2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 08/31/2003 *
4 * =================== Last change: 07/02/2004 *
6 * -------------------------------------------------------------------- *
8 * -------------------------------------------------------------------- *
9 * Short description : Administration module *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Administrationsmodul *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * -------------------------------------------------------------------- *
18 * Copyright (c) 2003 - 2009 by Roland Haeder *
19 * Copyright (c) 2009 - 2013 by Mailer Developer Team *
20 * For more information visit: http://mxchange.org *
22 * This program is free software; you can redistribute it and/or modify *
23 * it under the terms of the GNU General Public License as published by *
24 * the Free Software Foundation; either version 2 of the License, or *
25 * (at your option) any later version. *
27 * This program is distributed in the hope that it will be useful, *
28 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
29 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
30 * GNU General Public License for more details. *
32 * You should have received a copy of the GNU General Public License *
33 * along with this program; if not, write to the Free Software *
34 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
36 ************************************************************************/
38 // Some security stuff...
39 if (!defined('__SECURITY')) {
44 loadIncludeOnce('inc/modules/admin/admin-inc.php');
46 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
47 fixDeletedCookies(array('admin_id', 'admin_md5', 'admin_last'));
52 // Is no admin registered?
53 if (!isAdminRegistered()) {
54 // Register first admin
56 } elseif (isGetRequestElementSet('reset_pass')) {
57 // Is the form submitted?
58 if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) {
60 displayMessage(sendAdminPasswordResetLink(postRequestElement('email')));
61 } elseif (isGetRequestElementSet('hash')) {
62 // Output form for hash validation
63 loadTemplate('admin_validate_reset_hash_form', FALSE, getRequestElement('hash'));
64 } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('hash'))) {
65 // Validate the login data and hash
66 $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'));
69 if ($valid === TRUE) {
70 // Prepare content first
72 'hash' => postRequestElement('hash'),
73 'admin_login' => postRequestElement('admin_login')
76 // Validation okay so display form for final password change
77 loadTemplate('admin_reset_password_form', FALSE, $content);
79 // Cannot validate the login data and hash
80 displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}');
82 } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('admin_password1')) && (postRequestElement('admin_password1') == postRequestElement('admin_password2'))) {
83 // Okay, we shall the admin password here. So first revalidate the hash
84 if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'))) {
86 loadTemplate('admin_reset_password_done', FALSE, doResetAdminPassword(postRequestElement('admin_login'), postRequestElement('admin_password1')));
89 displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}');
92 // Output reset password form
93 loadTemplate('admin_reset_password_send_link');
95 } elseif ((!isSessionVariableSet('admin_id')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
96 // At leat one administrator account was created
97 if ((isSessionVariableSet('admin_id')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
98 // Timeout for last login, we have to logout first!
99 redirectToUrl('modules.php?module=admin&logout=1');
102 if (isGetRequestElementSet('setup')) {
103 // Registration of first admin is done
104 if (getRequestElement('setup') == 'done') {
106 displayMessage('{--ADMIN_REGISTER_DONE--}');
110 // Check if the admin has submitted data or not
111 if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password')) || (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')))) {
112 setPostRequestElement('login', '***');
115 if ((isFormSent('login')) && (postRequestElement('login') != '***')) {
116 // All required data was entered so we check his account
117 $ret = ifAdminLoginDataIsValid(postRequestElement('admin_login'), postRequestElement('admin_password'));
119 // Which status do we have?
