it as title else the userid - if (!empty($nick)) $title = $nick . '(' . $userid . ')'; else $title = $userid; + if (!empty($nick)) { + $title = $nick . '(' . $userid . ')'; + } else { + $title = $userid; + } } // Return link - return '[' . $title . ']'; + return '[' . $title . ']'; } // Check "logical-area-mode" function adminGetMenuMode () { - // Set the global mode as the mode for all admins - $mode = getConfig('admin_menu'); - $ADMIN = $mode; + // Set the default menu mode as the mode for all admins + $mode = 'global'; + + // If sql_patches is up-to-date enough, use the configuration + if (isExtensionInstalledAndNewer('sql_patches', '0.3.2')) { + $mode = getAdminMenu(); + } // END - if + + // Backup it + $adminMode = $mode; // Get admin id $adminId = getCurrentAdminId(); @@ -709,23 +668,27 @@ function adminGetMenuMode () { // Check individual settings of current admin if (isset($GLOBALS['cache_array']['admin']['la_mode'][$adminId])) { // Load from cache - $ADMIN = $GLOBALS['cache_array']['admin']['la_mode'][$adminId]; + $adminMode = $GLOBALS['cache_array']['admin']['la_mode'][$adminId]; incrementStatsEntry('cache_hits'); } elseif (isExtensionInstalledAndNewer('admins', '0.6.7')) { // Load from database when version of 'admins' is enough - $result = SQL_QUERY_ESC("SELECT la_mode FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT `la_mode` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1", array($adminId), __FUNCTION__, __LINE__); + + // Do we have an entry? if (SQL_NUMROWS($result) == 1) { // Load data - list($ADMIN) = SQL_FETCHROW($result); - } + list($adminMode) = SQL_FETCHROW($result); + } // END - if // Free memory SQL_FREERESULT($result); } - // Check what the admin wants and set it when it's not the global mode - if ($ADMIN != 'global') $mode = $ADMIN; + // Check what the admin wants and set it when it's not the default mode + if ($adminMode != 'global') { + $mode = $adminMode; + } // END - if // Return admin-menu's mode return $mode; @@ -733,11 +696,11 @@ function adminGetMenuMode () { // Change activation status function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') { - $cnt = 0; $newStatus = 'Y'; + $count = '0'; $newStatus = 'Y'; if ((is_array($IDs)) && (count($IDs) > 0)) { // "Walk" all through and count them foreach ($IDs as $id => $selected) { - // Secure the ID number + // Secure the id number $id = bigintval($id); // Should always be set... ;-) @@ -759,7 +722,7 @@ function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') { array($table, $row, $newStatus, $idRow, $id), __FUNCTION__, __LINE__); // Count up affected rows - $cnt += SQL_AFFECTEDROWS(); + $count += SQL_AFFECTEDROWS(); } // END - if // Free the result @@ -768,15 +731,15 @@ function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') { } // END - foreach // Output status - loadTemplate('admin_settings_saved', false, sprintf(getMessage('ADMIN_STATUS_CHANGED'), $cnt, count($IDs))); + displayMessage(sprintf(getMessage('ADMIN_STATUS_CHANGED'), $count, count($IDs))); } else { // Nothing selected! - loadTemplate('admin_settings_saved', false, getMessage('ADMIN_NOTHING_SELECTED_CHANGE')); + displayMessage('{--ADMIN_NOTHING_SELECTED_CHANGE--}'); } } // Send mails for del/edit/lock build modes -function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') { +function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $userid = 'userid') { // Default subject is the subject part $subject = $subjectPart; @@ -787,10 +750,7 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') { } // END - if // Is the raw userid set? - if (postRequestElement('userid_raw', $id) > 0) { - // Generate subject - $subjectLine = getMessage('MEMBER_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT'); - + if (postRequestParameter($userid, $id) > 0) { // Load email template if (!empty($subjectPart)) { $mail = loadEmailTemplate('member_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content); @@ -799,27 +759,27 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '') { } // Send email out - sendEmail(postRequestElement('userid_raw', $id), $subjectLine, $mail); + sendEmail(postRequestParameter($userid, $id), strtoupper('{--MEMBER_' . $subject . '_' . $table . '_SUBJECT--}'), $mail); } // END - if // Generate subject - $subjectLine = getMessage('ADMIN_'.strtoupper($subject).'