2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 08/31/2003 *
4 * =================== Last change: 07/02/2004 *
6 * -------------------------------------------------------------------- *
8 * -------------------------------------------------------------------- *
9 * Short description : Administration module *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Administrationsmodul *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * Copyright (c) 2009, 2010 by Mailer Developer Team *
22 * For more information visit: http://www.mxchange.org *
24 * This program is free software; you can redistribute it and/or modify *
25 * it under the terms of the GNU General Public License as published by *
26 * the Free Software Foundation; either version 2 of the License, or *
27 * (at your option) any later version. *
29 * This program is distributed in the hope that it will be useful, *
30 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
31 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
32 * GNU General Public License for more details. *
34 * You should have received a copy of the GNU General Public License *
35 * along with this program; if not, write to the Free Software *
36 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
38 ************************************************************************/
40 // Some security stuff...
41 if (!defined('__SECURITY')) {
46 loadIncludeOnce('inc/modules/admin/admin-inc.php');
48 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
49 fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last'));
54 // Is no admin registered?
55 if (!isAdminRegistered()) {
56 // Admin is not registered so we have to inform the user
57 if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass1')) || (strlen(postRequestParameter('pass1')) < 4) || (!isPostRequestParameterSet('pass2')) || (strlen(postRequestParameter('pass2')) < 4) || (postRequestParameter('pass1') != postRequestParameter('pass2')))) {
58 setPostRequestParameter('ok', '***');
61 // Clear error message
64 if ((isFormSent()) && (postRequestParameter('ok') != '***')) {
65 // Hash the password with the old function because we are here in install mode
66 $hashedPass = md5(postRequestParameter('pass1'));
68 // Kill maybe existing session variables
69 destroyAdminSession(false);
72 $ret = addAdminAccount(postRequestParameter('login'), $hashedPass, getConfig('WEBMASTER'));
74 // Check if registration wents fine
77 $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0);
79 // Registering is done
80 redirectToUrl('modules.php?module=admin&register=done');
82 // Registration incomplete
83 $errorMessage = getMessage('ADMIN_CANNOT_COMPLETE');
85 // Set this to have our error message displayed
86 setPostRequestParameter('ok', '***');
90 case 'failed': // Registration has failed
91 $errorMessage = getMessage('ADMIN_REGISTER_FAILED');
93 // Set this to have our error message displayed
94 setPostRequestParameter('ok', '***');
97 case 'already': // Admin does already exists!
98 $errorMessage = getMessage('ADMIN_LOGIN_ALREADY_REG');
100 // Set this to have our error message displayed
101 setPostRequestParameter('ok', '***');
105 // Any other kind will be logged
106 $errorMessage = sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret);
107 logDebugMessage(__FILE__, __LINE__, $errorMessage);
109 // Set this to have our error message displayed
110 setPostRequestParameter('ok', '***');
115 // Whas that action okay?
116 if ($ret != 'done') {
118 $content['login'] = '';
119 if (isPostRequestParameterSet('login')) {
120 $content['login'] = postRequestParameter('login');
123 // Init array elements
124 $content['login_message'] = '';
125 $content['pass1_message'] = '';
126 $content['pass2_message'] = '';
128 // Yet-another notice-fix
129 if ((isFormSent()) && (postRequestParameter('ok') == '***')) {
136 if (empty($content['login'])) $loginMessage = getMessage('ADMIN_NO_LOGIN');
138 // An error comes back from registration?
139 if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $errorMessage;
141 // No password 1 entered or to short?
142 if (!isPostRequestParameterSet('pass1')) $pass1Message = getMessage('ADMIN_NO_PASS1');
143 elseif (strlen(postRequestParameter('pass1')) < 4) $pass1Message = getMessage('ADMIN_SHORT_PASS1');
145 // No password 2 entered or to short?
146 if (!isPostRequestParameterSet('pass2')) $pass2Message = getMessage('ADMIN_NO_PASS2');
147 elseif (strlen(postRequestParameter('pass2')) < 4) $pass2Message = getMessage('ADMIN_SHORT_PASS2');
149 // Both didn't match?
150 if (postRequestParameter('pass1') != postRequestParameter('pass2')) {
152 if (empty($pass1Message)) $pass1Message = getMessage('ADMIN_PASS1_MISMATCH');
153 if (empty($pass2Message)) $pass2Message = getMessage('ADMIN_PASS2_MISMATCH');
156 // Output error messages
157 $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
158 $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message);
159 $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message);
162 // Output message in seperate template
163 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_ACCOUNT_NOT_REGISTERED_YET'));
165 // Load register template
166 loadTemplate('admin_reg_form', false, $content);
168 } elseif (isGetRequestParameterSet('reset_pass')) {
169 // Is the form submitted?
170 if ((isPostRequestParameterSet('send_link')) && (isPostRequestParameterSet('email'))) {
172 loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestParameter('email')));
173 } elseif (isGetRequestParameterSet('hash')) {
174 // Output form for hash validation
175 loadTemplate('admin_validate_reset_hash_form', false, getRequestParameter('hash'));
176 } elseif ((isPostRequestParameterSet('validate_hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('hash'))) {
177 // Validate the login data and hash
178 $valid = adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'));
181 if ($valid === true) {
182 // Prepare content first
184 'hash' => secureString(postRequestParameter('hash')),
185 'login' => secureString(postRequestParameter('login'))
188 // Validation okay so display form for final password change
189 loadTemplate('admin_reset_password_form', false, $content);
191 // Cannot validate the login data and hash
192 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
194 } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) {
195 // Okay, we shall the admin password here. So first revalidate the hash
196 if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) {
198 loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1')));
201 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2'));
204 // Output reset password form
205 loadTemplate('admin_send_reset_link');
207 } elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
208 // At leat one administrator account was created
209 if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
210 // Timeout for last login, we have to logout first!
