/**
* Execute SQL UPDATE or INSERT query for one record
*
* If ID field is defined record will be updated else it will be inserted
*
* @param string $table table to update
* @param string $record record to update
* @global object mysql database object
*/
function SQLInsertUpdate($table, &$record, $ndx = 'ID')
{
return SQLUpdateInsert($table, $record, $ndx);
}
function run()
{
// running current module
global $session;
if ($this->owner->name != 'panel' && $this->owner->name != 'master') {
echo "Unauthorized Access";
exit;
}
if ($this->id == '1') {
$this->mode = 'edit';
global $id;
global $mode;
$id = $this->id;
$mode = 'edit';
$out['MASTER'] = 1;
}
// LDAP inicial
if (function_exists('ldap_connect') && is_file(ROOT . 'modules/ldap_users/installed')) {
$out['LDAP_ON'] = 1;
}
if ($this->mode == 'logoff') {
unset($session->data['AUTHORIZED']);
unset($session->data['USER_NAME']);
unset($session->data['USERNAME']);
unset($session->data['SITE_USERNAME']);
unset($session->data['SITE_USER_ID']);
unset($session->data["cp_requested_url"]);
$this->owner->redirect("/");
}
if ($this->action == "enter") {
global $md;
global $login;
if (!$session->data["cp_requested_url"] && ($md != 'panel' || $action != '') && !$login) {
$session->data["cp_requested_url"] = $_SERVER['REQUEST_URI'];
}
if ($this->mode == "check") {
global $login;
global $psw;
// $user=SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******' AND PASSWORD='******'");
$user = SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******' AND PASSWORD='******'");
// $user=SQLSelectOne("SELECT * FROM admin_users WHERE 1");
// LDAP logining
if ($out['LDAP_ON'] != false && ($user == false || $psw == 'this_ldap_admin')) {
include_once ROOT . 'modules/ldap_users/ldap_users.class.php';
$ldap = new ldap_users();
$user = $ldap->ctrl_access();
}
// LDAP loginig
if (!isset($user['ID'])) {
$out["ERRMESS"] = "Wrong username and/or password";
} else {
$session->data['AUTHORIZED'] = 1;
$session->data['USER_NAME'] = $user['LOGIN'];
$session->data['USER_LEVEL'] = $user['PRIVATE'];
$session->data['USER_ID'] = $user['ID'];
if (!$session->data["cp_requested_url"]) {
if (file_exists(DIR_MODULES . 'dashboard/dashboard.class.php')) {
$this->owner->redirect("?action=dashboard");
}
$this->owner->redirect("?");
} else {
$this->owner->redirect($session->data["cp_requested_url"]);
}
}
}
} elseif ($this->action == "logged") {
$out["USER_NAME"] = $session->data["USER_NAME"];
$tmp = SQLSelectOne("SELECT ID FROM admin_users WHERE LOGIN='******' AND PASSWORD='******'admin') . "'");
if ($tmp['ID']) {
$out['WARNING'] = 1;
}
$user = SQLSelectOne("SELECT * FROM admin_users WHERE LOGIN='******'");
if (!$user['ID']) {
unset($session->data['AUTHORIZED']);
unset($session->data['USER_NAME']);
$session->save();
$this->owner->redirect("?");
}
$modules = SQLSelect("SELECT * FROM project_modules WHERE HIDDEN='0' ORDER BY CATEGORY, NAME");
$modulesCnt = count($modules);
for ($i = 0; $i < $modulesCnt; $i++) {
if (preg_match("/," . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/," . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || 0) {
$new[] = $modules[$i];
}
}
$on_row = 0;
$newCnt = count($new);
for ($i = 0; $i < $newCnt; $i++) {
if ($new[$i]['CATEGORY'] != $new_category) {
$new[$i]['NEWCATEGORY'] = 1;
