X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmysql-manager.php;h=723f61ecb63bea6f39d14401b5d8d9645e7ab716;hp=e4bcad187cb98d9505a358ec57139a435f9ef9a2;hb=dbef43c3a859518367f9ee0dde8e895ec677af23;hpb=3aeddfb08e3fa6c1bfbd54084523eaa3e06175ba diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index e4bcad187c..723f61ecb6 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -32,8 +32,7 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -73,6 +72,7 @@ function ADD_MODULE_TITLE($mod) { } return $name; } + // Check validity of a given module name (no file extension) function CHECK_MODULE($mod) { // We need them now here... @@ -187,9 +187,9 @@ function CHECK_MODULE($mod) { // Return the value return $ret; } + // Add menu description pending on given file name (without path!) -function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) -{ +function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) { global $DEPTH, $_CONFIG; $LINK_ADD = ""; $OUT = ""; $AND = ""; // First we have to do some analysis... @@ -251,12 +251,16 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) if (!$return) $DEPTH++; $prefix = ""; } + $prefix .= " -> "; + if (ereg(".php", $search)) { $search = substr($search, 0, strpos($search, ".php")); } + $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1", array($ACC_LVL, $type, $search), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { list($ret) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -287,22 +291,28 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) // function ADD_MENU($MODE, $act, $wht) { global $_CONFIG; + + // Init some variables + $main_cnt = 0; + $AND = ""; + $main_action = ""; + $sub_what = ""; + if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID; - $main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = ""; - if (!IS_ADMIN()) - { + + // Non-admin shall not see all menus + if (!IS_ADMIN()) { $AND = "AND visible='Y' AND locked='N'"; } + // Load SQL data and add the menu to the output stream... $result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort", array($MODE), __FILE__, __LINE__); //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; - if (SQL_NUMROWS($result_main) > 0) - { + if (SQL_NUMROWS($result_main) > 0) { OUTPUT_HTML(""); // There are menus available, so we simply display them... :) - while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) - { + while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) { //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; // Load menu header template $BLOCK_MODE = false; $act = $main_action; @@ -311,11 +321,10 @@ function ADD_MENU($MODE, $act, $wht) { $result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort", array($MODE, $main_action), __FILE__, __LINE__); $ctl = SQL_NUMROWS($result_sub); - if ($ctl > 0) - { + if ($ctl > 0) { $cnt=0; - while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) - { + while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) { + // Init content $content = ""; // Full file name for checking menu @@ -390,7 +399,9 @@ function IS_ADMIN($admin="") // If admin login is not given take current from cookies... if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) { - $admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5'); + // Get admin login and password from session/cookies + $admin = SQL_ESCAPE(get_session('admin_login')); + $passCookie = SQL_ESCAPE(get_session('admin_md5')); } //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."
"; @@ -411,6 +422,8 @@ function IS_ADMIN($admin="") if (SQL_NUMROWS($result) == 1) { // Admin login was found so let's load password from DB list($passDB) = SQL_FETCHROW($result); + + // Generate password hash $valPass = generatePassString($passDB); } @@ -420,8 +433,8 @@ function IS_ADMIN($admin="") if (!empty($valPass)) { // Check if password is valid - //* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*
"; - $ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); + //* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*
\n"; + $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); } // Return result of comparision