X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=f07b057a7816f72ee7076278eed3b677cb1c6c32;hp=c97eac07a05d8e7df43ba1676e7b76c7be0ca7ec;hb=0f3a135204757cc8750262871c8e62c42300acb4;hpb=82cbb1b75e0091b6333fefd045903329b234b9fb diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index c97eac07a0..f07b057a78 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -52,7 +52,7 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) { // Is the entry there? if (SQL_HASZERONUMS($result)) { // Ok, let's create the admin login - SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')", + SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`,`password`,`email`) VALUES ('%s', '%s', '%s')", array( $adminLogin, $passHash, @@ -74,7 +74,7 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) { function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) { // First of all, no admin login is found, so the admin hash is null $ret = '404'; - $adminHash = null; + $adminHash = NULL; // Get admin id from login $adminId = getAdminId($adminLogin); @@ -97,7 +97,7 @@ function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) { // All fine $ret = 'done'; } else { - // Set status + // Did not match! $ret = 'password'; } } // END - if @@ -235,7 +235,7 @@ LIMIT 1", // Checks wether current admin is allowed to access given action/what combination // (only one is allowed to be null!) -function isAdminAllowedAccessMenu ($action, $what = null) { +function isAdminAllowedAccessMenu ($action, $what = NULL) { // Do we have cache? if (!isset($GLOBALS[__FUNCTION__][$action][$what])) { // ACL is always 'allow' when no ext-admins is installed @@ -259,7 +259,7 @@ function addAdminMenu ($action, $what, $return = false) { // Build main menu $result_main = SQL_QUERY("SELECT - `action`, `title`, `descr` + `action`,`title`,`descr` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE @@ -296,7 +296,7 @@ ORDER BY $OUT .= '['; } } else { - $OUT .= ''; + $OUT .= ''; } $OUT .= $title; @@ -316,7 +316,7 @@ ORDER BY // Check for menu entries $result_what = SQL_QUERY_ESC("SELECT - `what`, `title`, `descr` + `what`,`title`,`descr` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE @@ -359,7 +359,7 @@ ORDER BY $OUT .= '['; } } else { - $OUT .= ''; + $OUT .= ''; } $OUT .= $title_what; @@ -403,7 +403,7 @@ ORDER BY // Create member selection box function addMemberSelectionBox ($def = 0, $add_all = false, $return = false, $none = false, $field = 'userid') { // Output selection form with all confirmed user accounts listed - $result = SQL_QUERY("SELECT `userid`, `surname`, `family` FROM `{?_MYSQL_PREFIX?}_user_data` ORDER BY `userid` ASC", __FUNCTION__, __LINE__); + $result = SQL_QUERY("SELECT `userid`,`surname`,`family` FROM `{?_MYSQL_PREFIX?}_user_data` ORDER BY `userid` ASC", __FUNCTION__, __LINE__); // Default output $OUT = ''; @@ -441,7 +441,7 @@ function adminMenuSelectionBox_DEPRECATED ($mode, $default = '', $defid = '') { $what = "`what` != '' AND `what` IS NOT NULL"; if ($mode == 'action') $what = "(`what`='' OR `what` IS NULL) AND `action` != 'login'"; - $result = SQL_QUERY_ESC("SELECT `%s` AS `menu`, `title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC", + $result = SQL_QUERY_ESC("SELECT `%s` AS `menu`,`title` FROM `{?_MYSQL_PREFIX?}_admin_menu` WHERE ".