2 /************************************************************************
3 * MXChange v0.2.1 Start: 08/31/2003 *
4 * =============== Last change: 07/02/2004 *
6 * -------------------------------------------------------------------- *
8 * -------------------------------------------------------------------- *
9 * Short description : Administration module *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Administrationsmodul *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * For more information visit: http://www.mxchange.org *
23 * This program is free software; you can redistribute it and/or modify *
24 * it under the terms of the GNU General Public License as published by *
25 * the Free Software Foundation; either version 2 of the License, or *
26 * (at your option) any later version. *
28 * This program is distributed in the hope that it will be useful, *
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
31 * GNU General Public License for more details. *
33 * You should have received a copy of the GNU General Public License *
34 * along with this program; if not, write to the Free Software *
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
37 ************************************************************************/
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
45 loadIncludeOnce('inc/modules/admin/admin-inc.php');
47 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
48 fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last', 'admin_to'));
53 // Is no admin registered?
54 if (!isAdminRegistered()) {
55 // Admin is not registered so we have to inform the user
56 if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass')) || (strlen(postRequestElement('pass')) < 4))) {
57 setRequestPostElement('ok', '***');
60 if ((isFormSent()) && (postRequestElement('ok') != '***')) {
61 // Hash the password with the old function because we are here in install mode
62 $hashedPass = md5(postRequestElement('pass'));
64 // Kill maybe existing session variables
65 destroyAdminSession(false);
68 $ret = addAdminAccount(postRequestElement('login'), $hashedPass, getConfig('WEBMASTER'));
70 // Check if registration wents fine
73 $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0);
75 // Registering is done
76 redirectToUrl('modules.php?module=admin&register=done');
78 $ret = getMessage('ADMIN_CANNOT_COMPLETE');
83 $ret = getMessage('ADMIN_REGISTER_FAILED');
88 if ($ret == 'already') {
89 // Admin does already exists!
90 $ret = getMessage('ADMIN_LOGIN_ALREADY_REG');
92 // Any other kind will be logged and interpreted as 'done'
93 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid() and interpreted as 'done'!", $ret));
94 // @TODO Why is this set to 'done'?
98 // Admin still not registered?
99 if (!isAdminRegistered()) {
100 // Write to config that registration is done
101 changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0);
103 // Load URL for login
104 redirectToUrl('admin.php');
110 // Whas that action okay?
111 if ($ret != 'done') {
112 // Fixes another notice
113 $content['login'] = '';
114 if (isPostRequestElementSet('login')) {
115 $content['login'] = postRequestElement('login');
118 // Init array elements
119 $content['login_message'] = '';
120 $content['pass_message'] = '';
122 // Yet-another notice-fix
123 if ((isFormSent()) && (postRequestElement('ok') == '***')) {
125 if (!isPostRequestElementSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN');
127 // An error comes back from registration?
128 if (!empty($ret)) $loginMessage = $ret;
130 // No password entered?
131 if (!isPostRequestElementSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS');
133 // Or password too short?
134 if (strlen(postRequestElement('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS');
136 // Output error messages
137 $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
138 $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage);
141 $loginMessage = ''; $passwdMessage = '';
144 // Output message in seperate template
145 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_NOT_REGISTERED'));
147 // Load register template
148 loadTemplate('admin_reg_form', false, $content);
150 } elseif (isGetRequestElementSet('reset_pass')) {
151 // Is the form submitted?
152 if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) {
154 loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestElement('email')));
155 } elseif (isGetRequestElementSet('hash')) {
156 // Output form for hash validation
157 loadTemplate('admin_validate_reset_hash_form', false, getRequestElement('hash'));
158 } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('hash'))) {
159 // Validate the login data and hash
160 $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'));
163 if ($valid === true) {
164 // Prepare content first
166 'hash' => SQL_ESCAPE(postRequestElement('hash')),
167 'login' => SQL_ESCAPE(postRequestElement('login'))
170 // Validation okay so display form for final password change
171 loadTemplate('admin_reset_password_form', false, $content);
173 // Cannot validate the login data and hash
174 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
176 } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('pass1')) && (postRequestElement('pass1') == postRequestElement('pass2'))) {
177 // Okay, we shall the admin password here. So first revalidate the hash
178 if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'))) {
180 loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestElement('login'), postRequestElement('pass1')));
183 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2'));
186 // Output reset password form
187 loadTemplate('admin_send_reset_link');
189 } elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((getSession('admin_last') + bigintval(getSession('admin_to')) * 3600 * 24) < time())) {
190 // At leat one administrator account was created
191 if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) {
192 // Timeout for last login, we have to logout first!
193 redirectToUrl('modules.php?module=admin&logout=1');
196 if (isGetRequestElementSet('register')) {
197 // Registration of first admin is done
198 if (getRequestElement('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE'));
201 // Check if the admin has submitted data or not
202 if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass')) || (strlen(postRequestElement('pass')) < 4))) {
203 setRequestPostElement('ok', '***');
206 if ((isFormSent()) && (postRequestElement('ok') != '***')) {
207 // All required data was entered so we check his account
208 $ret = ifAdminLoginDataIsValid(postRequestElement('login'), postRequestElement('pass'));
210 // Which status do we have?
