2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 08/31/2003 *
4 * =================== Last change: 07/02/2004 *
6 * -------------------------------------------------------------------- *
8 * -------------------------------------------------------------------- *
9 * Short description : Administration module *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Administrationsmodul *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * Copyright (c) 2009, 2010 by Mailer Developer Team *
22 * For more information visit: http://www.mxchange.org *
24 * This program is free software; you can redistribute it and/or modify *
25 * it under the terms of the GNU General Public License as published by *
26 * the Free Software Foundation; either version 2 of the License, or *
27 * (at your option) any later version. *
29 * This program is distributed in the hope that it will be useful, *
30 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
31 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
32 * GNU General Public License for more details. *
34 * You should have received a copy of the GNU General Public License *
35 * along with this program; if not, write to the Free Software *
36 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
38 ************************************************************************/
40 // Some security stuff...
41 if (!defined('__SECURITY')) {
46 loadIncludeOnce('inc/modules/admin/admin-inc.php');
48 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
49 fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last'));
54 // Is no admin registered?
55 if (!isAdminRegistered()) {
56 // Admin is not registered so we have to inform the user
57 if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass1')) || (strlen(postRequestParameter('pass1')) < 4) || (!isPostRequestParameterSet('pass2')) || (strlen(postRequestParameter('pass2')) < 4) || (postRequestParameter('pass1') != postRequestParameter('pass2')))) {
58 setPostRequestParameter('ok', '***');
61 if ((isFormSent()) && (postRequestParameter('ok') != '***')) {
62 // Hash the password with the old function because we are here in install mode
63 $hashedPass = md5(postRequestParameter('pass1'));
65 // Kill maybe existing session variables
66 destroyAdminSession(false);
69 $ret = addAdminAccount(postRequestParameter('login'), $hashedPass, getConfig('WEBMASTER'));
71 // Check if registration wents fine
74 $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0);
76 // Registering is done
77 redirectToUrl('modules.php?module=admin&register=done');
79 $ret = getMessage('ADMIN_CANNOT_COMPLETE');
83 case 'failed': // Registration has failed
84 $ret = getMessage('ADMIN_REGISTER_FAILED');
87 case 'already': // Admin does already exists!
88 $ret = getMessage('ADMIN_LOGIN_ALREADY_REG');
92 // Any other kind will be logged
93 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret));
98 // Whas that action okay?
101 $content['login'] = '';
102 if (isPostRequestParameterSet('login')) {
103 $content['login'] = postRequestParameter('login');
106 // Init array elements
107 $content['login_message'] = '';
108 $content['pass1_message'] = '';
109 $content['pass2_message'] = '';
111 // Yet-another notice-fix
112 if ((isFormSent()) && (postRequestParameter('ok') == '***')) {
119 if (empty($content['login'])) $loginMessage = getMessage('ADMIN_NO_LOGIN');
121 // An error comes back from registration?
122 if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $ret;
124 // No password 1 entered or to short?
125 if (!isPostRequestParameterSet('pass1')) $pass1Message = getMessage('ADMIN_NO_PASS1');
126 elseif (strlen(postRequestParameter('pass1')) < 4) $pass1Message = getMessage('ADMIN_SHORT_PASS1');
128 // No password 2 entered or to short?
129 if (!isPostRequestParameterSet('pass2')) $pass2Message = getMessage('ADMIN_NO_PASS2');
130 elseif (strlen(postRequestParameter('pass2')) < 4) $pass2Message = getMessage('ADMIN_SHORT_PASS2');
132 // Both didn't match?
133 if (postRequestParameter('pass1') != postRequestParameter('pass2')) {
135 if (empty($pass1Message)) $pass1Message = getMessage('ADMIN_PASS1_MISMATCH');
136 if (empty($pass2Message)) $pass2Message = getMessage('ADMIN_PASS2_MISMATCH');
139 // Output error messages
140 $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
141 $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message);
142 $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message);
145 // Output message in seperate template
146 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_NOT_REGISTERED'));
148 // Load register template
149 loadTemplate('admin_reg_form', false, $content);
151 } elseif (isGetRequestParameterSet('reset_pass')) {
152 // Is the form submitted?
153 if ((isPostRequestParameterSet('send_link')) && (isPostRequestParameterSet('email'))) {
155 loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestParameter('email')));
156 } elseif (isGetRequestParameterSet('hash')) {
157 // Output form for hash validation
158 loadTemplate('admin_validate_reset_hash_form', false, getRequestParameter('hash'));
159 } elseif ((isPostRequestParameterSet('validate_hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('hash'))) {
160 // Validate the login data and hash
161 $valid = adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'));
164 if ($valid === true) {
165 // Prepare content first
167 'hash' => secureString(postRequestParameter('hash')),
168 'login' => secureString(postRequestParameter('login'))
171 // Validation okay so display form for final password change
172 loadTemplate('admin_reset_password_form', false, $content);
174 // Cannot validate the login data and hash
175 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
177 } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) {
178 // Okay, we shall the admin password here. So first revalidate the hash
179 if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) {
181 loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1')));
184 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2'));
187 // Output reset password form
188 loadTemplate('admin_send_reset_link');
190 } elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
191 // At leat one administrator account was created
192 if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
193 // Timeout for last login, we have to logout first!
