X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmysql-manager.php;h=2aedbdb8cf4a184929ffdf4ff3e81035af6b5c4e;hp=958e54ac6bd4c43ff6cceb9538cbdf857a92bf31;hb=74ea26a36ff202cfdca545025a17c9faf4d68efb;hpb=20a06616b67427859de74a0bfd9d40732c4ec68d diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index 958e54ac6b..2aedbdb8cf 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -1,7 +1,7 @@ "); + $modSplit = explode('_', $module); + $extension = ''; $module_chk = $module; + //* DEBUG: */ print(__LINE__."*".count($modSplit)."*/".$module."*
"); if (count($modSplit) == 2) { // Okay, there is a seperator (_) in the name so is the first part a module? - //* DEBUG: */ outputHtml(__LINE__."*".$modSplit[0]."*
"); + //* DEBUG: */ print(__LINE__."*".$modSplit[0]."*
"); if (isExtensionActive($modSplit[0])) { // The prefix is an extension's name, so let's set it - $extension = $modSplit[0]; $mod = $modSplit[1]; + $extension = $modSplit[0]; $module = $modSplit[1]; } // END - if } // END - if @@ -153,24 +158,28 @@ function checkModulePermissions ($mod = '') { return 'done'; } // END - if - // Init variables - $locked = 'Y'; - $hidden = 'N'; - $admin = 'N'; - $mem = 'N'; + // Init data array + $data = array( + 'locked' => 'Y', + 'hidden' => 'N', + 'admin_only' => 'N', + 'mem_only' => 'N' + ); + + // By default nothing is found $found = false; // Check if cache is latest version if (isExtensionInstalledAndNewer('cache', '0.1.2')) { // Is the cache there? //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using cache.'); - if (isset($GLOBALS['cache_array']['modules']['locked'][$mod_chk])) { + if (isset($GLOBALS['cache_array']['modules']['locked'][$module_chk])) { // Check cache //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Cache found.'); - $locked = $GLOBALS['cache_array']['modules']['locked'][$mod_chk]; - $hidden = $GLOBALS['cache_array']['modules']['hidden'][$mod_chk]; - $admin = $GLOBALS['cache_array']['modules']['admin_only'][$mod_chk]; - $mem = $GLOBALS['cache_array']['modules']['mem_only'][$mod_chk]; + $data['locked'] = $GLOBALS['cache_array']['modules']['locked'][$module_chk]; + $data['hidden'] = $GLOBALS['cache_array']['modules']['hidden'][$module_chk]; + $data['admin_only'] = $GLOBALS['cache_array']['modules']['admin_only'][$module_chk]; + $data['mem_only'] = $GLOBALS['cache_array']['modules']['mem_only'][$module_chk]; // Update cache hits incrementStatsEntry('cache_hits'); @@ -183,15 +192,15 @@ function checkModulePermissions ($mod = '') { // Check for module in database //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Using database.'); $result = SQL_QUERY_ESC("SELECT `locked`, `hidden`, `admin_only`, `mem_only` FROM `{?_MYSQL_PREFIX?}_mod_reg` WHERE `module`='%s' LIMIT 1", - array($mod_chk), __FUNCTION__, __LINE__); + array($module_chk), __FUNCTION__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Read data //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Entry found.'); - list($locked, $hidden, $admin, $mem) = SQL_FETCHROW($result); + $data = SQL_FETCHARRAY($result); $found = true; } elseif (isDebugModeEnabled()) { // Debug message only in debug-mode... - logDebugMessage(__FUNCTION__, __LINE__, 'Module ' . $mod_chk . ' not found!'); + logDebugMessage(__FUNCTION__, __LINE__, 'Module ' . $module_chk . ' not found!'); } // Free result @@ -203,26 +212,26 @@ function checkModulePermissions ($mod = '') { if ($found === true) { // Check returned values against current access permissions // - // Admin access ----- Guest access ----- --- Guest or member? --- - if ((isAdmin()) || (($locked != 'Y') && ($admin != 'Y') && (($mem != 'Y') || (isMember())))) { + // Admin