2 /************************************************************************
3 * Mailer v0.2.1-FINAL Start: 08/31/2003 *
4 * =================== Last change: 07/02/2004 *
6 * -------------------------------------------------------------------- *
8 * -------------------------------------------------------------------- *
9 * Short description : Administration module *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Administrationsmodul *
12 * -------------------------------------------------------------------- *
15 * $Tag:: 0.2.1-FINAL $ *
17 * Needs to be in all Files and every File needs "svn propset *
18 * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
19 * -------------------------------------------------------------------- *
20 * Copyright (c) 2003 - 2009 by Roland Haeder *
21 * For more information visit: http://www.mxchange.org *
23 * This program is free software; you can redistribute it and/or modify *
24 * it under the terms of the GNU General Public License as published by *
25 * the Free Software Foundation; either version 2 of the License, or *
26 * (at your option) any later version. *
28 * This program is distributed in the hope that it will be useful, *
29 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
30 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
31 * GNU General Public License for more details. *
33 * You should have received a copy of the GNU General Public License *
34 * along with this program; if not, write to the Free Software *
35 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
37 ************************************************************************/
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
45 loadIncludeOnce('inc/modules/admin/admin-inc.php');
47 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
48 fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last'));
53 // Is no admin registered?
54 if (!isAdminRegistered()) {
55 // Admin is not registered so we have to inform the user
56 if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass1')) || (strlen(postRequestElement('pass1')) < 4) || (!isPostRequestElementSet('pass2')) || (strlen(postRequestElement('pass2')) < 4) || (postRequestElement('pass1') != postRequestElement('pass2')))) {
57 setRequestPostElement('ok', '***');
60 if ((isFormSent()) && (postRequestElement('ok') != '***')) {
61 // Hash the password with the old function because we are here in install mode
62 $hashedPass = md5(postRequestElement('pass1'));
64 // Kill maybe existing session variables
65 destroyAdminSession(false);
68 $ret = addAdminAccount(postRequestElement('login'), $hashedPass, getConfig('WEBMASTER'));
70 // Check if registration wents fine
73 $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0);
75 // Registering is done
76 redirectToUrl('modules.php?module=admin&register=done');
78 $ret = getMessage('ADMIN_CANNOT_COMPLETE');
82 case 'failed': // Registration has failed
83 $ret = getMessage('ADMIN_REGISTER_FAILED');
86 case 'already': // Admin does already exists!
87 $ret = getMessage('ADMIN_LOGIN_ALREADY_REG');
91 // Any other kind will be logged
92 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret));
97 // Whas that action okay?
100 $content['login'] = '';
101 if (isPostRequestElementSet('login')) {
102 $content['login'] = postRequestElement('login');
105 // Init array elements
106 $content['login_message'] = '';
107 $content['pass1_message'] = '';
108 $content['pass2_message'] = '';
110 // Yet-another notice-fix
111 if ((isFormSent()) && (postRequestElement('ok') == '***')) {
118 if (empty($content['login'])) $loginMessage = getMessage('ADMIN_NO_LOGIN');
120 // An error comes back from registration?
121 if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $ret;
123 // No password 1 entered or to short?
124 if (!isPostRequestElementSet('pass1')) $pass1Message = getMessage('ADMIN_NO_PASS1');
125 elseif (strlen(postRequestElement('pass1')) < 4) $pass1Message = getMessage('ADMIN_SHORT_PASS1');
127 // No password 2 entered or to short?
128 if (!isPostRequestElementSet('pass2')) $pass2Message = getMessage('ADMIN_NO_PASS2');
129 elseif (strlen(postRequestElement('pass2')) < 4) $pass2Message = getMessage('ADMIN_SHORT_PASS2');
131 // Both didn't match?
132 if (postRequestElement('pass1') != postRequestElement('pass2')) {
134 if (empty($pass1Message)) $pass1Message = getMessage('ADMIN_PASS1_MISMATCH');
135 if (empty($pass2Message)) $pass2Message = getMessage('ADMIN_PASS2_MISMATCH');
138 // Output error messages
139 $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
140 $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message);
141 $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message);
144 // Output message in seperate template
145 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_NOT_REGISTERED'));
147 // Load register template
148 loadTemplate('admin_reg_form', false, $content);
150 } elseif (isGetRequestElementSet('reset_pass')) {
151 // Is the form submitted?
152 if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) {
154 loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestElement('email')));
155 } elseif (isGetRequestElementSet('hash')) {
156 // Output form for hash validation
157 loadTemplate('admin_validate_reset_hash_form', false, getRequestElement('hash'));
158 } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('hash'))) {
159 // Validate the login data and hash
160 $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'));
163 if ($valid === true) {
164 // Prepare content first
166 'hash' => secureString(postRequestElement('hash')),
167 'login' => secureString(postRequestElement('login'))
170 // Validation okay so display form for final password change
171 loadTemplate('admin_reset_password_form', false, $content);
173 // Cannot validate the login data and hash
174 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
176 } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('pass1')) && (postRequestElement('pass1') == postRequestElement('pass2'))) {
177 // Okay, we shall the admin password here. So first revalidate the hash
178 if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'))) {
180 loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestElement('login'), postRequestElement('pass1')));
183 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2'));
186 // Output reset password form
187 loadTemplate('admin_send_reset_link');
189 } elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
190 // At leat one administrator account was created
191 if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
192 // Timeout for last login, we have to logout first!