$what." ORDER BY `sort` ASC", array($mode), __FUNCTION__, __LINE__); if (!SQL_HASZERONUMS($result)) { // Load menu as selection @@ -543,7 +543,7 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement $whereStatement ); } else { - // Add Line (does only work with auto_increment! + // Add Line (does only work with AUTO_INCREMENT! $keys = array(); $values = array(); foreach ($tableData as $entry) { // Split up @@ -553,7 +553,7 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement } // END - foreach // Add both in one line - $keys = implode('`, `', $keys); + $keys = implode('`,`', $keys); $values = implode(', ', $values); // Generate SQL string @@ -626,9 +626,9 @@ function generateUserProfileLink ($userid, $title = '', $what = 'list_user') { if (($title == '') && (isValidUserId($userid))) { // Set userid as title $title = $userid; - } elseif ($userid == 0) { + } elseif (!isValidUserId($userid)) { // User id zero is invalid - return '' . $userid . ''; + return '' . makeNullToZero($userid) . ''; } if (($title == '0') && ($what == 'list_refs')) { @@ -751,7 +751,16 @@ function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') { } // Send mails for del/edit/lock build modes -function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $userid = 'userid') { +function sendAdminBuildMails ($mode, $tableName, $content, $id, $subjectPart = '', $userIdColumn = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'tableName[]=' . gettype($tableName) . '!=array'); + } elseif ((!is_array($userIdColumn)) || (count($userIdColumn) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } // END - if + // Default subject is the subject part $subject = $subjectPart; @@ -762,40 +771,54 @@ function sendAdminBuildMails ($mode, $table, $content, $id, $subjectPart = '', $ } // END - if // Is the raw userid set? - if (postRequestParameter($userid, $id) > 0) { + if (postRequestParameter($userIdColumn[0], $id) > 0) { // Load email template if (!empty($subjectPart)) { - $mail = loadEmailTemplate('member_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content); + $mail = loadEmailTemplate('member_' . $mode . '_' . strtolower($subjectPart) . '_' . $tableName[0], $content); } else { - $mail = loadEmailTemplate('member_' . $mode . '_' . $table, $content); + $mail = loadEmailTemplate('member_' . $mode . '_' . $tableName[0], $content); } // Send email out - sendEmail(postRequestParameter($userid, $id), strtoupper('{--MEMBER_' . $subject . '_' . $table . '_SUBJECT--}'), $mail); + sendEmail(postRequestParameter($userIdColumn[0], $id), strtoupper('{--MEMBER_' . $subject . '_' . $tableName[0] . '_SUBJECT--}'), $mail); } // END - if // Generate subject - $subject = strtoupper('{--ADMIN_' . $subject . '_' . $table . '_SUBJECT--}'); + $subject = strtoupper('{--ADMIN_' . $subject . '_' . $tableName[0] . '_SUBJECT--}'); // Send admin notification out if (!empty($subjectPart)) { - sendAdminNotification($subject, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $table, $content, postRequestParameter($userid, $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . strtolower($subjectPart) . '_' . $tableName[0], $content, postRequestParameter($userIdColumn[0], $id)); } else { - sendAdminNotification($subject, 'admin_' . $mode . '_' . $table, $content, postRequestParameter($userid, $id)); + sendAdminNotification($subject, 'admin_' . $mode . '_' . $tableName[0], $content, postRequestParameter($userIdColumn[0], $id)); } } // Build a special template list -function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $userid = 'userid') { +function adminListBuilder ($listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId = array('userid')) { + // $tableName and $idColumn must bove be arrays! + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif ((!is_array($userIdColumn)) || (count($userIdColumn) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } + + // Init row output $OUT = ''; // "Walk" through all entries - foreach ($IDs as $id => $selected) { + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'listType=
'.print_r($listType,true).'
,tableName
'.print_r($tableName,true).'
,columns=
'.print_r($columns,true).'
,filterFunctions=
'.print_r($filterFunctions,true).'
,extraValues=
'.print_r($extraValues,true).'
,idColumn=
'.print_r($idColumn,true).'
,userIdColumn=
'.print_r($userIdColumn,true).'
,rawUserId=
'.print_r($rawUserId,true).'