_'.strtoupper($table).'_SUBJECT'); + $subject = strtoupper('{--ADMIN_' . $subject . '_' . $table . '_SUBJECT--}'); // Send admin notification out if (!empty($subjectPart)) { - sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestElement('userid_raw', $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter($userid, $id)); } else { - sendAdminNotification($subjectLine, 'admin_' . $mode . '_' . $table, $content, postRequestElement('userid_raw', $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . $table, $content, postRequestParameter($userid, $id)); } } // Build a special template list -function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn) { - $OUT = ''; $SW = 2; +function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $userid = 'userid') { + $OUT = ''; // "Walk" through all entries foreach ($IDs as $id => $selected) { - // Secure ID number + // Secure id number $id = bigintval($id); // Get result from a given column array and table name @@ -836,27 +796,30 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, $idx = array_search($key, $columns, true); // Do we have a userid? - if ($key == 'userid') { + if ($key == $userIdColumn) { // Add it again as raw id - $content['userid'] = bigintval($value); + $content[$userIdColumn] = bigintval($value); + $content[$userIdColumn . '_raw'] = $content[$userIdColumn]; + } // END - if + + // If the key matches the idColumn variable, we need to temporary remember it + //* DEBUG: */ debugOutput('key=' . $key . ',idColumn=' . $idColumn . ',value=' . $value); + if ($key == $idColumn) { + // Found, so remember it + $GLOBALS['admin_list_builder_id_value'] = $value; } // END - if // Handle the call in external function + //* DEBUG: */ debugOutput('key=' . $key . ',fucntion=' . $filterFunctions[$idx] . ',value=' . $value); $content[$key] = handleExtraValues($filterFunctions[$idx], $value, $extraValues[$idx]); } // END - foreach - // Add color switching - $content['sw'] = $SW; - // Then list it $OUT .= loadTemplate(sprintf("admin_%s_%s_row", - $listType, - $table - ), true, $content + $listType, + $table + ), true, $content ); - - // Switch color - $SW = 3 - $SW; } // END - if // Free the result @@ -865,14 +828,14 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, // Load master template loadTemplate(sprintf("admin_%s_%s", - $listType, - $table - ), false, $OUT + $listType, + $table + ), false, $OUT ); } // Change status of "build" list -function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray) { +function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray, $userid = 'userid') { // All valid entries? (We hope so here!) if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) { // "Walk" through all entries @@ -881,7 +844,7 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", SQL_ESCAPE($table)); // Load data of entry - $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1", + $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", array($table, $idColumn, $id), __FUNCTION__, __LINE__); // Fetch the data @@ -909,16 +872,19 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti } // END - if } elseif (isset($content[$column])) { // Unfinished! - app_die(__FUNCTION__, __LINE__, ":UNFINISHED: id={$id}/{$column}[".gettype($statusInfo)."] = {$content[$column]}"); + debug_report_bug(__FUNCTION__, __LINE__, ':UNFINISHED: id=' . $id . ',column=' . $column . '[' . gettype($statusInfo) . '] = ' . $content[$column]); } } // END - foreach // Add other columns as well foreach (postRequestArray() as $key => $entries) { + // Debug message + logDebugMessage(__FUNCTION__, __LINE__, 'Found entry: ' . $key); + // Skip id, raw userid and 'do_$mode' - if (!in_array($key, array($idColumn, 'userid_raw', ('do_'.