// Is no admin registered?
if (!isBooleanConstantAndTrue('admin_registered')) {
// Admin is not registered so we have to inform the user
- if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
- if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
+ if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
+ REQUEST_SET_POST('ok', "***");
+ }
+
+ if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
// Hash the password with the old function because we are here in install mode
- $hashedPass = md5($_POST['pass']);
+ $hashedPass = md5(REQUEST_POST('pass'));
// Kill maybe existing session variables
destroyAdminSession(false);
// Do registration
- $ret = REGISTER_ADMIN($_POST['login'], $hashedPass);
+ $ret = REGISTER_ADMIN(REQUEST_POST('login'), $hashedPass);
switch ($ret)
{
case "done":
- admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
+ changeDataInFile(constant('PATH')."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
if (!constant('_FATAL')) {
// Registering is done
LOAD_URL("modules.php?module=admin&action=login®ister=done");
// Admin still not registered?
if (!isBooleanConstantAndTrue('admin_registered')) {
// Write to config that registration is done
- admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
+ changeDataInFile(constant('PATH')."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
// Load URL for login
LOAD_URL("modules.php?module=admin&action=login");
// Whas that action okay?
if ($ret != "done") {
// Fixes another "Notice"
- if (!empty($_POST['login'])) {
- define('__LOGIN_VALUE', $_POST['login']);
+ if (REQUEST_ISSET_POST(('login'))) {
+ define('__LOGIN_VALUE', REQUEST_POST('login'));
} else {
define('__LOGIN_VALUE', "");
}
// Yet-another "Notice" fix
- if ((!empty($_POST['ok'])) && ($_POST['ok'] == "***")) {
+ if ((IS_FORM_SENT()) && (REQUEST_POST('ok') == "***")) {
// No login entered?
- if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN');
+ if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
// An error comes back from registration?
if (!empty($ret)) $MSG1 = $ret;
// No password entered?
- if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS');
+ if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
// Or password too short?
- if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
+ if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
// Output error messages
define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
// Load register template
LOAD_TEMPLATE("admin_reg_form");
}
-} elseif (isset($_GET['reset_pass'])) {
+} elseif (REQUEST_ISSET_GET(('reset_pass'))) {
// Is the form submitted?
- if ((isset($_POST['send_link'])) && (!empty($_POST['email']))) {
+ if ((REQUEST_ISSET_POST(('send_link'))) && (REQUEST_ISSET_POST(('email')))) {
// Try to send the link out
- $OUT = ADMIN_SEND_PASSWORD_RESET_LINK($_POST['email']);
+ $OUT = ADMIN_SEND_PASSWORD_RESET_LINK(REQUEST_POST('email'));
// Output result
LOAD_TEMPLATE("admin_settings_saved", false, $OUT);
- } elseif (!empty($_GET['hash'])) {
+ } elseif (REQUEST_ISSET_GET(('hash'))) {
// Output form for hash validation
- LOAD_TEMPLATE("admin_validate_reset_hash_form", false, $_GET['hash']);
- } elseif ((isset($_POST['validate_hash'])) && (!empty($_POST['login'])) && (!empty($_POST['hash']))) {
+ LOAD_TEMPLATE("admin_validate_reset_hash_form", false, REQUEST_GET('hash'));
+ } elseif ((REQUEST_ISSET_POST(('validate_hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('hash')))) {
// Validate the login data and hash
- $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login']);
+ $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'));
// Valid?
if ($valid === true) {
// Prepare content first
$content = array(
- 'hash' => SQL_ESCAPE($_POST['hash']),
- 'login' => SQL_ESCAPE($_POST['login'])
+ 'hash' => SQL_ESCAPE(REQUEST_POST('hash')),
+ 'login' => SQL_ESCAPE(REQUEST_POST('login'))
);
// Validation okay so display form for final password change
// Cannot validate the login data and hash
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
}
- } elseif ((isset($_POST['reset_pass'])) && (!empty($_POST['hash'])) && (!empty($_POST['login'])) && (!empty($_POST['pass1'])) && ($_POST['pass1'] == $_POST['pass2'])) {
+ } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
// Okay, we shall the admin password here. So first revalidate the hash
- if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login'])) {
+ if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) {
// Set the password now
- $OUT = ADMIN_RESET_PASSWORD($_POST['login'], $_POST['pass1']);
+ $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1'));
// Output result
LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT);
LOAD_URL("modules.php?module=admin&action=login&logout=1");
} // END - if
- if (!empty($_GET['register'])) {
+ if (REQUEST_ISSET_GET(('register'))) {
// Registration of first admin is done
- if ($_GET['register'] == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
+ if (REQUEST_GET('register') == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
} // END - if
// Check if the admin has submitted data or not
- if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
- if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
+ if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
+ REQUEST_SET_POST('ok', "***");
+ }
+
+ if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
// All required data was entered so we check his account
- $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']);
+ $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass'));
// Which status do we have?