'); + foreach (postRequestParameter($idColumn[0]) as $id => $selected) { // Secure id number $id = bigintval($id); // Get result from a given column array and table name - $result = SQL_RESULT_FROM_ARRAY($table, $columns, $idColumn, $id, __FUNCTION__, __LINE__); + $result = SQL_RESULT_FROM_ARRAY($tableName[0], $columns, $idColumn[0], $id, __FUNCTION__, __LINE__); // Is there one entry? if (SQL_NUMROWS($result) == 1) { @@ -808,28 +831,34 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, $idx = array_search($key, $columns, true); // Do we have a userid? - if ($key == $userIdColumn) { + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key=' . $key . ',userIdColumn=' . $userIdColumn[0]); + if ($key == $userIdColumn[0]) { // Add it again as raw id - $content[$userIdColumn] = bigintval($value); - $content[$userIdColumn . '_raw'] = $content[$userIdColumn]; + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'key=' . $key . ',userIdColumn=' . $userIdColumn[0]); + $content[$userIdColumn[0]] = bigintval($value); + $content[$userIdColumn[0] . '_raw'] = $content[$userIdColumn[0]]; } // END - if // If the key matches the idColumn variable, we need to temporary remember it - //* DEBUG: */ debugOutput('key=' . $key . ',idColumn=' . $idColumn . ',value=' . $value); - if ($key == $idColumn) { + //* DEBUG: */ debugOutput('key=' . $key . ',idColumn=' . $idColumn[0] . ',value=' . $value); + if ($key == $idColumn[0]) { // Found, so remember it $GLOBALS['admin_list_builder_id_value'] = $value; } // END - if // Handle the call in external function //* DEBUG: */ debugOutput('key=' . $key . ',fucntion=' . $filterFunctions[$idx] . ',value=' . $value); - $content[$key] = handleExtraValues($filterFunctions[$idx], $value, $extraValues[$idx]); + $content[$key] = handleExtraValues( + $filterFunctions[$idx], + $value, + $extraValues[$idx] + ); } // END - foreach // Then list it $OUT .= loadTemplate(sprintf("admin_%s_%s_row", $listType, - $table + $tableName[0] ), true, $content ); } // END - if @@ -841,23 +870,39 @@ function adminListBuilder ($listType, $IDs, $table, $columns, $filterFunctions, // Load master template loadTemplate(sprintf("admin_%s_%s", $listType, - $table + $tableName[0] ), false, $OUT ); } // Change status of "build" list -function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray, $userid = 'userid') { +function adminBuilderStatusHandler ($mode, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray, $rawUserId = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif ((!is_array($userIdColumn)) || (count($userIdColumn) != 1)) { + // $tableName is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (count($statusArray) > 0)) { // "Walk" through all entries - foreach ($IDs as $id => $sel) { + foreach (postRequestParameter($idColumn[0]) as $id => $sel) { // Construct SQL query - $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", SQL_ESCAPE($table)); + $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", SQL_ESCAPE($tableName[0])); // Load data of entry $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", - array($table, $idColumn, $id), __FUNCTION__, __LINE__); + array( + $tableName[0], + $idColumn[0], + $id + ), __FUNCTION__, __LINE__); // Fetch the data $content = SQL_FETCHARRAY($result); @@ -873,7 +918,7 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti // Does the entry exist? if ((isset($content[$column])) && (isset($statusInfo[$content[$column]]))) { // Add these entries for update - $sql .= sprintf(" %s='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]])); + $sql .= sprintf(" `%s`='%s',", SQL_ESCAPE($column), SQL_ESCAPE($statusInfo[$content[$column]])); // Remember status if ($statusColumn == 'unknown') { @@ -894,14 +939,14 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti logDebugMessage(__FUNCTION__, __LINE__, 'Found entry: ' . $key); // Skip id, raw userid and 'do_$mode' - if (!in_array($key, array($idColumn, $userid, ('do_' . $mode)))) { + if (!in_array($key, array($idColumn[0], $rawUserId[0], ('do_' . $mode)))) { // Are there brackets () at the end? if (substr($entries[$id], -2, 2) == '()') { // Direct SQL command found - $sql .= sprintf(" %s=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); + $sql .= sprintf(" `%s`=%s,", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); } else { // Add regular entry - $sql .