$mode)))) { + if (!in_array($key, array($idColumn, $userid, ('do_' . $mode)))) { // Are there brackets () at the end? - if (substr($entries[$id], -2, 2) == "()") { + if (substr($entries[$id], -2, 2) == '()') { // Direct SQL command found $sql .= sprintf(" %s=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); } else { @@ -928,7 +894,10 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti // Add entry $content[$key] = $entries[$id]; } - } // END - if + } else { + // Skipped entry + logDebugMessage(__FUNCTION__, __LINE__, 'Skipped: ' . $key); + } } // END - foreach // Finish SQL statement @@ -954,23 +923,27 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti } // END - if } -// Delete rows by given ID numbers -function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $deleteNow=false, $idColumn='id', $userIdColumn='userid') { +// Delete rows by given id numbers +function adminDeleteEntriesConfirm ($IDs, $table, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = false, $idColumn = 'id', $userIdColumn = 'userid', $userid = 'userid') { // All valid entries? (We hope so here!) if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { // Shall we delete here or list for deletion? if ($deleteNow === true) { // The base SQL command: - $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s IN (%s)"; + $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s` IN (%s)"; // Delete them all $idList = ''; foreach ($IDs as $id => $sel) { // Is there a userid? - if (isPostRequestElementSet('userid_raw', $id)) { + if (isPostRequestParameterSet($userid, $id)) { // Load all data from that id - $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE %s=%s LIMIT 1", - array($table, $idColumn, $id), __FUNCTION__, __LINE__); + $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", + array( + $table, + $idColumn, + $id + ), __FUNCTION__, __LINE__); // Fetch the data $content = SQL_FETCHARRAY($result); @@ -979,7 +952,7 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunct SQL_FREERESULT($result); // Send "build mails" out - sendAdminBuildMails('del', $table, $content, $id); + sendAdminBuildMails('delete', $table, $content, $id); } // END - if // Add id number @@ -987,31 +960,31 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunct } // END - foreach // Run the query - SQL_QUERY($sql, array($table, $idColumn, substr($idList, 0, -1)), __FUNCTION__, __LINE__); + SQL_QUERY_ESC($sql, array($table, $idColumn, substr($idList, 0, -1)), __FUNCTION__, __LINE__); // Was this fine? if (SQL_AFFECTEDROWS() == count($IDs)) { // All deleted - loadTemplate('admin_settings_saved', false, getMessage('ADMIN_ALL_ENTRIES_REMOVED')); + displayMessage('{--ADMIN_ALL_ENTRIES_REMOVED--}'); } else { // Some are still there :( - loadTemplate('admin_settings_saved', false, sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_DELETED'), SQL_AFFECTEDROWS(), count($IDs))); + displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_DELETED'), SQL_AFFECTEDROWS(), count($IDs))); } } else { // List for deletion confirmation - adminListBuilder('del', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('delete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } -// Edit rows by given ID numbers -function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $editNow=false, $idColumn='id', $userIdColumn='userid') { +// Edit rows by given id numbers +function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunctions = array(), $extraValues = array(), $editNow = false, $idColumn = 'id', $userIdColumn = 'userid', $userid = 'userid') { // All valid entries? (We hope so here!) if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { // Shall we change here or list for editing? if ($editNow === true) { // Change them all - $affected = 0; + $affected = '0'; foreach ($IDs as $id => $sel) { // Prepare content array (new values) $content = array(); @@ -1022,7 +995,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio ); foreach (postRequestArray() as $key => $entries) { // Skip raw userid which is always invalid - if ($key == 'userid_raw') { + if ($key == $userid) { // Continue with next field continue; } // END - if @@ -1040,8 +1013,8 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio // Then add this value $sql .