Updated fixes for checking for admin in get_access_sql_prefix()

git-svn-id: https://code.elgg.org/elgg/trunk@3485 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 35 insertions, 0 deletions

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 18fb9e73c..b34f07725 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -156,6 +156,41 @@
 			return false;
 		}
 		
+		/**
+		 * Check if the given user is an admin.
+		 * 
+		 * @param $user_guid
+		 * @return bool
+		 */
+		function is_admin_user($user_guid) {
+			global $CONFIG;
+			
+			// caching is done at the db level so no need to here.
+			$query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e, {$CONFIG->dbprefix}metastrings as ms1, {$CONFIG->dbprefix}metastrings as ms2, {$CONFIG->dbprefix}metadata as md
+				WHERE (
+					ms1.string = 'admin' AND ms2.string = 'yes'
+					AND md.name_id = ms1.id	AND md.value_id = ms2.id
+					AND e.guid = md.entity_guid
+					AND e.guid = {$user_guid}
+					AND e.banned = 'no'
+					)
+				OR (
+					ms1.string = 'admin' AND ms2.string = '1'
+					AND md.name_id = ms1.id	AND md.value_id = ms2.id
+					AND e.guid = md.entity_guid
+					AND e.guid = {$user_guid}
+					AND e.banned = 'no'
+					)";
+
+			// normalizing the results from get_data()
+			// See #1242
+			$info = get_data($query);
+			if (!((is_array($info) && count($info) < 1) || $info === false)) {
+				return true;
+			}
+			return false;
+		}
+		
 	/**
 	 * Perform standard authentication with a given username and password.
 	 * Returns an ElggUser object for use with login.