= sprintf(" %s='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); + $sql .= sprintf(" `%s`='%s',", SQL_ESCAPE($key), SQL_ESCAPE($entries[$id])); // Add entry $content[$key] = $entries[$id]; @@ -914,7 +959,7 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti // Finish SQL statement $sql = substr($sql, 0, -1) . sprintf(" WHERE `%s`=%s AND `%s`='%s' LIMIT 1", - $idColumn, + $idColumn[0], bigintval($id), $statusColumn, $oldStatus @@ -930,30 +975,45 @@ function adminBuilderStatusHandler ($mode, $IDs, $table, $columns, $filterFuncti } // END - if // Send "build mails" out - sendAdminBuildMails($mode, $table, $content, $id, $statusInfo[$content[$column]]); + sendAdminBuildMails($mode, $tableName, $content, $id, $statusInfo[$content[$column]], $userIdColumn); } // END - foreach } // END - if } // Delete rows by given id numbers -function adminDeleteEntriesConfirm ($IDs, $table, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = false, $idColumn = 'id', $userIdColumn = 'userid', $userid = 'userid') { +function adminDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($userIdColumn)) { + // $userIdColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } elseif (!is_array($deleteNow)) { + // $deleteNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'deleteNow[]=' . gettype($deleteNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { // Shall we delete here or list for deletion? - if ($deleteNow === true) { + if ($deleteNow[0] === true) { // The base SQL command: $sql = "DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s` IN (%s)"; // Delete them all $idList = ''; - foreach ($IDs as $id => $sel) { + foreach (postRequestParameter($idColumn[0]) as $id => $sel) { // Is there a userid? - if (isPostRequestParameterSet($userid, $id)) { + if (isPostRequestParameterSet($rawUserId[0], $id)) { // Load all data from that id $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", array( - $table, - $idColumn, + $tableName[0], + $idColumn[0], $id ), __FUNCTION__, __LINE__); @@ -964,7 +1024,7 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns = array(), $filterFun SQL_FREERESULT($result); // Send "build mails" out - sendAdminBuildMails('delete', $table, $content, $id); + sendAdminBuildMails('delete', $tableName, $content, $id, '', $userIdColumn); } // END - if // Add id number @@ -972,48 +1032,64 @@ function adminDeleteEntriesConfirm ($IDs, $table, $columns = array(), $filterFun } // END - foreach // Run the query - SQL_QUERY_ESC($sql, array($table, $idColumn, substr($idList, 0, -1)), __FUNCTION__, __LINE__); + SQL_QUERY_ESC($sql, array($tableName[0], $idColumn[0], substr($idList, 0, -1)), __FUNCTION__, __LINE__); // Was this fine? - if (SQL_AFFECTEDROWS() == count($IDs)) { + if (SQL_AFFECTEDROWS() == count(postRequestParameter($idColumn[0]))) { // All deleted displayMessage('{--ADMIN_ALL_ENTRIES_REMOVED--}'); } else { // Some are still there :( - displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_DELETED'), SQL_AFFECTEDROWS(), count($IDs))); + displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_DELETED'), SQL_AFFECTEDROWS(), count(postRequestParameter($idColumn[0])))); } } else { // List for deletion confirmation - adminListBuilder('delete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('delete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } // Edit rows by given id numbers -function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunctions = array(), $extraValues = array(), $editNow = false, $idColumn = 'id', $userIdColumn = 'userid', $userid = 'userid') { +function adminEditEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $editNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($userIdColumn)) { + // $userIdColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'userIdColumn[]=' . gettype($userIdColumn) . '!=array'); + } elseif (!is_array($editNow)) { + // $editNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'editNow[]=' . gettype($editNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { + //* DEBUG: */ debug_report_bug(__FUNCTION__, __LINE__, 'idColumn=
'.print_r($idColumn,true).'
,tableName
'.print_r($tableName,true).'
,columns=
'.print_r($columns,true).'
,filterFunctions=
'.print_r($filterFunctions,true).'
,extraValues=
'.print_r($extraValues,true).'
,editNow=
'.print_r($editNow,true).'
,userIdColumn=
'.print_r($userIdColumn,true).'
,rawUserId=
'.print_r($rawUserId,true).'
'); + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues))) { // Shall we change here or list for editing? - if ($editNow === true) { + if ($editNow[0] === true) { // Change them all $affected = '0'; - foreach ($IDs as $id => $sel) { + foreach (postRequestParameter($idColumn[0]) as $id => $sel) { // Prepare content array (new values) $content = array(); // Prepare SQL for this row $sql = sprintf("UPDATE `{?_MYSQL_PREFIX?}_%s` SET", - SQL_ESCAPE($table) + SQL_ESCAPE($tableName[0]) ); foreach (postRequestArray() as $key => $entries) { // Skip raw userid which is always invalid - if ($key == $userid) { + if ($key == $rawUserId[0]) { // Continue with next field continue; } // END - if // Is entries an array? - if (($key != $idColumn) && (is_array($entries)) && (isset($entries[$id]))) { + if (($key != $idColumn[0]) && (is_array($entries)) && (isset($entries[$id]))) { // Add this entry to content $content[$key] = $entries[$id]; @@ -1028,7 +1104,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunct SQL_ESCAPE($key), SQL_ESCAPE($entries[$id]) ); - } elseif (($key != $idColumn) && (!is_array($entries))) { + } elseif (($key != $idColumn[0]) && (!is_array($entries))) { // Add normal entries as well! $content[$key] = $entries; } @@ -1041,7 +1117,7 @@ function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunct } // END - foreach // Finish SQL command - $sql = substr($sql, 0, -1) . " WHERE `" . $idColumn . "`=" . bigintval($id) . " LIMIT 1"; + $sql = substr($sql, 0, -1) . " WHERE `" . $idColumn[0] . "`=" . bigintval($id) . " LIMIT 1"; // Run this query SQL_QUERY($sql, __FUNCTION__, __LINE__); @@ -1051,7 +1127,11 @@ function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunct // Load all data from that id $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_%s` WHERE `%s`=%s LIMIT 1", - array($table, $idColumn, $id), __FUNCTION__, __LINE__); + array( + $tableName[0], + $idColumn[0], + $id + ), __FUNCTION__, __LINE__); // Fetch the data and merge it into $content $content = merge_array($content, SQL_FETCHARRAY($result)); @@ -1060,54 +1140,255 @@ function adminEditEntriesConfirm ($IDs, $table, $columns = array(), $filterFunct SQL_FREERESULT($result); // Send "build mails" out - sendAdminBuildMails('edit', $table, $content, $id); + sendAdminBuildMails('edit', $tableName, $content, $id, '', $userIdColumn); } // END - foreach // Was this fine? - if ($affected == count($IDs)) { + if ($affected == count(postRequestParameter($idColumn[0]))) { // All deleted displayMessage('{--ADMIN_ALL_ENTRIES_EDITED--}'); } else { // Some are still there :( - displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_EDITED'), $affected, count($IDs))); + displayMessage(sprintf(getMessage('ADMIN_SOME_ENTRIES_NOT_EDITED'), $affected, count(postRequestParameter($idColumn[0])))); } } else { // List for editing - adminListBuilder('edit', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('edit', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } - } // END - if + } else { + // Maybe some invalid parameters + debug_report_bug(__FUNCTION__, __LINE__, 'tableName=' . $tableName[0] . ',columns[]=' . gettype($columns) . ',filterFunctions[]=' . gettype($filterFunctions) . ',extraValues[]=' . gettype($extraValues) . ',idColumn=' . $idColumn[0] . ',userIdColumn=' . $userIdColumn[0] . ' - INVALID!'); + } } // Un-/lock rows by given id numbers -function adminLockEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $lockNow=false, $idColumn='id', $userIdColumn='userid') { +function adminLockEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $statusArray = array(), $lockNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($lockNow)) { + // $lockNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'lockNow[]=' . gettype($lockNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($lockNow === false) || (count($statusArray) == 1))) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($lockNow[0] === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? - if ($lockNow === true) { + if ($lockNow[0] === true) { // Un-/lock