X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fwhat-config_admins.php;h=d74d041d96281c950ab87a8d6986528d30242405;hp=c20a8c4f8fab4db9d9068871539a5b83c2534c28;hb=6586600d8020147192e5f28ca2a3a0153f774d3c;hpb=52e8a0635bd0b7c653845685c55e4e5f251375fe

diff --git a/inc/modules/admin/what-config_admins.php b/inc/modules/admin/what-config_admins.php
index c20a8c4f8f..d74d041d96 100644
--- a/inc/modules/admin/what-config_admins.php
+++ b/inc/modules/admin/what-config_admins.php
@@ -32,25 +32,23 @@
  ************************************************************************/
 
 // Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
 	$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
 	require($INC);
 }
+
 // Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
 
 $SEL = 0;
 if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
 
-if ((isset($_POST['edit'])) && ($SEL > 0))
-{
+if ((isset($_POST['edit'])) && ($SEL > 0)) {
 	// Edit ACLs
 	$SW = 2; $OUT = "";
-	foreach ($_POST['sel'] as $id=>$sel)
-	{
+	foreach ($_POST['sel'] as $id => $sel) {
 		// Load data for the ID
-		$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
 		 array(bigintval($id)), __FILE__, __LINE__);
 		list($aid, $act, $wht, $mode) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
@@ -78,56 +76,50 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
 
 	// Load main template
 	LOAD_TEMPLATE("admin_config_admins_edit");
-}
- elseif ((isset($_POST['change'])) && ($SEL > 0))
-{
+} elseif ((isset($_POST['change'])) && ($SEL > 0)) {
 	// Change entries
-	foreach ($_POST['sel'] as $id=>$sel)
-	{
+	foreach ($_POST['sel'] as $id => $sel) {
 		// Secure ID
 		$id = bigintval($id);
 
 		// Update entries
-		$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%d, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins_acls SET admin_id=%s, action_menu='%s', what_menu='%s', access_mode='%s' WHERE id=%s LIMIT 1",
 		 array($_POST['admin'][$id], $_POST['action_menu'][$id], $_POST['what_menu'][$id], $_POST['mode'][$id], $id),__FILE__, __LINE__);
 	}
 
 	// Update cache when installed
-	if (EXT_IS_ACTIVE("cache"))
-	{
-		if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
+	if (EXT_IS_ACTIVE("cache")) {
+		if ($cacheInstance->loadCacheFile("admins_acls")) $cacheInstance->destroyCacheFile();
+
+		// Purge menu cache
+		CACHE_PURGE_ADMIN_MENU($_POST['admin'][$id]);
 	}
 
 	// Entries changed
 	LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_ENTRIES_CHANGED);
-}
- elseif ((isset($_POST['del'])) && ($SEL > 0))
-{
+} elseif ((isset($_POST['del'])) && ($SEL > 0)) {
 	// Delete ACLs
 	$SW = 2; $OUT = "";
-	foreach ($_POST['sel'] as $id=>$sel)
-	{
+	foreach ($_POST['sel'] as $id => $sel) {
 		// Load data for the ID
-		$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+		$result = SQL_QUERY_ESC("SELECT admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
 		 array(bigintval($id)), __FILE__, __LINE__);
 		list($admin, $act, $wht, $mode) = SQL_FETCHROW($result);
 		SQL_FREERESULT($result);
 
 		// Prepare variables
 		if (empty($act)) $act = "---";
-		if (empty($wht))   $wht   = "---";
-		$eval = "\$mode = ADMINS_".strtoupper($mode)."_MODE;";
-		eval($eval);
+		if (empty($wht)) $wht   = "---";
+
+		// Get admin mode
+		$mode = constant('ADMINS_'.strtoupper($mode).'_MODE');
 
 		// Load admin's data
 		$login = GET_ADMIN_LOGIN($admin);
-		if ($login != "***")
-		{
+		if ($login != "***") {
 			// Admin found
 			$admin = "<A href=\"".URL."/modules.php?module=admin&amp;what=admins_contct&amp;admin=".$admin."\">".$login."</A>";
-		}
-		 else
-		{
+		} else {
 			// Maybe deleted?
 			$admin = "<FONT class=\"admin_note\">".ADMIN_ID_404_1.$admin.ADMIN_ID_404_2."</FONT>";
 		}
@@ -150,57 +142,47 @@ if ((isset($_POST['edit'])) && ($SEL > 0))
 
 	// Load main template
 	LOAD_TEMPLATE("admin_config_admins_del");
-}
- elseif ((isset($_POST['remove'])) && ($SEL > 0))
-{
+} elseif ((isset($_POST['remove'])) && ($SEL > 0)) {
 	// Remove entries
-	foreach ($_POST['sel'] as $id=>$sel)
-	{
-		$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%d LIMIT 1",
+	foreach ($_POST['sel'] as $id => $sel) {
+		$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_admins_acls WHERE id=%s LIMIT 1",
 		 array(bigintval($id)),__FILE__, __LINE__);
 	}
 