193 redirectToUrl('modules.php?module=admin&logout=1');
196 if (isGetRequestElementSet('register')) {
197 // Registration of first admin is done
198 if (getRequestElement('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE'));
201 // Check if the admin has submitted data or not
202 if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass')) || (strlen(postRequestElement('pass')) < 4))) {
203 setRequestPostElement('ok', '***');
206 if ((isFormSent()) && (postRequestElement('ok') != '***')) {
207 // All required data was entered so we check his account
208 $ret = ifAdminLoginDataIsValid(postRequestElement('login'), postRequestElement('pass'));
210 // Which status do we have?
212 case 'done': // Admin and password are okay, so we log in now
213 // Construct URL and redirect
214 $URL = 'modules.php?module=admin&';
216 // Rewrite overview module
217 if (getWhat() == 'overview') {
218 setAction(getModeAction(getModule(), getWhat()));
222 if (isWhatSet()) $URL .= 'what='.getWhat();
223 elseif (isActionSet()) $URL .= 'action='.getAction();
224 elseif (isGetRequestElementSet('area')) $URL .= 'area='.getRequestElement('area');
230 case '404': // Administrator login not found
231 setRequestPostElement('ok', $ret);
232 $ret = sprintf(getMessage('ADMIN_404'), postRequestElement('login'));
233 destroyAdminSession();
236 case 'pass': // Wrong password
237 setRequestPostElement('ok', $ret);
238 $ret = '{--WRONG_PASS--} [<a href="{%url=modules.php?module=admin&reset_pass=1%}">{--ADMIN_RESET_PASS--}</a>]';
239 destroyAdminSession();
242 default: // Others will be logged
243 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
249 if ($ret != 'done') {
250 $content['login'] = '';
251 if (isPostRequestElementSet('login')) {
252 $content['login'] = postRequestElement('login');
255 // Init array elements
256 $content['login_message'] = '';
257 $content['pass_message'] = '';
260 // Set messages to zero
261 $loginMessage = ''; $passwdMessage = '';
264 if (!isPostRequestElementSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN');
266 // An error comes back from login?
267 if ((!empty($ret)) && (postRequestElement('ok') == '404')) $loginMessage = $ret;
269 // No password entered?
270 if (!isPostRequestElementSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS');
272 // Or password too short?
273 if (strlen(postRequestElement('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS');
275 // An error comes back from login?
276 if ((!empty($ret)) && (postRequestElement('ok') == 'pass')) $passwdMessage = $ret;
278 // Load message template
279 $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
280 $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage);
285 // Restore old what value
286 $content = merge_array($content, array('target' => 'what', 'value' => getWhat()));
287 } elseif (isActionSet()) {
288 if (getAction() != 'logout') {
289 // Restore old action value
290 $content = merge_array($content, array('target' => 'action', 'value' => getAction()));
292 // Set default values
293 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
295 } elseif (isGetRequestElementSet('area')) {
296 // Restore old area value
297 $content = merge_array($content, array('target' => 'area', 'value' => getRequestElement('area')));
299 // Set default values
300 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
303 // Load login form template
304 loadTemplate('admin_login_form', false, $content);
306 } elseif (isGetRequestElementSet('logout')) {
307 // Only try to remove cookies
308 if (destroyAdminSession()) {
309 // Load logout template
310 if (isGetRequestElementSet('register')) {
312 $register = getRequestElement('register');
314 // Special logout redirect for installation of given extension
315 loadTemplate(sprintf("admin_logout_%s_install", $register));
316 } elseif (isGetRequestElementSet('remove')) {
318 $remove = getRequestElement('remove');
320 // Special logout redirect for removal of given extension
321 loadTemplate(sprintf("admin_logout_%s_remove", $remove));
323 // Logged out normally
324 loadTemplate('admin_logout');
327 // Something went wrong here...
328 loadTemplate('admin_settings_saved', false, '<div class="admin_fatal">{--ADMIN_LOGOUT_FAILED--}</div>');
331 addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS'));
334 // Maybe an Admin want's to login?
335 $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5'));
340 // Check for access control line of current menu entry
341 runFilterChain('check_admin_acl');
343 // When type of admin menu is not set fallback to old menu system
344 if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD');
346 // Check for version and switch between old menu system and new intelligent menu system
347 if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) {
348 // Default area is the entrance, of course
351 // Check for similar URL variable
352 if (isGetRequestElementSet('area')) $area = getRequestElement('area');
354 // Load logical-area menu-system file
355 loadIncludeOnce('inc/modules/admin/lasys-inc.php');
357 // Create new-style menu system will logical areas
358 doAdminLogicalArea($area, $action, getWhat());
360 // This little call constructs the whole default old and lacky menu system
361 // on left side. It also renders the content on right side
366 case '404': // Administrator login not found
367 setRequestPostElement('ok', $ret);
368 loadTemplate('admin_settings_saved', false, sprintf(getMessage('ADMIN_404'), getSession('admin_login')));
369 destroyAdminSession();
372 case 'pass': // Wrong password
373 setRequestPostElement('ok', $ret);
374 loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS'));
375 destroyAdminSession();
378 default: // Others will be logged
379 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));