entries - adminBuilderStatusHandler('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('lock', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - adminListBuilder('lock', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('lock', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } // Undelete rows by given id numbers -function adminUndeleteEntriesConfirm ($IDs, $table, $columns=array(), $filterFunctions=array(), $extraValues=array(), $statusArray=array(), $undeleteNow=false, $idColumn='id', $userIdColumn='userid') { +function adminUndeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $statusArray = array(), $undeleteNow = array(false), $idColumn = array('id'), $userIdColumn = array('userid')) { + // $tableName must be an array + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (!is_array($idColumn)) { + // $idColumn is no array + debug_report_bug(__FUNCTION__, __LINE__, 'idColumn[]=' . gettype($idColumn) . '!=array'); + } elseif (!is_array($undeleteNow)) { + // $undeleteNow is no array + debug_report_bug(__FUNCTION__, __LINE__, 'undeleteNow[]=' . gettype($undeleteNow) . '!=array'); + } // END - if + // All valid entries? (We hope so here!) - if ((is_array($IDs)) && (count($IDs) > 0) && (count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($undeleteNow === false) || (count($statusArray) == 1))) { + if ((count($columns) == count($filterFunctions)) && (count($columns) == count($extraValues)) && (($undeleteNow[0] === false) || (count($statusArray) == 1))) { // Shall we un-/lock here or list for locking? - if ($undeleteNow === true) { + if ($undeleteNow[0] === true) { // Undelete entries - adminBuilderStatusHandler('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); + adminBuilderStatusHandler('undelete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $statusArray); } else { // List for editing - adminListBuilder('undelete', $IDs, $table, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); + adminListBuilder('undelete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn); } } // END - if } +// Adds a given entry to the database +function adminAddEntries ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array()) { + //* DEBUG: */ die('columns=
'.print_r($columns,true).'
,filterFunctions=
'.print_r($filterFunctions,true).'
,extraValues=
'.print_r($extraValues,true).'
,POST=
'.print_r($_POST,true).'
'); + // Verify that tableName and columns are not empty + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array'); + } elseif (count($columns) == 0) { + // No columns specified + debug_report_bug(__FUNCTION__, __LINE__, 'columns is not given. Please fix your XML.'); + } + + // Init columns and value elements + $sqlColumns = array(); + $sqlValues = array(); + + // Add columns and values + foreach ($columns as $key=>$columnName) { + // Copy entry to final arrays + $sqlColumns[$key] = $columnName; + $sqlValues[$key] = postRequestParameter($columnName); + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'key='.$key.',columnName='.$columnName.',filterFunctions='.$filterFunctions[$key].',extraValues='.intval(isset($extraValues[$key])).',extraValuesName='.intval(isset($extraValues[$columnName . '_list'])).'
'); + + // Send data through the filter function if found + if ((isset($filterFunctions[$key])) && (isset($extraValues[$key . '_list']))) { + // Filter function set! + $sqlValues[$key] = call_user_func_array($filterFunctions[$key], merge_array(array($columnName), $extraValues[$key . '_list'])); + } // END - if + } // END - foreach + + // Build the SQL query + $SQL = 'INSERT INTO `{?_MYSQL_PREFIX?