access ----- Guest access ----- --- Guest or member? --- + if ((isAdmin()) || (($data['locked'] != 'Y') && ($data['admin_only'] != 'Y') && (($data['mem_only'] != 'Y') || (isMember())))) { // If you are admin you are welcome for everything! $ret = 'done'; - } elseif ($locked == 'Y') { + } elseif ($data['locked'] == 'Y') { // Module is locked $ret = 'locked'; - } elseif (($mem == 'Y') && (!isMember())) { + } elseif (($data['mem_only'] == 'Y') && (!isMember())) { // You have to login first! $ret = 'mem_only'; - } elseif (($admin == 'Y') && (!isAdmin())) { + } elseif (($data['admin_only'] == 'Y') && (!isAdmin())) { // Only the Admin is allowed to enter this module! $ret = 'admin_only'; } else { // @TODO Nothing helped??? logDebugMessage(__FUNCTION__, __LINE__, sprintf("ret=%s,locked=%s,admin=%s,mem=%s", $ret, - $locked, - $admin, - $mem + $data['locked'], + $data['admin_only'], + $data['mem_only'] )); } } // END - if @@ -230,19 +239,19 @@ function checkModulePermissions ($mod = '') { // Still no luck or not found? if (($found === false) && (!isExtensionActive('cache')) && ($ret != 'done')) { // ----- Legacy module ----- ---- Module in base folder ---- --- Module with extension's name --- - if ((isIncludeReadable(sprintf("inc/modules/%s.php", $mod))) || (isIncludeReadable(sprintf("%s.php", $mod))) || (isIncludeReadable(sprintf("%s/%s.php", $extension, $mod)))) { + if ((isIncludeReadable(sprintf("inc/modules/%s.php", $module))) || (isIncludeReadable(sprintf("%s.php", $module))) || (isIncludeReadable(sprintf("%s/%s.php", $extension, $module)))) { // Data is missing so we add it if (isExtensionInstalledAndNewer('sql_patches', '0.3.6')) { // Since 0.3.6 we have a has_menu column, this took me a half hour // to find a loop here... *sigh* SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_mod_reg` (`module`, `locked`, `hidden`, `mem_only`, `admin_only`, `has_menu`) VALUES -('%s','Y','N','N','N','N')", array($mod_chk), __FUNCTION__, __LINE__); +('%s','Y','N','N','N','N')", array($module_chk), __FUNCTION__, __LINE__); } else { // Wrong/missing sql_patches! SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_mod_reg` (`module`, `locked`, `hidden`, `mem_only`, `admin_only`) VALUES -('%s','Y','N','N','N')", array($mod_chk), __FUNCTION__, __LINE__); +('%s','Y','N','N','N')", array($module_chk), __FUNCTION__, __LINE__); } // Everthing is fine? @@ -253,103 +262,90 @@ function checkModulePermissions ($mod = '') { // Destroy cache here // @TODO Rewrite this to a filter - if (getOutputMode() == '0') rebuildCacheFile('modules', 'modules'); + if ((getOutputMode() == '0') || (getOutputMode() == -1)) rebuildCache('modules', 'modules'); // And reload data - unset($GLOBALS['module_status'][$mod]); - $ret = checkModulePermissions($mod_chk); + unset($GLOBALS['module_status'][$module]); + $ret = checkModulePermissions($module_chk); } else { // Module not found we don't add it to the database $ret = '404'; } - } elseif (($ret == 'cache_miss') && (getOutputMode() == 0)) { + } elseif (($ret == 'cache_miss') && (getOutputMode() == '0')) { // Rebuild the cache files - rebuildCacheFile('modules', 'modules'); + rebuildCache('modules', 'modules'); } elseif ($found === false) { // Problem with module detected logDebugMessage(__FUNCTION__, __LINE__, sprintf("Problem in module %s detected. ret=%s, locked=%s, hidden=%s, mem=%s, admin=%s, output_mode=%s", - $mod, + $module, $ret, - $locked, - $hidden, - $mem, - $admin, + $data['locked'], + $data['hidden'], + $data['mem_only'], + $data['admin_only'], getOutputMode() )); } // Return the value //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'ret=' . $ret); - $GLOBALS['module_status'][$mod] = $ret; + $GLOBALS['module_status'][$module] = $ret; return $ret; } // Add menu description pending on given file name (without path!) -function addMenuDescription ($accessLevel, $FQFN, $return = false, $output = true) { +function addMenuDescription ($accessLevel, $FQFN, $return = false) { // Use only filename of the FQFN... $file = basename($FQFN); // Init variables $LINK_ADD = ''; $OUT = ''; - $AND = ''; + $ADD = ''; // First we have to do some analysis... if (substr($file, 0, 7) == 'action-') { // This is an action file! $type = 'action'; $search = substr($file, 7); - switch ($accessLevel) { - case 'admin': - $modCheck = 'admin'; - break; - - case 'sponsor': - case 'guest': - case 'member': - $modCheck = getModule(); - break; - } - $AND = " AND (`what`='' OR `what` IS NULL)"; + + // Get access level from it + $modCheck = getModuleFromFileName($file, $accessLevel); + + // Add what + $ADD = " AND (`what`='' OR `what` IS NULL)"; } elseif (substr($file, 0, 5) == 'what-') { - // This is an admin what file! + // This is a 'what file'! $type = 'what'; $search = substr($file, 5); - $AND = ''; - switch ($accessLevel) { - case 'admin': - $modCheck = 'admin'; - break; - - case 'guest': - case 'member': - $modCheck = getModule(); - if (!isAdmin()) { - $AND = " AND `visible`='Y' AND `locked`='N'"; - } - break; - } + $ADD = " AND `visible`='Y' AND `locked`='N'"; + + // Get access level from it + $modCheck = getModuleFromFileName($file, $accessLevel); + + // Do we have admin? Then display all + if (isAdmin()) $ADD = ''; $dummy = substr($search, 0, -4); - $AND .= " AND `action`='".getModeAction($accessLevel, $dummy)."'"; - } elseif (($accessLevel == 'sponsor') || ($accessLevel == "engine")) { + $ADD .= " AND `action`='".getActionFromModuleWhat($accessLevel, $dummy)."'"; + } elseif (($accessLevel == 'sponsor') || ($accessLevel == 'engine')) { // Sponsor / engine menu $type = 'what'; $search = $file; $modCheck = getModule(); - $AND = ''; + $ADD = ''; } else { // Other $type = 'menu'; $search = $file; $modCheck = getModule(); - $AND = ''; + $ADD = ''; } // Begin the navigation line if ((!isset($GLOBALS['nav_depth'])) && ($return === false)) { - $GLOBALS['nav_depth'] = 0; - $prefix = "
{--YOU_ARE_HERE--} Home"; + $GLOBALS['nav_depth'] = '0'; + $prefix = '
{--YOU_ARE_HERE--} Home'; } else { if ($return === false) $GLOBALS['nav_depth']++; $prefix = ''; @@ -363,56 +359,41 @@ function addMenuDescription ($accessLevel, $FQFN, $return = false, $output = tru $search = substr($search, 0, -4); } // END - i - // Get the title from menu - $result = SQL_QUERY_ESC("SELECT title FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE %s='%s' ".$AND." LIMIT 1", - array($accessLevel, $type, $search), __FUNCTION__, __LINE__); + if (((isExtensionInstalledAndNewer('sql_patches', '0.2.3')) && (getConfig('youre_here') == 'Y')) || ((isAdmin()) && ($modCheck == 'admin'))) { + // Output HTML code + $OUT = $prefix . '' . getTitleFromMenu($accessLevel, $search, $type, $ADD) . ''; - // Menu found? - if (SQL_NUMROWS($result) == 1) { - // Load title - list($ret) = SQL_FETCHROW($result); - - // Shall we return it? - if ($return === true) { - // Return title - return $ret; - } elseif (((isExtensionInstalledAndNewer('sql_patches', '0.2.3')) && (getConfig('youre_here') == 'Y')) || ((isAdmin()) && ($modCheck == 'admin'))) { - // Output HTML code - $OUT = $prefix . ""); - if (($type == 'what') || (($type == 'action') && ((!isWhatSet()) || (getWhat() == 'overview')))) { - //* DEBUG: */ outputHtml(__LINE__.'+'.$type."+
"); - // Add closing div and br-tag - $OUT .= "