= sprintf(" `%s`='%s',", - SQL_ESCAPE($key), - SQL_ESCAPE($entries[$id]) + SQL_ESCAPE($key), + SQL_ESCAPE($entries[$id]) ); } elseif (($key != $idColumn) && (!is_array($entries))) { // Add normal entries as well! @@ -1056,7 +1029,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio } // END - foreach // Finish SQL command - $sql = substr($sql, 0, -1) . " WHERE `".$idColumn."`=".bigintval($id)." LIMIT 1"; + $sql = substr($sql, 0, -1) . " WHERE `" . $idColumn . "`=" . bigintval($id) . " LIMIT 1"; // Run this query SQL_QUERY($sql, __FUNCTION__, __LINE__); @@ -1081,10 +1054,10 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio // Was this fine? if ($affected == count($IDs)) { // All deleted - loadTemplate('admin_settings_saved', false, getMessage('ADMIN_ALL_ENTRIES_EDITED')); + displayMessage('{--ADMIN_ALL_ENTRIES_EDITED--}'); } else { // Some are still there :( - loadTemplate('admin_settings_saved', false, sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_EDITED'), $affected, count($IDs))); + displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_EDITED'), $affected, count($IDs))); } } else { // List for editing @@ -1093,32 +1066,32 @@ function adminEditEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctio } // END - if } -// Un-/lock rows by given ID numbers +// Un-/lock rows by given id numbers function adminLockEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $lockNow=false, $idColumn='id', $userIdColumn='userid') { // All valid entries? (We hope so here!) if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($lockNow === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? if ($lockNow === true) { // Un-/lock entries - adminBuilderStatusHandler("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - adminListBuilder("lock", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } -// Undelete rows by given ID numbers +// Undelete rows by given id numbers function adminUndeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $undeleteNow=false, $idColumn='id', $userIdColumn='userid') { // All valid entries? (We hope so here!) if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($undeleteNow === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? if ($undeleteNow === true) { // Undelete entries - adminBuilderStatusHandler("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - adminListBuilder("undelete", $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } @@ -1143,17 +1116,14 @@ function sendAdminPasswordResetLink ($email) { // Init output $OUT = ''; - // Compile out security characters (must be for looking up!) - $email = compileCode($email); - // Look up administator login $result = SQL_QUERY_ESC("SELECT `id`, `login`, `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1", array($email), __FUNCTION__, __LINE__); // Is there an account? - if (SQL_NUMROWS($result) == 0) { - // No account found! - return getMessage('ADMIN_NO_LOGIN_WITH_EMAIL'); + if (SQL_HASZERONUMS($result)) { + // No account found + return '{--ADMIN_NO_LOGIN_WITH_EMAIL--}'; } // END - if // Load all data @@ -1163,7 +1133,7 @@ function sendAdminPasswordResetLink ($email) { SQL_FREERESULT($result); // Generate hash for reset link - $content['hash'] = generateHash(getConfig('URL').':'.$content['id'].':'.$content['login'].':'.$content['password'], substr($content['password'], 10)); + $content['hash'] = generateHash(getUrl() . getEncryptSeperator() . $content['id'] . getEncryptSeperator() . $content['login'] . getEncryptSeperator() . $content['password'], substr($content['password'], getSaltLength())); // Remove some data unset($content['id']); @@ -1173,10 +1143,10 @@ function sendAdminPasswordResetLink ($email) { $mailText = loadEmailTemplate('admin_reset_password', $content); // Send it out - sendEmail($email, getMessage('ADMIN_RESET_PASS_LINK_SUBJ'), $mailText); + sendEmail($email, '{--ADMIN_RESET_PASSWORD_LINK_SUBJECT--}', $mailText); // Prepare output - return getMessage('ADMIN_RESET_LINK_SENT'); + return '{--ADMIN_RESET_PASSWORD_LINK_SENT--}'; } // Validate hash and login for password reset @@ -1184,12 +1154,9 @@ function adminResetValidateHashLogin ($hash, $login) { // By default nothing validates... ;) $valid = false; - // Compile the login for lookup - $login = compileCode($login); - // Then try to find that user $result = SQL_QUERY_ESC("SELECT `id`, `password`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", - array($login), __FUNCTION__, __LINE__); + array($login), __FUNCTION__, __LINE__); // Is an account here? if (SQL_NUMROWS($result) == 1) { @@ -1197,7 +1164,7 @@ function adminResetValidateHashLogin ($hash, $login) { $content = SQL_FETCHARRAY($result); // Generate hash again - $hashFromData = generateHash(getConfig('URL').':'.$content['id'].':'.$login.':'.$content['password'], substr($content['password'], 10)); + $hashFromData = generateHash(getUrl() . getEncryptSeperator() . $content['id'] . getEncryptSeperator() . $login . getEncryptSeperator() . $content['password'], substr($content['password'], getSaltLength())); // Does both match? $valid = ($hash == $hashFromData); @@ -1212,27 +1179,18 @@ function adminResetValidateHashLogin ($hash, $login) { // Reset the password for the login. Do NOT call this function without calling above function first! function doResetAdminPassword ($login, $password) { - // Init hash - $passHash = ''; - - // Now check if we have sql_patches installed - if (isExtensionInstalledAndNewer('sql_patches', '0.3.6')) { - // Use new way of hashing - $passHash = generateHash($password); - } else { - // Old MD5 method - $passHash = md5($password); - } + // Generate hash (we already check for sql_patches in generateHash()) + $passHash = generateHash($password); // Update database SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `login`='%s' LIMIT 1", array($passHash, $login), __FUNCTION__, __LINE__); // Run filters - runFilterChain('post_admin_reset_pass', array('login' => $login, 'hash' => $passHash)); + runFilterChain('post_form_reset_pass', array('login' => $login, 'hash' => $passHash)); // Return output - return getMessage('ADMIN_PASSWORD_RESET_DONE'); + return '{--ADMIN_PASSWORD_RESET_DONE--}'; } // Solves a task by given id number @@ -1252,13 +1210,13 @@ function adminUpdateTaskData ($id, $row, $data) { // Should be admin! if (!isAdmin()) { // Not an admin so redirect better - redirectToUrl('index.php'); + redirectToUrl('modules.php?module=index'); } // END - if // Is the id not set, then we need a backtrace here... :( if ($id <= 0) { // Initiate backtrace - debug_report_bug(sprintf("id is invalid: %s. row=%s, data=%s", + debug_report_bug(__FUNCTION__, __LINE__, sprintf("id is invalid: %s. row=%s, data=%s", $id, $row, $data @@ -1267,17 +1225,24 @@ function adminUpdateTaskData ($id, $row, $data) { // Update the task SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_task_system` SET `%s`='%s' WHERE `id`=%s LIMIT 1", - array($row, $data, bigintval($id)), __FUNCTION__, __LINE__); + array( + $row, + $data, + bigintval($id) + ), __FUNCTION__, __LINE__); } // Checks wether if the admin menu has entries function ifAdminMenuHasEntries ($action) { return ( (( + // Is the entry set? isset($GLOBALS['admin_menu_has_entries'][$action]) ) && ( + // And do we have a menu for this action? $GLOBALS['admin_menu_has_entries'][$action] === true )) || ( + // Login has always a menu $action == 'login' ) ); @@ -1291,13 +1256,307 @@ function setAdminMenuHasEntries ($action, $hasEntries) { // Creates a link to the user's admin-profile function adminCreateUserLink ($userid) { // Is the userid set correctly? - if ($userid > 0) { + if (isValidUserId($userid)) { // Create a link to that profile - return '{?URL?}/modules.php?module=admin&what=list_user&userid='.bigintval($userid); + return '{%url=modules.php?module=admin&what=list_user&userid=' . bigintval($userid) . '%}'; } // END - if // Return a link to the user list - return '{?URL?}/modules.php?module=admin&what=list_user'; + return '{%url=modules.php?module=admin&what=list_user%}'; +} + +// Generate a "link" for the given admin id (admin_id) +function generateAdminLink ($adminId) { + // No assigned admin is default + $adminLink = '{--ADMIN_NO_ADMIN_ASSIGNED--}'; + + // Zero? = Not assigned + if (bigintval($adminId) > 0) { + // Load admin's login + $login = getAdminLogin($adminId); + + // Is the login valid? + if ($login != '***') { + // Is the extension there? + if (isExtensionActive('admins')) { + // Admin found + $adminLink = '' . $login . ''; + } else { + // Extension not found + $adminLink = getMaskedMessage('ADMIN_TASK_ROW_EXTENSION_NOT_INSTALLED', 'admins'); + } + } else { + // Maybe deleted? + $adminLink = '