194 redirectToUrl('modules.php?module=admin&logout=1');
197 if (isGetRequestParameterSet('register')) {
198 // Registration of first admin is done
199 if (getRequestParameter('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE'));
202 // Check if the admin has submitted data or not
203 if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass')) || (strlen(postRequestParameter('pass')) < 4))) {
204 setPostRequestParameter('ok', '***');
207 if ((isFormSent()) && (postRequestParameter('ok') != '***')) {
208 // All required data was entered so we check his account
209 $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('pass'));
211 // Which status do we have?
213 case 'done': // Admin and password are okay, so we log in now
214 // Construct URL and redirect
215 $URL = 'modules.php?module=admin&';
217 // Rewrite overview module
218 if (getWhat() == 'overview') {
219 setAction(getActionFromModuleWhat(getModule(), getWhat()));
223 if (isWhatSet()) $URL .= 'what='.getWhat();
224 elseif (isActionSet()) $URL .= 'action='.getAction();
225 elseif (isGetRequestParameterSet('area')) $URL .= 'area='.getRequestParameter('area');
231 case '404': // Administrator login not found
232 setPostRequestParameter('ok', $ret);
233 $ret = getMaskedMessage('ADMIN_404', postRequestParameter('login'));
234 destroyAdminSession();
237 case 'pass': // Wrong password
238 setPostRequestParameter('ok', $ret);
239 $ret = '{--WRONG_PASS--} [<a href="{%url=modules.php?module=admin&reset_pass=1%}">{--ADMIN_RESET_PASS--}</a>]';
240 destroyAdminSession();
243 default: // Others will be logged
244 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
250 if ($ret != 'done') {
251 $content['login'] = '';
252 if (isPostRequestParameterSet('login')) {
253 $content['login'] = postRequestParameter('login');
256 // Init array elements
257 $content['login_message'] = '';
258 $content['pass_message'] = '';
261 // Set messages to zero
262 $loginMessage = ''; $passwdMessage = '';
265 if (!isPostRequestParameterSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN');
267 // An error comes back from login?
268 if ((!empty($ret)) && (postRequestParameter('ok') == '404')) $loginMessage = $ret;
270 // No password entered?
271 if (!isPostRequestParameterSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS');
273 // Or password too short?
274 if (strlen(postRequestParameter('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS');
276 // An error comes back from login?
277 if ((!empty($ret)) && (postRequestParameter('ok') == 'pass')) $passwdMessage = $ret;
279 // Load message template
280 $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
281 $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage);
286 // Restore old what value
287 $content = merge_array($content, array('target' => 'what', 'value' => getWhat()));
288 } elseif (isActionSet()) {
289 if (getAction() != 'logout') {
290 // Restore old action value
291 $content = merge_array($content, array('target' => 'action', 'value' => getAction()));
293 // Set default values
294 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
296 } elseif (isGetRequestParameterSet('area')) {
297 // Restore old area value
298 $content = merge_array($content, array('target' => 'area', 'value' => getRequestParameter('area')));
300 // Set default values
301 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
304 // Load login form template
305 loadTemplate('admin_login_form', false, $content);
307 } elseif (isGetRequestParameterSet('logout')) {
308 // Only try to remove cookies
309 if (destroyAdminSession()) {
310 // Load logout template
311 if (isGetRequestParameterSet('register')) {
313 $register = getRequestParameter('register');
315 // Special logout redirect for installation of given extension
316 loadTemplate(sprintf("admin_logout_%s_install", $register));
317 } elseif (isGetRequestParameterSet('remove')) {
319 $remove = getRequestParameter('remove');
321 // Special logout redirect for removal of given extension
322 loadTemplate(sprintf("admin_logout_%s_remove", $remove));
324 // Logged out normally
325 loadTemplate('admin_logout');
328 // Something went wrong here...
329 loadTemplate('admin_settings_saved', false, '<div class="admin_fatal">{--ADMIN_LOGOUT_FAILED--}</div>');
332 addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS'));
335 // Maybe an Admin want's to login?
336 $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5'));
341 // Check for access control line of current menu entry
342 runFilterChain('check_admin_acl');
344 // When type of admin menu is not set fallback to old menu system
345 if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD');
347 // Check for version and switch between old menu system and new intelligent menu system
348 if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) {
349 // Default area is the entrance, of course
352 // Check for similar URL variable
353 if (isGetRequestParameterSet('area')) $area = getRequestParameter('area');
355 // Load logical-area menu-system file
356 loadIncludeOnce('inc/modules/admin/lasys-inc.php');
358 // Create new-style menu system will logical areas
359 doAdminLogicalArea($area, $action, getWhat());
361 // This little call constructs the whole default old and lacky menu system
362 // on left side. It also renders the content on right side
367 case '404': // Administrator login not found
368 setPostRequestParameter('ok', $ret);
369 loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_404', getSession('admin_login')));
370 destroyAdminSession();
373 case 'pass': // Wrong password
374 setPostRequestParameter('ok', $ret);
375 loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS'));
376 destroyAdminSession();
379 default: // Others will be logged
380 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));