\n"; - $GLOBALS['nav_depth'] = '0'; - - // Run the filter chain - $ret = runFilterChain('post_youhere_line', array('access_level' => $accessLevel, 'type' => $type, 'content' => "")); - $OUT .= $ret['content']; - } // END - if - } - } // END - if + // Can we close the you-are-here navigation? + //* DEBUG: */ print(__LINE__."*".$type.'/'.getWhat()."*
"); + if (($type == 'what') || (($type == 'action') && ((!isWhatSet()) || (getWhat() == 'overview')))) { + //* DEBUG: */ print(__LINE__.'+'.$type."+
"); + // Add closing div and br-tag + $OUT .= '

'; + $GLOBALS['nav_depth'] = '0'; - // Free result - SQL_FREERESULT($result); + // Run the filter chain + $ret = runFilterChain('post_youhere_line', array('access_level' => $accessLevel, 'type' => $type, 'content' => '')); + + // Add additional content + $OUT .= $ret['content']; + } // END - if + } // Return or output HTML code? - if ($output) { - // Output HTML code here - outputHtml($OUT); - } else { + if ($return === true) { // Return HTML code return $OUT; + } else { + // Output HTML code here + outputHtml($OUT); } } // Adds a menu (mode = guest/member/admin/sponsor) to output function addMenu ($mode, $action, $what) { // Init some variables - $main_cnt = 0; - $AND = ''; + $main_cnt = '0'; + $ADD = ''; // is the menu action valid? if (!isMenuActionValid($mode, $action, $what, true)) { @@ -421,19 +402,19 @@ function addMenu ($mode, $action, $what) { // Non-admin shall not see all menus if (!isAdmin()) { - $AND = " AND `visible`='Y' AND `locked`='N'"; + $ADD = " AND `visible`='Y' AND `locked`='N'"; } // END - if // Load SQL data and add the menu to the output stream... - $result_main = SQL_QUERY_ESC("SELECT `title`, `action` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE (`what`='' OR `what` IS NULL)".$AND." ORDER BY `sort` ASC", + $result_main = SQL_QUERY_ESC("SELECT `title`, `action` FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE (`what`='' OR `what` IS NULL)".$ADD." ORDER BY `sort` ASC", array($mode), __FUNCTION__, __LINE__); - //* DEBUG: */ outputHtml(__LINE__.'/'.$main_cnt.':'.getWhat()."*
"); + //* DEBUG: */ print(__LINE__.'/'.$main_cnt.':'.getWhat()."*
"); if (SQL_NUMROWS($result_main) > 0) { // There are menus available, so we simply display them... :) $GLOBALS['rows'] = ''; while ($content = SQL_FETCHARRAY($result_main)) { - //* DEBUG: */ outputHtml(__LINE__.'/'.$main_cnt.'/'.$content['action'].':'.getWhat()."*
"); + //* DEBUG: */ print(__LINE__.'/'.$main_cnt.'/'.$content['action'].':'.getWhat()."*
"); // Init variables enableBlockMode(false); $action = $content['action']; @@ -442,7 +423,7 @@ function addMenu ($mode, $action, $what) { $GLOBALS['rows'] .= loadTemplate($mode . '_menu_title', true, $content); // Sub menu - $result_sub = SQL_QUERY_ESC("SELECT `title` AS sub_title, `what` AS sub_what FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ".$AND." ORDER BY `sort`", + $result_sub = SQL_QUERY_ESC("SELECT `title` AS sub_title, `what` AS sub_what FROM `{?_MYSQL_PREFIX?}_%s_menu` WHERE `action`='%s' AND `what` != '' AND `what` IS NOT NULL ".$ADD." ORDER BY `sort`", array($mode, $content['action']), __FUNCTION__, __LINE__); // Get number of rows @@ -451,7 +432,7 @@ function addMenu ($mode, $action, $what) { // Do we have some entries? if ($totalWhats > 0) { // Init counter - $cnt = 0; + $cnt = '0'; // Load all sub menus while ($content2 = SQL_FETCHARRAY($result_sub)) { @@ -462,34 +443,34 @@ function addMenu ($mode, $action, $what) { $OUT = ''; // Full file name for checking menu - //* DEBUG: */ outputHtml(__LINE__.":!!!!".$content['sub_what']."!!!
"); + //* DEBUG: */ print(__LINE__.":!!!!".$content['sub_what']."!!!