switch ($ret)
// Add data to URL
if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
- elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
+ elseif (REQUEST_ISSET_GET(('area'))) $URL .= "area=".REQUEST_GET('area');
// Load URL
LOAD_URL($URL);
break;
case "404": // Administrator login not found
- $_POST['ok'] = $ret;
+ REQUEST_SET_POST('ok', $ret);
$ret = getMessage('ADMIN_NOT_FOUND');
destroyAdminSession();
break;
case "pass": // Wrong password
- $_POST['ok'] = $ret;
+ REQUEST_SET_POST('ok', $ret);
$ret = "{--WRONG_PASS--} [<a href=\"{!URL!}/modules.php?module=admin&reset_pass=1\">{--ADMIN_RESET_PASS--}</a>]\n";
destroyAdminSession();
break;
// Error detected?
if ($ret != "done") {
- if (!empty($_POST['login'])) {
- define('__LOGIN_VALUE', $_POST['login']);
+ if (REQUEST_ISSET_POST(('login'))) {
+ define('__LOGIN_VALUE', REQUEST_POST('login'));
} else {
define('__LOGIN_VALUE', "");
}
- if (isset($_POST['ok'])) {
+ if (IS_FORM_SENT()) {
// Set messages to zero
$MSG1 = ""; $MSG2 = "";
// No login entered?
- if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN');
+ if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
// An error comes back from login?
- if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret;
+ if ((!empty($ret)) && (REQUEST_POST('ok') == "404")) $MSG1 = $ret;
// No password entered?
- if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS');
+ if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
// Or password too short?
- if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
+ if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
// An error comes back from login?
- if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret;
+ if ((!empty($ret)) && (REQUEST_POST('ok') == "pass")) $MSG2 = $ret;
// Load message template
define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
// Set default values
$content = array('target' => "action", 'value' => "login");
}
- } elseif (!empty($_GET['area'])) {
+ } elseif (REQUEST_ISSET_GET(('area'))) {
// Restore old area value
- $content = array('target' => "area", 'value' => $_GET['area']);
+ $content = array('target' => "area", 'value' => REQUEST_GET('area'));
} else {
// Set default values
$content = array('target' => "action", 'value' => "login");
// Load login form template
LOAD_TEMPLATE("admin_login_form", false, $content);
} // END - if
-} elseif (isset($_GET['logout'])) {
+} elseif (REQUEST_ISSET_GET(('logout'))) {
// Only try to remove cookies
if (destroyAdminSession()) {
// Load logout template
- if (isset($_GET['register'])) {
+ if (REQUEST_ISSET_GET(('register'))) {
// Secure input
- $register = SQL_ESCAPE($_GET['register']);
+ $register = SQL_ESCAPE(REQUEST_GET('register'));
// Special logout redirect for installation of given extension
LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
- } elseif (isset($_GET['remove'])) {
+ } elseif (REQUEST_ISSET_GET(('remove'))) {
// Secure input
- $remove = SQL_ESCAPE($_GET['remove']);
+ $remove = SQL_ESCAPE(REQUEST_GET('remove'));
// Special logout redirect for removal of given extension
LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', "OLD");
// Check for version and switch between old menu system and new "intelligent menu system"
- if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (FILE_READABLE(PATH."inc/modules/admin/lasys-inc.php"))) {
+ if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (INCLUDE_READABLE("inc/modules/admin/lasys-inc.php"))) {
// Default area is the entrance, of course
$area = "entrance";
// Check for similar URL variable
- if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']);
+ if (REQUEST_ISSET_GET(('area'))) $area = SQL_ESCAPE(REQUEST_GET('area'));
// Load "logical-area menu-system" file
LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php");
break;
case "404": // Administrator login not found
- $_POST['ok'] = $ret;
+ REQUEST_SET_POST('ok', $ret);
destroyAdminSession();
addFatalMessage(getMessage('ADMIN_NOT_FOUND'));
break;
case "pass": // Wrong password
- $_POST['ok'] = $ret;
+ REQUEST_SET_POST('ok', $ret);
destroyAdminSession();
addFatalMessage(getMessage('WRONG_PASS'));
break;