 	// Update cache when installed
-	if (EXT_IS_ACTIVE("cache"))
-	{
-		if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
+	if (EXT_IS_ACTIVE("cache")) {
+		if ($cacheInstance->loadCacheFile("admins_acls")) $cacheInstance->destroyCacheFile();
+
+		// @TODO This causes the whole (!) menu cache being rebuild
+		CACHE_PURGE_ADMIN_MENU();
 	}
 
 	// Entries deleted
 	LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_ADMINS_ENTRIES_DELETED);
-}
- elseif (isset($_POST['add']))
-{
+} elseif (isset($_POST['add'])) {
 	// Check if everything is fine...
-	$result = SQL_QUERY_ESC("SELECT default_acl FROM "._MYSQL_PREFIX."_admins WHERE id=%d LIMIT 1",
-	 array(bigintval($_POST['admin_id'])), __FILE__, __LINE__);
-	list($mode) = SQL_FETCHROW($result);
-	SQL_FREERESULT($result);
+	$mode = GET_ADMIN_DEFAULT_ACL(bigintval($_POST['admin_id']));
 
 	// Default ACL is false
 	$ACL = false;
-	if (!empty($_POST['what_menu']))
-	{
+	if (!empty($_POST['what_menu'])) {
 		// Check parent ACL
 		$ACL = ADMINS_CHECK_ACL(GET_ACTION("admin", $_POST['what_menu']), "");
 	}
 
-	if ($mode != $_POST['mode'] || ($ACL))
-	{
+	if ($mode != $_POST['mode'] || ($ACL)) {
 		// Mode is fine
 		$BOTH = ((!empty($_POST['action_menu'])) && (!empty($_POST['what_menu'])));
-		if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH))
-		{
+		if (((!empty($_POST['action_menu'])) || (!empty($_POST['what_menu']))) && (!$BOTH)) {
 			// Main or sub menu selected
-			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%d AND action_menu='%s' AND what_menu='%s' LIMIT 1",
+			$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins_acls WHERE admin_id=%s AND action_menu='%s' AND what_menu='%s' LIMIT 1",
 			 array(bigintval($_POST['admin_id']), $_POST['action_menu'], $_POST['what_menu']), __FILE__, __LINE__);
-			if (SQL_NUMROWS($result) == 0)
-			{
+			if (SQL_NUMROWS($result) == 0) {
 				// Finally add the new ACL
 				$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins_acls (admin_id, action_menu, what_menu, access_mode)
-VALUES ('%s', '%s', '%s', '%s')",
+VALUES ('%s','%s','%s','%s')",
  array(
-	$_POST['admin_id'],
+	bigintval($_POST['admin_id']),
 	$_POST['action_menu'],
 	$_POST['what_menu'],
 	$_POST['mode']
@@ -208,37 +190,31 @@ VALUES ('%s', '%s', '%s', '%s')",
 				$content = ADMIN_ADMINS_ACL_SAVED;
 
 				// Update cache when installed
-				if (EXT_IS_ACTIVE("cache"))
-				{
-					if ($cacheInstance->cache_file("admins_acls", true) == true) $cacheInstance->cache_destroy();
-				}
-			}
-			 else
-			{
+				if (EXT_IS_ACTIVE("cache")) {
+					if ($cacheInstance->loadCacheFile("admins_acls")) $cacheInstance->destroyCacheFile();
+
+					// Purge cache
+					CACHE_PURGE_ADMIN_MENU($_POST['admin_id'], $_POST['action_menu'], $_POST['what_menu']);
+				} // END - if
+			} else {
 				// ACL does already exist!
 				$content = ADMIN_ADMINS_ACL_ALREADY_ADDED;
 			}
 
 			// Free memory
 			SQL_FREERESULT($result);
-		}
-		 else
-		{
+		} else {
 			// No menu selected makes also no sence...
 			$content = ADMIN_ADMINS_SELECT_ACTION_WHAT;
 		}
-	}
-	 else
-	{
+	} else {
 		// Same mode makes no sence...
 		$content = ADMIN_ADMINS_SAME_MODE_SELECTED;
 	}
 
 	// Display message
 	LOAD_TEMPLATE("admin_settings_saved", false, $content);
-}
- else
-{
+} else {
 	// List all ACLs
 	$result_acls = SQL_QUERY("SELECT id, admin_id, action_menu, what_menu, access_mode FROM "._MYSQL_PREFIX."_admins_acls ORDER BY admin_id, id", __FILE__, __LINE__);
 	if (SQL_NUMROWS($result_acls) > 0)
@@ -250,8 +226,9 @@ VALUES ('%s', '%s', '%s', '%s')",
 			// Prepare variables
 			if (empty($act)) $act = "---";
 			if (empty($wht))   $wht   = "---";
-			$eval = "\$mode = ADMINS_".strtoupper($mode)."_MODE;";
-			eval($eval);
+
+			// Get mode
+			$mode = constant('ADMINS_'.strtoupper($mode).'_MODE');
 
 			// Load admin's data
 			$login = GET_ADMIN_LOGIN($admin);
@@ -298,5 +275,6 @@ VALUES ('%s', '%s', '%s', '%s')",
 	// Load template for adding new ACL
 	LOAD_TEMPLATE("admin_admins_add_acl");
 }
+
 //
 ?>