"); $inc = sprintf("inc/modules/%s/what-%s.php", $mode, $content['sub_what']); if (isIncludeReadable($inc)) { // Mark currently selected menu - open if ((!empty($what)) && (($what == $content['sub_what']))) { - $OUT = ""; + $OUT = ''; } // END - if // Navigation link - $OUT .= ""; + $OUT .= ''; } else { // Not found! - open - $OUT .= ""; + $OUT .= ''; } // Menu title $OUT .= getConfig('menu_blur_spacer') . $content['sub_title']; if (isIncludeReadable($inc)) { - $OUT .= ""; + $OUT .= ''; // Mark currently selected menu - close if ((!empty($what)) && (($what == $content['sub_what']))) { - $OUT .= ""; + $OUT .= ''; } // END - if } else { // Not found! - close - $OUT .= ""; + $OUT .= ''; } // Cunt it up @@ -517,17 +498,17 @@ function addMenu ($mode, $action, $what) { if (isFileReadable($INC)) { // Load include file if ((!isExtensionActive($content['action'])) || ($content['action'] == 'online')) $GLOBALS['rows'] .= loadTemplate('menu_what_begin', true, $mode); - //* DEBUG: */ outputHtml(__LINE__.'/'.$main_cnt.'/'.$content['action'].'/'.getWhat()."*
"); + //* DEBUG: */ print(__LINE__.'/'.$main_cnt.'/'.$content['action'].'/'.getWhat()."*
"); loadInclude($INC); - //* DEBUG: */ outputHtml(__LINE__.'/'.$main_cnt.'/'.$content['action'].'/'.getWhat()."*
"); + //* DEBUG: */ print(__LINE__.'/'.$main_cnt.'/'.$content['action'].'/'.getWhat()."*
"); if ((!isExtensionActive($content['action'])) || ($content['action'] == 'online')) $GLOBALS['rows'] .= loadTemplate('menu_what_end', true, $mode); } - //* DEBUG: */ outputHtml(__LINE__.'/'.$main_cnt.'/'.$content['action'].'/'.$content['sub_what'].':'.getWhat()."*
"); + //* DEBUG: */ print(__LINE__.'/'.$main_cnt.'/'.$content['action'].'/'.$content['sub_what'].':'.getWhat()."*
"); } $main_cnt++; - //* DEBUG: */ outputHtml(__LINE__.'/'.$main_cnt.':'.getWhat()."*
"); + //* DEBUG: */ print(__LINE__.'/'.$main_cnt.':'.getWhat()."*
"); if (SQL_NUMROWS($result_main) > $main_cnt) { // Add seperator $GLOBALS['rows'] .= loadTemplate('menu_seperator', true, $mode); @@ -562,7 +543,7 @@ function addMenu ($mode, $action, $what) { ); // Load main template - //* DEBUG: */ outputHtml(__LINE__.'/'.$main_cnt.'/'.$content['action'].'/'.$content['sub_what'].':'.getWhat()."*
"); + //* DEBUG: */ print(__LINE__.'/'.$main_cnt.'/'.$content['action'].'/'.$content['sub_what'].':'.getWhat()."*
"); loadTemplate('menu_table', false, $content); } // END - if } @@ -579,121 +560,197 @@ function isMember () { // is the cache entry there? if (isset($GLOBALS['is_member'])) { // Then return it + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'CACHED! (' . intval($GLOBALS['is_member']) . ')'); return $GLOBALS['is_member']; - } // END - if + } elseif ((!isSessionVariableSet('userid')) || (!isSessionVariableSet('u_hash'))) { + // No member + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'No member set in cookie/session.'); + return false; + } else { + // Get it secured from session + setMemberId(getSession('userid')); + setCurrentUserId(getMemberId()); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . getSession('userid') . ' used from cookie/session.'); + } - // Init global 'status' - $GLOBALS['status'] = false; + // Init user data array + initUserData(); // Fix "deleted" cookies first fixDeletedCookies(array('userid', 'u_hash')); // Are cookies set? - if ((isUserIdSet()) && (isSessionVariableSet('u_hash'))) { + if ((isMemberIdSet()) && (isSessionVariableSet('u_hash'))) { // Cookies are set with values, but are they valid? - $result = SQL_QUERY_ESC("SELECT `password`, `status`, `last_module`, `last_online` FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", - array(getUserId()), __FUNCTION__, __LINE__); - if (SQL_NUMROWS($result) == 1) { - // Load data from cookies - list($password, $GLOBALS['status'], $mod, $onl) = SQL_FETCHROW($result); - + if (fetchUserData(getMemberId()) === true) { // Validate password by created the difference of it and the secret key - $valPass = generatePassString($password); + $valPass = encodeHashForCookie(getUserData('password')); // Transfer last module and online time - if ((!empty($mod)) && (empty($GLOBALS['last_online']['module']))) { - // @TODO Try to rewrite this to one or more functions - $GLOBALS['last_online']['module'] = $mod; - $GLOBALS['last_online']['online'] = $onl; - } // END - if + $GLOBALS['last_online']['module'] = getUserData('last_module'); + $GLOBALS['last_online']['online'] = getUserData('last_online'); // So did we now have valid data and an unlocked user? - if (($GLOBALS['status'] == 'CONFIRMED') && ($valPass == getSession('u_hash'))) { + if ((getUserData('status') == 'CONFIRMED') && ($valPass == getSession('u_hash'))) { // Account is confirmed and all cookie data is valid so he is definely logged in! :-) $ret = true; } else { // Maybe got locked etc. - //* DEBUG: */ outputHtml(__LINE__."!!!