$new_category = $new[$i]['CATEGORY'];
$on_row = 0;
}
$on_row++;
if ($on_row % 6 == 0 && $on_row >= 6) {
$new[$i]['NEWROW'] = 1;
}
if (file_exists(ROOT . 'img/admin/icons/ico_' . $new[$i]['NAME'] . '.gif')) {
$new[$i]['ICON'] = ROOTHTML . 'img/admin/icons/ico_' . $new[$i]['NAME'] . '.gif';
} else {
$new[$i]['ICON'] = ROOTHTML . 'img/admin/icons/ico_default.gif';
}
}
$out["MODULES"] = $new;
if (file_exists(DIR_MODULES . 'saverestore/saverestore.class.php')) {
$out['CHECK_UPDATES'] = 1;
global $check;
if ($check) {
include_once DIR_MODULES . 'saverestore/saverestore.class.php';
$sv = new saverestore();
$sv->checkUpdates($o);
if ($o['NO_UPDATES'] || $o['ERROR_CHECK']) {
echo "no";
} else {
echo "yes";
}
exit;
}
}
} elseif ($this->action == "logoff") {
unset($session->data['AUTHORIZED']);
unset($session->data['USER_NAME']);
unset($session->data['USERNAME']);
$this->owner->redirect("?");
} elseif ($this->action == "admin") {
global $mode;
global $mode2;
global $id;
if (!$session->data['AUTHORIZED']) {
exit;
}
if ($mode == "delete") {
SQLExec("DELETE FROM admin_users WHERE ID='" . $id . "'");
$this->redirect("?");
}
if ($mode == "edit") {
$user = SQLSelectOne("SELECT * FROM admin_users WHERE ID='" . $id . "'");
if ($mode2 == "update") {
$ok = 1;
global $name;
global $login;
global $password;
global $email;
global $comments;
global $sel;
global $private;
global $EMAIL_ORDERS;
global $EMAIL_INVENTORY;
$user['NAME'] = $name;
if (!checkGeneral($user['NAME'])) {
$out["ERR_NAME"] = 1;
$ok = 0;
}
$user['LOGIN'] = $login;
if (!checkGeneral($user['LOGIN'])) {
$out["ERR_LOGIN"] = 1;
$ok = 0;
}
if ($password != '' || !$user['ID']) {
$user['PASSWORD'] = $password;
if (!checkGeneral($user['PASSWORD'])) {
$out["ERR_PASSWORD"] = 1;
$ok = 0;
} else {
$user['PASSWORD'] = md5($user['PASSWORD']);
}
}
$user['EMAIL'] = $email;
$user['COMMENTS'] = $comments;
$user['PRIVATE'] = (int) $private;
$user['EMAIL_ORDERS'] = $EMAIL_ORDERS;
$user['EMAIL_INVENTORY'] = $EMAIL_INVENTORY;
if (count($sel) > 0) {
$user['ACCESS'] = join(",", $sel);
} else {
$user['ACCESS'] = "";
}
if ($ok) {
SQLUpdateInsert("admin_users", $user);
$out["OK"] = 1;
}
}
$modules = SQLSelect("SELECT * FROM project_modules");
$modulesCnt = count($modules);
for ($i = 0; $i < $modulesCnt; $i++) {
if (preg_match("/," . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/," . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . ",/i", @$user["ACCESS"]) || preg_match("/^" . $modules[$i]['NAME'] . "\$/i", @$user["ACCESS"]) || 0) {
$modules[$i]["SELECTED"] = 1;
}
if (($i + 1) % 3 == 0) {
$modules[$i]['NEWR'] = 1;
}
}
$user["MODULES"] = $modules;
outHash($user, $out);
}
$users = SQlSelect("SELECT * FROM admin_users ORDER BY ID DESC");
$out["USERS"] = $users;
}
$out["MODE"] = $mode;
$out["ACTION"] = $this->action;
$this->data = $out;
$p = new parser(DIR_TEMPLATES . $this->name . "/" . $this->name . ".html", $this->data, $this);
$this->result = $p->result;
}
/**
* Execute SQL UPDATE or INSERT query for one record
*
* If ID field is defined record will be updated else it will be inserted
*
* @param string $table table to update
* @param string $record record to update
* @global object mysql database object
*/
function SQLInsertUpdate($table, &$record) {
return SQLUpdateInsert($table, $record);
}