' . getMaskedMessage('ADMIN_ID_404', $adminId) . '
'; + } + } // END - if + + // Return result + return $adminLink; +} + +// Verifies if the current admin has confirmed to alter expert settings +// +// Return values: +// 'failed' = Something goes wrong (default) +// 'agreed' = Has verified and and confirmed it to see them +// 'forbidden' = Has not the proper right to alter them +// 'update' = Need to update extension 'admins' +// 'ask' = A form was send to the admin +function doVerifyExpertSettings () { + // Default return status is failed + $return = 'failed'; + + // Is the extension installed and recent? + if (isExtensionInstalledAndNewer('admins', '0.7.3')) { + // Okay, load the status + $expertSettings = getAminsExpertSettings(); + + // Is he allowed? + if ($expertSettings == 'Y') { + // Okay, does he want to see them? + if (isAdminsExpertWarningEnabled()) { + // Ask for them + if (isFormSent()) { + // Is the element set, then we need to change the admin + if (isPostRequestParameterSet('expert_settings')) { + // Get it and prepare final post data array + $postData['login'][getCurrentAdminId()] = getCurrentAdminLogin(); + $postData['expert_warning'][getCurrentAdminId()] = 'N'; + + // Change it in the admin + adminsChangeAdminAccount($postData, 'expert_warning'); + + // Clear form + unsetPostRequestParameter('ok'); + } // END - if + + // All fine! + $return = 'agreed'; + } else { + // Send form + loadTemplate('admin_expert_settings_form'); + + // Asked for it + $return = 'ask'; + } + } else { + // Do not display + $return = 'agreed'; + } + } else { + // Forbidden + $return = 'forbidden'; + } + } else { + // Out-dated extension or not installed + $return = 'update'; + } + + // Output message for other status than ask/agreed + if (($return != 'ask') && ($return != 'agreed')) { + // Output message + displayMessage('{--ADMIN_EXPERT_SETTINGS_STATUS_' . strtoupper($return) . '--}'); + } // END - if + + // Return status + return $return; +} + +// Generate link to unconfirmed mails for admin +function generateUnconfirmedAdminLink ($id, $unconfirmed, $type = 'bid') { + // Init output + $OUT = $unconfirmed; + + // Do we have unconfirmed mails? + if ($unconfirmed > 0) { + // Add link to list_unconfirmed what-file + $OUT = '{%pipe,translateComma=' . $unconfirmed . '%}'; + } // END - if + + // Return it + return $OUT; +} + +// Generates a navigation row for listing emails +function addEmailNavigation ($numPages, $offset, $show_form, $colspan, $return=false) { + // Don't do anything if $numPages is 1 + if ($numPages == 1) { + // Abort here with empty content + return ''; + } // END - if + + $TOP = ''; + if ($show_form === false) { + $TOP = ' top'; + } // END - if + + $NAV = ''; + for ($page = 1; $page <= $numPages; $page++) { + // Is the page currently selected or shall we generate a link to it? + if (($page == getRequestParameter('page')) || ((!isGetRequestParameterSet('page')) && ($page == 1))) { + // Is currently selected, so only highlight it + $NAV .= '-'; + } else { + // Open anchor tag and add base URL + $NAV .= ''; + } + $NAV .= $page; + if (($page == getRequestParameter('page')) || ((!isGetRequestParameterSet('page')) && ($page == 1))) { + // Is currently selected, so only highlight it + $NAV .= '-'; + } else { + // Close anchor tag + $NAV .= ''; + } + + // Add seperator if we have not yet reached total pages + if ($page < $numPages) { + // Add it + $NAV .