"); - destroyUserSession(); + //* DEBUG */ logDebugMessage(__FUNCTION__, __LINE__, 'status=' . getUserData('status') . ',' . $valPass . '(' . strlen($valPass) . ')/' . getSession('u_hash') . '(' . strlen(getSession('u_hash')) . ')/' . getUserData('password') . '(' . strlen(getUserData('password')) . ')'); + destroyMemberSession(); } } else { // Cookie data is invalid! - //* DEBUG: */ outputHtml(__LINE__."***
"); - destroyUserSession(); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Cookie data invalid or user not found.'); + destroyMemberSession(); } - - // Free memory - SQL_FREERESULT($result); } else { // Cookie data is invalid! - //* DEBUG: */ outputHtml(__LINE__."///
"); - destroyUserSession(); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'Cookie data not complete.'); + destroyMemberSession(); } // Cache status $GLOBALS['is_member'] = $ret; // Return status + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'ret=' . intval($ret)); return $ret; } +// Fetch user data for given user id +function fetchUserData ($userid, $column = 'userid') { + // If we should look for userid secure&set it here + if (substr($column, -2, 2) == 'id') { + // Secure userid + $userid = bigintval($userid); + + // Set it here + setCurrentUserId($userid); + + // Don't look for invalid userids... + if ($userid < 1) { + // Invalid, so abort here + debug_report_bug('User id ' . $userid . ' is invalid.'); + } elseif (isUserDataValid()) { + // Use cache, so it is fine + return true; + } + } elseif (isUserDataValid()) { + // Use cache, so it is fine + return true; + } + + + // By default none was found + $found = false; + + // Extra statements + $ADD = ''; + if (isExtensionInstalledAndNewer('user', '0.3.5')) $ADD = ', UNIX_TIMESTAMP(`lock_timestamp`) AS `lock_timestamp`'; + + // Query for the user + $result = SQL_QUERY_ESC("SELECT *".$ADD." FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `%s`='%s' LIMIT 1", + array($column, $userid), __FUNCTION__, __LINE__); + + // Do we have a record? + if (SQL_NUMROWS($result) == 1) { + // Load data from cookies + $data = SQL_FETCHARRAY($result); + + // Set the userid for later use + setCurrentUserId($data['userid']); + $GLOBALS['user_data'][getCurrentUserId()] = $data; + + // Rewrite 'last_failure' if found + if (isset($GLOBALS['user_data'][getCurrentUserId()]['last_failure'])) { + // Backup the raw one and zero it + $GLOBALS['user_data'][getCurrentUserId()]['last_failure_raw'] = $GLOBALS['user_data'][getCurrentUserId()]['last_failure']; + $GLOBALS['user_data'][getCurrentUserId()]['last_failure'] = '0'; + + // Is it not zero? + if ($GLOBALS['user_data'][getCurrentUserId()]['last_failure_raw'] != '0000-00-00 00:00:00') { + // Seperate data/time + $array = explode(' ', $GLOBALS['user_data'][getCurrentUserId()]['last_failure_raw']); + + // Seperate data and time again + $array['date'] = explode('-', $array[0]); + $array['time'] = explode(':', $array[1]); + + // Now pass it to mktime() + $GLOBALS['user_data'][getCurrentUserId()]['last_failure'] = mktime( + $array['time'][0], + $array['time'][1], + $array['time'][2], + $array['date'][1], + $array['date'][2], + $array['date'][0] + ); + } // END - if + } // END - if + + // Found, but valid? + $found = isUserDataValid(); + } // END - if + + // Free memory + SQL_FREERESULT($result); + + // Return result + return $found; +} + // This patched function will reduce many SELECT queries for the specified or current admin login -function isAdmin ($admin = '') { +function isAdmin ($adminLogin = '') { // Init variables - $ret = false; $passCookie = ''; $valPass = ''; - //* DEBUG: */ outputHtml(__LINE__."ADMIN:".$admin."
"); + $ret = false; + $passCookie = ''; + $valPass = ''; + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $adminLogin.'
'); // If admin login is not given take current from cookies... - if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) { + if ((empty($adminLogin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) { // Get admin login and password from session/cookies - $admin = getSession('admin_login'); + $adminLogin = getSession('admin_login'); $passCookie = getSession('admin_md5'); } // END - if - //* DEBUG: */ outputHtml(__LINE__."ADMIN:".$admin.'/'.$passCookie."
"); - - // Search in array for entry - if (isset($GLOBALS['admin_hash'])) { - // Use cached string - $valPass = $GLOBALS['admin_hash']; - } elseif ((!empty($passCookie)) && (isAdminHashSet($admin) === true) && (!empty($admin))) { - // Login data is valid or not? - $valPass = generatePassString(getAdminHash($admin)); - - // Cache it away - $GLOBALS['admin_hash'] = $valPass; + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, $adminLogin.'/'.$passCookie.'