211 redirectToUrl('modules.php?module=admin&logout=1');
214 if (isGetRequestParameterSet('register')) {
215 // Registration of first admin is done
216 if (getRequestParameter('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE'));
219 // Check if the admin has submitted data or not
220 if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass')) || (strlen(postRequestParameter('pass')) < 4))) {
221 setPostRequestParameter('ok', '***');
224 if ((isFormSent()) && (postRequestParameter('ok') != '***')) {
225 // All required data was entered so we check his account
226 $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('pass'));
228 // Which status do we have?
230 case 'done': // Admin and password are okay, so we log in now
231 // Construct URL and redirect
232 $url = 'modules.php?module=admin&';
234 // Rewrite overview module
235 if (getWhat() == 'overview') {
236 setAction(getActionFromModuleWhat(getModule(), getWhat()));
240 if (isWhatSet()) $url .= 'what='.getWhat();
241 elseif (isActionSet()) $url .= 'action='.getAction();
242 elseif (isGetRequestParameterSet('area')) $url .= 'area='.getRequestParameter('area');
248 case '404': // Administrator login not found
249 setPostRequestParameter('ok', $ret);
250 $ret = getMaskedMessage('ADMIN_ACCOUNT_404', postRequestParameter('login'));
251 destroyAdminSession();
254 case 'pass': // Wrong password
255 setPostRequestParameter('ok', $ret);
256 $ret = '{--WRONG_PASS--} [<a href="{%url=modules.php?module=admin&reset_pass=1%}">{--ADMIN_RESET_PASS--}</a>]';
257 destroyAdminSession();
260 default: // Others will be logged
261 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
267 if ($ret != 'done') {
268 $content['login'] = '';
269 if (isPostRequestParameterSet('login')) {
270 $content['login'] = postRequestParameter('login');
273 // Init array elements
274 $content['login_message'] = '';
275 $content['pass_message'] = '';
278 // Set messages to zero
279 $loginMessage = ''; $passwdMessage = '';
282 if (!isPostRequestParameterSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN');
284 // An error comes back from login?
285 if ((!empty($ret)) && (postRequestParameter('ok') == '404')) $loginMessage = $ret;
287 // No password entered?
288 if (!isPostRequestParameterSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS');
290 // Or password too short?
291 if (strlen(postRequestParameter('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS');
293 // An error comes back from login?
294 if ((!empty($ret)) && (postRequestParameter('ok') == 'pass')) $passwdMessage = $ret;
296 // Load message template
297 $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
298 $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage);
303 // Restore old what value
304 $content = merge_array($content, array('target' => 'what', 'value' => getWhat()));
305 } elseif (isActionSet()) {
306 if (getAction() != 'logout') {
307 // Restore old action value
308 $content = merge_array($content, array('target' => 'action', 'value' => getAction()));
310 // Set default values
311 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
313 } elseif (isGetRequestParameterSet('area')) {
314 // Restore old area value
315 $content = merge_array(
319 'value' => getRequestParameter('area')
323 // Set default values
324 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
327 // Load login form template
328 loadTemplate('admin_login_form', false, $content);
330 } elseif (isGetRequestParameterSet('logout')) {
331 // Only try to remove cookies
332 if (destroyAdminSession()) {
333 // Load logout template
334 if (isGetRequestParameterSet('register')) {
336 $register = getRequestParameter('register');
338 // Special logout redirect for installation of given extension
339 loadTemplate(sprintf("admin_logout_%s_install", $register));
340 } elseif (isGetRequestParameterSet('remove')) {
342 $remove = getRequestParameter('remove');
344 // Special logout redirect for removal of given extension
345 loadTemplate(sprintf("admin_logout_%s_remove", $remove));
347 // Logged out normally
348 loadTemplate('admin_logout');
351 // Something went wrong here...
352 loadTemplate('admin_settings_saved', false, '<div class="admin_fatal">{--ADMIN_LOGOUT_FAILED--}</div>');
355 addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS'));
358 // Maybe an Admin want's to login?
359 $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5'));
364 // Check for access control line of current menu entry
365 runFilterChain('check_admin_acl');
367 // When type of admin menu is not set fallback to old menu system
368 if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD');
370 // Check for version and switch between old menu system and new intelligent menu system
371 if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) {
372 // Default area is the entrance, of course
375 // Check for similar URL variable
376 if (isGetRequestParameterSet('area')) $area = getRequestParameter('area');
378 // Load logical-area menu-system file
379 loadIncludeOnce('inc/modules/admin/lasys-inc.php');
381 // Create new-style menu system will logical areas
382 doAdminLogicalArea($area, $action, getWhat());
384 // This little call constructs the whole default old and lacky menu system
385 // on left side. It also renders the content on right side
390 case '404': // Administrator login not found
391 setPostRequestParameter('ok', $ret);
392 loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_ACCOUNT_404', getSession('admin_login')));
393 destroyAdminSession();
396 case 'pass': // Wrong password
397 setPostRequestParameter('ok', $ret);
398 loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS'));
399 destroyAdminSession();
402 default: // Others will be logged
403 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));