121 case 'done': // Admin and password are okay, so we log in now
123 redirectToUrl('modules.php?' . addAllGetRequestParameters());
126 case '404': // Administrator login not found
127 setPostRequestElement('login', $ret);
128 $ret = '{%message,ADMIN_ACCOUNT_404=' . postRequestElement('admin_login') . '%}';
129 destroyAdminSession(TRUE);
132 case 'password': // Wrong password
133 setPostRequestElement('login', $ret);
134 $ret = '{--WRONG_PASS--} [<a href="{%url=modules.php?module=admin&reset_pass=1%}">{--ADMIN_RESET_PASS--}</a>]';
135 destroyAdminSession(TRUE);
138 default: // Others will be logged
139 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
145 if ($ret != 'done') {
146 $content['admin_login'] = '';
147 if (isPostRequestElementSet('admin_login')) {
148 $content['admin_login'] = postRequestElement('admin_login');
151 // Init array elements
152 $content['login_message'] = '';
153 $content['pass_message'] = '';
155 if (isFormSent('login')) {
156 // Set messages to zero
161 if (!isPostRequestElementSet('admin_login')) {
163 $loginMessage = '{--ADMIN_NO_LOGIN--}';
164 } elseif ((!empty($ret)) && (postRequestElement('login') == '404')) {
165 // An error comes back from login?
166 $loginMessage = $ret;
169 // Check for password
170 if (!isPostRequestElementSet('admin_password')) {
171 // No password entered?
172 $passwdMessage = '{--ADMIN_NO_PASSWORD--}';
173 } elseif ((!empty($ret)) && (postRequestElement('login') == 'password')) {
174 // An error comes back from login?
175 $passwdMessage = $ret;
178 // Load message templates if the messages have been set
179 if (!empty($loginMessage)) {
180 $content['login_message'] = loadTemplate('admin_login_msg', TRUE, $loginMessage);
182 if (!empty($passwdMessage)) {
183 $content['pass_message'] = loadTemplate('admin_login_msg', TRUE, $passwdMessage);
188 $content['all_parameter'] = addAllGetRequestParameters();
190 // Load login form template
191 loadTemplate('admin_login_form', FALSE, $content);
193 } elseif (isGetRequestElementSet('logout')) {
194 // Only try to remove cookies
195 if (destroyAdminSession(TRUE)) {
196 // Load logout template
197 if (isGetRequestElementSet('setup')) {
199 $register = getRequestElement('setup');
201 // Special logout redirect for installation of given extension
202 loadTemplate(sprintf("admin_logout_%s_install", $register));
203 } elseif (isGetRequestElementSet('remove')) {
205 $remove = getRequestElement('remove');
207 // Special logout redirect for removal of given extension
208 loadTemplate(sprintf('admin_logout_%s_remove', $remove));
210 // Logged out normally
211 loadTemplate('admin_logout');
214 // Something went wrong here...
215 displayErrorMessage('{--ADMIN_LOGOUT_FAILED--}');
218 addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}');
221 // Maybe an Admin want's to login?
222 $ret = ifAdminCookiesAreValid(getCurrentAdminId(), getAdminMd5());
227 // Check for access control line of current menu entry
228 runFilterChain('check_admin_acl');
230 // Check for version and switch between old menu system and new intelligent menu system
231 if (adminGetMenuMode() == 'NEW') {
232 // Load include for admin AJAX
233 loadIncludeOnce('inc/ajax/ajax_admin.php');
235 // Load main template
236 loadTemplate('admin_ajax_main');
239 * This little call constructs the whole default old and lacky menu system
240 * on left side. It also renders the content on right side
246 case '404': // Administrator login not found
247 setPostRequestElement('login', $ret);
248 displayMessage('{%message,ADMIN_ACCOUNT_404=' . getCurrentAdminId() . '%}');
249 destroyAdminSession(TRUE);
252 case 'password': // Wrong password
253 setPostRequestElement('login', $ret);
254 displayMessage('{--WRONG_PASS--}');
255 destroyAdminSession(TRUE);
258 case 'session': // Invalid admin session
259 setPostRequestElement('login', $ret);
260 displayMessage('{--INVALID_ADMIN_SESSION--}');
261 destroyAdminSession(TRUE);
264 default: // Others will be logged
265 logDebugMessage(__FILE__, __LINE__, sprintf('Unknown return code %s from ifAdminCookiesAreValid()', $ret));