'); - // Count cache hits - incrementStatsEntry('cache_hits'); - } elseif ((!empty($admin)) && ((!isExtensionActive('cache'))) || (isAdminHashSet($admin) === false)) { - // Search for admin - $result = SQL_QUERY_ESC("SELECT HIGH_PRIORITY `password` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1", - array($admin), __FUNCTION__, __LINE__); - - // Is he admin? - $passDB = ''; - if (SQL_NUMROWS($result) == 1) { - // Admin login was found so let's load password from DB - list($passDB) = SQL_FETCHROW($result); + // Do we have cache? + if (!isset($GLOBALS['is_admin'][$adminLogin])) { + // Init it with failed + $GLOBALS['is_admin'][$adminLogin] = false; + + // Search in array for entry + if (isset($GLOBALS['admin_hash'])) { + // Use cached string + $valPass = $GLOBALS['admin_hash']; + } elseif ((!empty($passCookie)) && (isAdminHashSet($adminLogin) === true) && (!empty($adminLogin))) { + // Login data is valid or not? + $valPass = encodeHashForCookie(getAdminHash($adminLogin)); + + // Cache it away + $GLOBALS['admin_hash'] = $valPass; + + // Count cache hits + incrementStatsEntry('cache_hits'); + } elseif ((!empty($adminLogin)) && ((!isExtensionActive('cache')) || (isAdminHashSet($adminLogin) === false))) { + // Get admin hash and hash it + $valPass = encodeHashForCookie(getAdminHash($adminLogin)); - // Temporary cache it - setAdminHash($admin, $passDB); + // Cache it away + $GLOBALS['admin_hash'] = $valPass; + } - // Generate password hash - $valPass = generatePassString($passDB); + if (!empty($valPass)) { + // Check if password is valid + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, '(' . $valPass . '==' . $passCookie . ')='.intval($valPass == $passCookie)); + $GLOBALS['is_admin'][$adminLogin] = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == '*FAILED*') && (!isExtensionActive('cache')))); } // END - if - - // Free memory - SQL_FREERESULT($result); - } - - if (!empty($valPass)) { - // Check if password is valid - //* DEBUG: */ print(__FUNCTION__ . ':' . $valPass . '/' . $passCookie . '
'); - $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == '*FAILED*') && (!isExtensionActive('cache')))); } // END - if // Return result of comparision - return $ret; + return $GLOBALS['is_admin'][$adminLogin]; } // Generates a list of "max receiveable emails per day" @@ -704,13 +761,13 @@ function addMaxReceiveList ($mode, $default = '', $return = false) { switch ($mode) { case 'guest': // Guests (in the registration form) are not allowed to select 0 mails per day. - $result = SQL_QUERY("SELECT value, comment FROM `{?_MYSQL_PREFIX?}_max_receive` WHERE value > 0 ORDER BY value", + $result = SQL_QUERY("SELECT `value`, `comment` FROM `{?_MYSQL_PREFIX?}_max_receive` WHERE `value` > 0 ORDER BY `value` ASC", __FUNCTION__, __LINE__); break; case 'member': // Members are allowed to set to zero mails per day (we will change this soon!) - $result = SQL_QUERY("SELECT value, comment FROM `{?_MYSQL_PREFIX?}_max_receive` ORDER BY value", + $result = SQL_QUERY("SELECT `value`, `comment` FROM `{?_MYSQL_PREFIX?}_max_receive` ORDER BY `value` ASC", __FUNCTION__, __LINE__); break; @@ -723,11 +780,11 @@ function addMaxReceiveList ($mode, $default = '', $return = false) { if (SQL_NUMROWS($result) > 0) { $OUT = ''; while ($content = SQL_FETCHARRAY($result)) { - $OUT .= " '; } + + // Free memory + SQL_FREERESULT($result); } // Return - hopefully - the requested data @@ -1619,7 +1605,7 @@ function generateOptionList ($table, $id, $name, $default='', $special='', $wher // Activate exchange function FILTER_ACTIVATE_EXCHANGE () { // Is the extension 'user' there? - if ((!isExtensionActive('user')) || (getConfig('activate_xchange') == 0)) { + if ((!isExtensionActive('user')) || (getConfig('activate_xchange') == '0')) { // Silently abort here return false; } // END - if @@ -1641,33 +1627,43 @@ function FILTER_ACTIVATE_EXCHANGE () { updateConfiguration('activate_xchange' ,0); // Rebuild cache - rebuildCacheFile('modules', 'modules'); + rebuildCache('modules', 'modules'); } // END - if } // Deletes a user account with given reason function deleteUserAccount ($userid, $reason) { - $points = 0; - $result = SQL_QUERY_ESC("SELECT (SUM(p.points) - d.used_points) AS points -FROM `{?