}_' . $tableName[0] . '` (`' . implode('`, `', $sqlColumns) . "`) VALUES('" . implode("','", $sqlValues) . "')"; + + // Run the SQL query + SQL_QUERY($SQL, __FUNCTION__, __LINE__); + + // Entry has been added? + if (!SQL_HASZEROAFFECTED()) { + // Display success message + displayMessage('{--ADMIN_ENTRY_ADDED--}'); + } else { + // Display failed message + displayMessage('{--ADMIN_ENTRY_NOT_ADDED--}'); + } +} + +// List all given rows (callback function from XML) +function adminListEntries ($tableTemplate, $rowTemplate, $noEntryMessageId, $tableName, $columns, $whereColumns, $orderByColumns, $callbackColumns, $extraParameters = array()) { + // Verify that tableName and columns are not empty + if ((!is_array($tableName)) || (count($tableName) != 1)) { + // No tableName specified + debug_report_bug(__FUNCTION__, __LINE__, 'tableName is not given. Please fix your XML,tableName[]=' . gettype($tableName) . '!=array,tableTemplate=' . $tableTemplate . ',rowTemplate=' . $rowTemplate); + } elseif (count($columns) == 0) { + // No columns specified + debug_report_bug(__FUNCTION__, __LINE__, 'columns is not given. Please fix your XML,tableTemplate=' . $tableTemplate . ',rowTemplate=' . $rowTemplate . ',tableName[0]=' . $tableName[0]); + } + + // This is the minimum query, so at least columns and tableName must have entries + $SQL = 'SELECT '; + foreach ($columns as $columnArray) { + // Init SQL part + $sqlPart = ''; + // Do we have a table/alias + if (!empty($columnArray['table'])) { + // Pre-add it + $sqlPart .= $columnArray['table'] . '.'; + } // END - if + + // Add column + $sqlPart .= '`' . $columnArray['column'] . '`'; + + // Is a function and alias set? + if ((!empty($columnArray['function'])) && (!empty($columnArray['alias']))) { + // Add both + $sqlPart = $columnArray['function'] . '(' . $sqlPart . ') AS `' . $columnArray['alias'] . '`'; + } // END - if + + // Add finished SQL part to the query + $SQL .= $sqlPart . ','; + } // END - foreach + + // Remove last commata and add FROM statement + $SQL = substr($SQL, 0, -1) . ' FROM `{?_MYSQL_PREFIX?}_' . $tableName[0] . '`'; + + // Do we have entries from whereColumns to add? + if (count($whereColumns) > 0) { + // Then add these as well + if (count($whereColumns) == 1) { + // One entry found + $SQL .= ' WHERE '; + + // Table/alias included? + if (!empty($whereColumns[0]['table'])) { + // Add it as well + $SQL .= $whereColumns[0]['table'] . '.'; + } // END - if + + // Add the rest + $SQL .= '`' . $whereColumns[0]['column'] . '`' . $whereColumns[0]['condition'] . "'" . $whereColumns[0]['look_for'] . "'"; + } else { + // More than one entry -> Unsupported + debug_report_bug(__FUNCTION__, __LINE__, 'More than one WHERE statement found. This is currently not supported.'); + } + } // END - if + + // Do we have entries from orderByColumns to add? + if (count($orderByColumns) > 0) { + // Add them as well + $SQL .= ' ORDER BY '; + foreach ($orderByColumns as $orderByColumn=>$array) { + // Get keys (table/alias) and values (sorting itself) + $table = trim(implode('', array_keys($array))); + $sorting = trim(implode('', array_keys($array))); + + // table/alias can be omitted + if (!empty($table)) { + // table/alias is given + $SQL .= $table . '.'; + } // END - if + + // Add order-by column + $SQL .= '`' . $orderByColumn . '` ' . $sorting . ','; + } // END - foreach + + // Remove last column + $SQL = substr($SQL, 0, -1); + } // END - if + + // Now handle all over to the inner function which will execute the listing + doAdminListEntries($SQL, $tableTemplate, $noEntryMessageId, $rowTemplate, $callbackColumns, $extraParameters = array()); +} + +// Do the listing of entries +function doAdminListEntries ($SQL, $tableTemplate, $noEntryMessageId, $rowTemplate, $callbackColumns, $extraParameters = array()) { + // Run the SQL query + $result = SQL_QUERY($SQL, __FUNCTION__, __LINE__); + + // Do we have some URLs left? + if (!SQL_HASZERONUMS($result)) { + // List all URLs + $OUT = ''; + while ($content = SQL_FETCHARRAY($result)) { + // "Translate" content + foreach ($callbackColumns as $column=>$callbackFunction) { + // Fill the callback arguments + $args = array($content[$column]); + + // Do we have more to add? + if (isset($extraParameters[$column])) { + // Add them as well + merge_array($args, $extraParameters[$column]); + } // END - if + + // Call the callback-function + //* NOISY-DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'callbackFunction=' . $callbackFunction . ',args=
'.print_r($args, true).'