212 case 'done': // Admin and password are okay, so we log in now
213 // Construct URL and redirect
214 $URL = 'modules.php?module=admin&';
216 // Rewrite overview module
217 if (getWhat() == 'overview') {
218 setAction(getModeAction(getModule(), getWhat()));
222 if (isWhatSet()) $URL .= 'what='.getWhat();
223 elseif (isActionSet()) $URL .= 'action='.getAction();
224 elseif (isGetRequestElementSet('area')) $URL .= 'area='.getRequestElement('area');
230 case '404': // Administrator login not found
231 setRequestPostElement('ok', $ret);
232 $ret = sprintf(getMessage('ADMIN_404'), postRequestElement('login'));
233 destroyAdminSession();
236 case 'pass': // Wrong password
237 setRequestPostElement('ok', $ret);
238 $ret = '{--WRONG_PASS--} [<a href="{?URL?}/modules.php?module=admin&reset_pass=1">{--ADMIN_RESET_PASS--}</a>]';
239 destroyAdminSession();
242 default: // Others will be logged
243 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
249 if ($ret != 'done') {
250 $content['login'] = '';
251 if (isPostRequestElementSet('login')) {
252 $content['login'] = postRequestElement('login');
255 // Init array elements
256 $content['login_message'] = '';
257 $content['pass_message'] = '';
260 // Set messages to zero
261 $loginMessage = ''; $passwdMessage = '';
264 if (!isPostRequestElementSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN');
266 // An error comes back from login?
267 if ((!empty($ret)) && (postRequestElement('ok') == '404')) $loginMessage = $ret;
269 // No password entered?
270 if (!isPostRequestElementSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS');
272 // Or password too short?
273 if (strlen(postRequestElement('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS');
275 // An error comes back from login?
276 if ((!empty($ret)) && (postRequestElement('ok') == 'pass')) $passwdMessage = $ret;
278 // Load message template
279 $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
280 $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage);
283 unset($loginMessage);
284 unset($passwdMessage);
289 // Restore old what value
290 $content = merge_array($content, array('target' => 'what', 'value' => getWhat()));
291 } elseif (isActionSet()) {
292 if (getAction() != 'logout') {
293 // Restore old action value
294 $content = merge_array($content, array('target' => 'action', 'value' => getAction()));
296 // Set default values
297 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
299 } elseif (isGetRequestElementSet('area')) {
300 // Restore old area value
301 $content = merge_array($content, array('target' => 'area', 'value' => getRequestElement('area')));
303 // Set default values
304 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
307 // Load login form template
308 loadTemplate('admin_login_form', false, $content);
310 } elseif (isGetRequestElementSet('logout')) {
311 // Only try to remove cookies
312 if (destroyAdminSession()) {
313 // Load logout template
314 if (isGetRequestElementSet('register')) {
316 $register = getRequestElement('register');
318 // Special logout redirect for installation of given extension
319 loadTemplate(sprintf("admin_logout_%s_install", $register));
320 } elseif (isGetRequestElementSet('remove')) {
322 $remove = getRequestElement('remove');
324 // Special logout redirect for removal of given extension
325 loadTemplate(sprintf("admin_logout_%s_remove", $remove));
327 // Logged out normally
328 loadTemplate('admin_logout');
331 // Something went wrong here...
332 loadTemplate('admin_settings_saved', false, '<div class="admin_fatal">{--ADMIN_LOGOUT_FAILED--}</div>');
335 addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS'));
338 // Maybe an Admin want's to login?
339 $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5'));
344 // Check for access control line of current menu entry
345 runFilterChain('check_admin_acl');
347 // When type of admin menu is not set fallback to old menu system
348 if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD');
350 // Check for version and switch between old menu system and new intelligent menu system
351 if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) {
352 // Default area is the entrance, of course
355 // Check for similar URL variable
356 if (isGetRequestElementSet('area')) $area = getRequestElement('area');
358 // Load logical-area menu-system file
359 loadIncludeOnce('inc/modules/admin/lasys-inc.php');
361 // Create new-style menu system will logical areas
362 doAdminLogicalArea($area, $action, getWhat());
364 // This little call constructs the whole default old and lacky menu system
365 // on left side. It also renders the content on right side
370 case '404': // Administrator login not found
371 setRequestPostElement('ok', $ret);
372 loadTemplate('admin_settings_saved', false, sprintf(getMessage('ADMIN_404'), getSession('admin_login')));
373 destroyAdminSession();
376 case 'pass': // Wrong password
377 setRequestPostElement('ok', $ret);
378 loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS'));
379 destroyAdminSession();
382 default: // Others will be logged
383 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));