_MYSQL_PREFIX?}_user_points` AS p -LEFT JOIN `{?_MYSQL_PREFIX?}_user_data` AS d -ON p.userid=d.userid -WHERE p.userid=%s", array(bigintval($userid)), __FUNCTION__, __LINE__); + // Init points + $data['points'] = '0'; + + $result = SQL_QUERY_ESC("SELECT + (SUM(p.points) - d.used_points) AS points +FROM + `{?_MYSQL_PREFIX?}_user_points` AS p +LEFT JOIN + `{?_MYSQL_PREFIX?}_user_data` AS d +ON + p.userid=d.userid +WHERE + p.userid=%s", + array(bigintval($userid)), __FUNCTION__, __LINE__); + + // Do we have an entry? if (SQL_NUMROWS($result) == 1) { // Save his points to add them to the jackpot - list($points) = SQL_FETCHROW($result); + $data = SQL_FETCHARRAY($result); // Delete points entries as well SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_user_points` WHERE `userid`=%s", array(bigintval($userid)), __FUNCTION__, __LINE__); // Update mediadata as well - if (getExtensionVersion('mediadata') >= '0.0.4') { + if (isExtensionInstalledAndNewer('mediadata', '0.0.4')) { // Update database - updateMediadataEntry(array('total_points'), 'sub', $points); + updateMediadataEntry(array('total_points'), 'sub', $data['points']); } // END - if // Now, when we have all his points adds them do the jackpot! - if (isExtensionActive('jackpot')) addPointsToJackpot($points); + if (isExtensionActive('jackpot')) addPointsToJackpot($data['points']); } // END - if // Free the result @@ -1678,46 +1674,36 @@ WHERE p.userid=%s", array(bigintval($userid)), __FUNCTION__, __LINE__); array(bigintval($userid)), __FUNCTION__, __LINE__); // Remove from rallye if found + // @TODO Rewrite this to a filter if (isExtensionActive('rallye')) { SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_rallye_users` WHERE `userid`=%s", array(bigintval($userid)), __FUNCTION__, __LINE__); } // END - if + // Add reason and translate points + $data['text'] = $reason; + $data['points'] = translateComma($data['points']); + // Now a mail to the user and that's all... - $message = loadEmailTemplate('del-user', array('text' => $reason), $userid); + $message = loadEmailTemplate('del-user', $data, $userid); sendEmail($userid, getMessage('ADMIN_DEL_ACCOUNT'), $message); // Ok, delete the account! SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `userid`=%s LIMIT 1", array(bigintval($userid)), __FUNCTION__, __LINE__); } -// Generates meta description for given module and 'what' value -function generateMetaDescriptionCode ($mod, $what) { - // Exclude admin and member's area - if (($mod != 'admin') && ($mod != 'login')) { - // Construct dynamic description - $DESCR = '{?MAIN_TITLE?} '.trim(getConfig('title_middle')) . ' ' . addMenuDescription('guest', 'what-'.$what, true); - - // Output it directly - outputHtml(''); - } // END - if - - // Remove depth - unset($GLOBALS['ref_level']); -} - // Gets the matching what name from module function getWhatFromModule ($modCheck) { // Is the request element set? - if (isGetRequestElementSet('what')) { + if (isGetRequestParameterSet('what')) { // Then return this! - return getRequestElement('what'); + return getRequestParameter('what'); } // END - if // Default is empty $what = ''; - //* DEBUG: */ outputHtml(__LINE__.'!'.$modCheck."!
"); + //* DEBUG: */ print(__LINE__.'!'.$modCheck."!
"); switch ($modCheck) { case 'admin': $what = 'overview'; @@ -1725,7 +1711,14 @@ function getWhatFromModule ($modCheck) { case 'login': case 'index': - $what = getConfig('index_home'); + // Is ext-sql_patches installed and newer than 0.0.5? + if (isExtensionInstalledAndNewer('sql_patches', '0.0.5')) { + // Use it from config + $what = getConfig('index_home'); + } else { + // Use default 'welcome' + $what = 'welcome'; + } break; default: @@ -1776,7 +1769,7 @@ WHERE return $numRows; } -// Returns HTML code with an "