= '|'; + } // END - if + } // END - for + + // Define constants only once + $content['nav'] = $NAV; + $content['span'] = $colspan; + $content['top'] = $TOP; + + // Load navigation template + $OUT = loadTemplate('admin_email_nav_row', true, $content); + + if ($return === true) { + // Return generated HTML-Code + return $OUT; + } else { + // Output HTML-Code + outputHtml($OUT); + } +} + +// Process menu editing form +function adminProcessMenuEditForm ($type, $subMenu) { + // An action is done... + foreach (postRequestParameter('sel') as $sel => $menu) { + $AND = "(`what` = '' OR `what` IS NULL)"; + + $sel = bigintval($sel); + + if (!empty($subMenu)) { + $AND = "`action`='" . $subMenu . "'"; + } // END - if + + switch (postRequestParameter('ok')) { + case 'edit': // Edit menu + if (postRequestParameter('sel_what', $sel) == '') { + // Update with 'what'=null + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `title`='%s', `action`='%s', `what`=NULL WHERE ".$AND." AND `id`=%s LIMIT 1", + array( + $type, + $menu, + postRequestParameter('sel_action', $sel), + $sel + ), __FILE__, __LINE__); + } else { + // Update with selected 'what' + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `title`='%s', `action`='%s', `what`='%s' WHERE ".$AND." AND `id`=%s LIMIT 1", + array( + $type, + $menu, + postRequestParameter('sel_action', $sel), + postRequestParameter('sel_what', $sel), + $sel + ), __FILE__, __LINE__); + } + break; + + case 'delete': // Delete menu + SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE ".$AND." AND `id`=%s LIMIT 1", + array($type, $sel), __FILE__, __LINE__); + break; + + case 'status': // Change status of menus + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `visible`='%s', `locked`='%s' WHERE ".$AND." AND `id`=%s LIMIT 1", + array($type, postRequestParameter('visible', $sel), postRequestParameter('locked', $sel), $sel), __FILE__, __LINE__); + break; + + default: // Unexpected action + logDebugMessage(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", postRequestParameter('ok'))); + displayMessage(getMaskedMessage('ADMIN_UNKNOWN_OKAY', postRequestParameter('ok'))); + break; + } // END - switch + } // END - foreach + + // Load template + displayMessage('{--SETTINGS_SAVED--}'); +} + +// Handle weightning +function doAdminProcessMenuWeightning ($type, $AND) { + // Are there all required (generalized) GET parameter? + if ((isGetRequestParameterSet('act')) && (isGetRequestParameterSet('tid')) && (isGetRequestParameterSet('fid'))) { + // Init variables + $tid = ''; $fid = ''; + + // Get ids + if (isGetRequestParameterSet('w')) { + // Sub menus selected + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND `sort`=%s LIMIT 1", + array( + $type, + getRequestParameter('act'), + bigintval(getRequestParameter('tid')) + ), __FILE__, __LINE__); + list($tid) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND `sort`=%s LIMIT 1", + array( + $type, + getRequestParameter('act'), + bigintval(getRequestParameter('fid')) + ), __FILE__, __LINE__); + list($fid) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + } else { + // Main menu selected + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE (`what`='' OR `what` IS NULL) AND `sort`=%s LIMIT 1", + array( + $type, + bigintval(getRequestParameter('tid')) + ), __FILE__, __LINE__); + list($tid) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + $result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE (`what`='' OR `what` IS NULL) AND `sort`=%s LIMIT 1", + array( + $type, + bigintval(getRequestParameter('fid')) + ), __FILE__, __LINE__); + list($fid) = SQL_FETCHROW($result); + SQL_FREERESULT($result); + } + + if ((!empty($tid)) && (!empty($fid))) { + // Sort menu + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `sort`=%s WHERE ".$AND." AND `id`=%s LIMIT 1", + array( + $type, + bigintval(getRequestParameter('tid')), + bigintval($fid) + ), __FILE__, __LINE__); + SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_%s_menu` SET `sort`=%s WHERE ".$AND." AND `id`=%s LIMIT 1", + array( + $type, + bigintval(getRequestParameter('fid')), + bigintval($tid) + ), __FILE__, __LINE__); + } // END - if + } // END - if } // [EOF]