'); + // @TODO If we can rewrite the EL sub-system to support more than one parameter, this call_user_func_array() can be avoided + $content[$column] = call_user_func_array($callbackFunction, $args); + } // END - foreach + + // Load row template + $OUT .= loadTemplate(trim($rowTemplate[0]), true, $content); + } // END - while + + // Load main template + loadTemplate(trim($tableTemplate[0]), false, $OUT); + } else { + // No URLs in surfbar + displayMessage('{--' .$noEntryMessageId[0] . '--}'); + } + + // Free result + SQL_FREERESULT($result); +} + // Checks proxy settins by fetching check-updates3.php from www.mxchange.org function adminTestProxySettings ($settingsArray) { // Set temporary the new settings @@ -1129,7 +1410,7 @@ function sendAdminPasswordResetLink ($email) { $OUT = ''; // Look up administator login - $result = SQL_QUERY_ESC("SELECT `id`, `login`, `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT `id`,`login`,`password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `email`='%s' LIMIT 1", array($email), __FUNCTION__, __LINE__); // Is there an account? @@ -1167,7 +1448,7 @@ function adminResetValidateHashLogin ($hash, $login) { $valid = false; // Then try to find that user - $result = SQL_QUERY_ESC("SELECT `id`, `password`, `email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", + $result = SQL_QUERY_ESC("SELECT `id`,`password`,`email` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", array($login), __FUNCTION__, __LINE__); // Is an account here? @@ -1194,12 +1475,17 @@ function doResetAdminPassword ($login, $password) { // Generate hash (we already check for sql_patches in generateHash()) $passHash = generateHash($password); + // Prepare fake POST data + $postData = array( + 'login' => array(getAdminId($login) => $login), + 'password' => array(getAdminId($login) => $passHash), + ); + // Update database - SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `login`='%s' LIMIT 1", - array($passHash, $login), __FUNCTION__, __LINE__); + $message = adminsChangeAdminAccount($postData, '', false); // Run filters - runFilterChain('post_form_reset_pass', array('login' => $login, 'hash' => $passHash)); + runFilterChain('post_form_reset_pass', array('login' => $login, 'hash' => $passHash, 'message' => $message)); // Return output return '{--ADMIN_PASSWORD_RESET_DONE--}'; @@ -1219,14 +1505,11 @@ function adminDeleteTask ($id) { // Function to update task data function adminUpdateTaskData ($id, $row, $data) { - // Should be admin! + // Should be admin and valid id if (!isAdmin()) { // Not an admin so redirect better - redirectToUrl('modules.php?module=index'); - } // END - if - - // Is the id not set, then we need a backtrace here... :( - if ($id <= 0) { + debug_report_bug(__FUNCTION__, __LINE__, 'id=' . $id . ',row=' . $row . ',data=' . $data . ' - isAdmin()=false'); + } elseif ($id <= 0) { // Initiate backtrace debug_report_bug(__FUNCTION__, __LINE__, sprintf("id is invalid: %s. row=%s, data=%s", $id, @@ -1295,11 +1578,11 @@ function generateAdminLink ($adminId) { $adminLink = '' . $login . ''; } else { // Extension not found - $adminLink = getMaskedMessage('ADMIN_TASK_ROW_EXTENSION_NOT_INSTALLED', 'admins'); + $adminLink = '{%message,ADMIN_TASK_ROW_EXTENSION_NOT_INSTALLED=admins%}'; } } else { // Maybe deleted? - $adminLink = '
' . getMaskedMessage('ADMIN_ID_404', $adminId) . '
'; + $adminLink = '
{%message,ADMIN_ID_404=' . $adminId . '%}
'; } } // END - if @@ -1500,7 +1783,7 @@ function adminProcessMenuEditForm ($type, $subMenu) { default: // Unexpected action logDebugMessage(__FILE__, __LINE__, sprintf("Unsupported action %s detected.", postRequestParameter('ok'))); - displayMessage(getMaskedMessage('ADMIN_UNKNOWN_OKAY', postRequestParameter('ok'))); + displayMessage('{%message,ADMIN_UNKNOWN_OKAY=' . postRequestParameter('ok') . '%}'); break; } // END - switch } // END - foreach