X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=inc%2Fmodules%2Fadmin.php;h=b9b59ece5f405ce696c877bf469619881f8cb448;hb=16de7d9e8b98108627db01688bc095240b5ba8d2;hp=0635460a527b70722322ff871033e0d6fa1fdafd;hpb=56156f6c4392510cdbe0eb4f2ccefc23b43e2672;p=mailer.git diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 0635460a52..b9b59ece5f 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -10,9 +10,14 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Administrationsmodul * * -------------------------------------------------------------------- * - * * + * $Revision:: $ * + * $Date:: $ * + * $Tag:: 0.2.1-FINAL $ * + * $Author:: $ * + * Needs to be in all Files and every File needs "svn propset * + * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * - * Copyright (c) 2003 - 2008 by Roland Haeder * + * Copyright (c) 2003 - 2009 by Roland Haeder * * For more information visit: http://www.mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -33,356 +38,352 @@ // Some security stuff... if (!defined('__SECURITY')) { - $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; - require($INC); -} - -// Login is default -if ((empty($GLOBALS['action'])) && ($check == "admin_only")) { - // Redirect to right URL - LOAD_URL("modules.php?module=admin&action=login"); + die(); } // END - if // Load include file -require_once(PATH."inc/modules/admin/admin-inc.php"); +loadIncludeOnce('inc/modules/admin/admin-inc.php'); // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!) -FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to')); +fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last', 'admin_to')); // Init return value -$ret = "init"; +$ret = 'init'; // Is no admin registered? -if (!isBooleanConstantAndTrue('admin_registered')) { +if (!isAdminRegistered()) { // Admin is not registered so we have to inform the user - if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; - if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { + if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass')) || (strlen(postRequestElement('pass')) < 4))) { + setRequestPostElement('ok', '***'); + } // END - if + + if ((isFormSent()) && (postRequestElement('ok') != '***')) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5($_POST['pass']); + $hashedPass = md5(postRequestElement('pass')); // Kill maybe existing session variables - DESTROY_ADMIN_SESSION(false); + destroyAdminSession(false); // Do registration - $ret = REGISTER_ADMIN($_POST['login'], $hashedPass); - switch ($ret) - { - case "done": - admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); - if (!_FATAL) { - // Registering is done - LOAD_URL("modules.php?module=admin&action=login®ister=done"); - } else { - $ret = ADMIN_CANNOT_COMPLETE; - } - break; - - case "failed": - $ret = ADMIN_REGISTER_FAILED; - break; - - case "already": - default: - if ($ret == "already") { - // Admin does already exists! - $ret = ADMIN_LOGIN_ALREADY_REG; - } else { - // Any other kind will be logged and interpreted as 'done' - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret)); - // @TODO Why is this set to 'done'? - $ret = "done"; - } - - // Admin still not registered? - if (!isBooleanConstantAndTrue('admin_registered')) { - // Write to config that registration is done - admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); - - // Load URL for login - LOAD_URL("modules.php?module=admin&action=login"); - } // END - if - break; - } + $ret = addAdminAccount(postRequestElement('login'), $hashedPass, getConfig('WEBMASTER')); + + // Check if registration wents fine + switch ($ret) { + case 'done': + $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); + if ($done === true) { + // Registering is done + redirectToUrl('modules.php?module=admin®ister=done'); + } else { + $ret = getMessage('ADMIN_CANNOT_COMPLETE'); + } + break; + + case 'failed': + $ret = getMessage('ADMIN_REGISTER_FAILED'); + break; + + case 'already': + default: + if ($ret == 'already') { + // Admin does already exists! + $ret = getMessage('ADMIN_LOGIN_ALREADY_REG'); + } else { + // Any other kind will be logged and interpreted as 'done' + logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid() and interpreted as 'done'!", $ret)); + // @TODO Why is this set to 'done'? + $ret = 'done'; + } + + // Admin still not registered? + if (!isAdminRegistered()) { + // Write to config that registration is done + changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); + + // Load URL for login + redirectToUrl('admin.php'); + } // END - if + break; + } // END - switch } // Whas that action okay? - if ($ret != "done") { - // Fixes another "Notice" - if (!empty($_POST['login'])) { - define('__LOGIN_VALUE', $_POST['login']); - } else { - define('__LOGIN_VALUE', ""); - } - - // Yet-another "Notice" fix - if ((!empty($_POST['ok'])) && ($_POST['ok'] == "***")) { + if ($ret != 'done') { + // Fixes another notice + $content['login'] = ''; + if (isPostRequestElementSet('login')) { + $content['login'] = postRequestElement('login'); + } // END - if + + // Init array elements + $content['login_message'] = ''; + $content['pass_message'] = ''; + + // Yet-another notice-fix + if ((isFormSent()) && (postRequestElement('ok') == '***')) { // No login entered? - if (empty($_POST['login'])) $MSG1 = ADMIN_NO_LOGIN; + if (!isPostRequestElementSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); // An error comes back from registration? - if (!empty($ret)) $MSG1 = $ret; + if (!empty($ret)) $loginMessage = $ret; // No password entered? - if (empty($_POST['pass'])) $MSG2 = ADMIN_NO_PASS; + if (!isPostRequestElementSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen($_POST['pass']) < 4) $MSG2 = ADMIN_SHORT_PASS; + if (strlen(postRequestElement('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); // Output error messages - define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1)); - define('__MSG_PASS', LOAD_TEMPLATE("admin_login_msg", true, $MSG2)); + $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); + $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); // Reset variables - $MSG1 = ""; $MSG2 = ""; - } else { - // Reset values to nothing - define('__MSG_LOGIN', ""); - define('__MSG_PASS' , ""); - } + $loginMessage = ''; $passwdMessage = ''; + } // END - if + + // Output message in seperate template + loadTemplate('admin_settings_saved', false, getMessage('ADMIN_NOT_REGISTERED')); // Load register template - LOAD_TEMPLATE("admin_reg_form"); + loadTemplate('admin_reg_form', false, $content); } -} elseif (isset($_GET['reset_pass'])) { +} elseif (isGetRequestElementSet('reset_pass')) { // Is the form submitted? - if ((isset($_POST['send_link'])) && (!empty($_POST['email']))) { - // Try to send the link out - $OUT = ADMIN_SEND_PASSWORD_RESET_LINK($_POST['email']); - + if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) { // Output result - LOAD_TEMPLATE("admin_settings_saved", false, $OUT); - } elseif (!empty($_GET['hash'])) { + loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestElement('email'))); + } elseif (isGetRequestElementSet('hash')) { // Output form for hash validation - LOAD_TEMPLATE("admin_validate_reset_hash_form", false, $_GET['hash']); - } elseif ((isset($_POST['validate_hash'])) && (!empty($_POST['login'])) && (!empty($_POST['hash']))) { + loadTemplate('admin_validate_reset_hash_form', false, getRequestElement('hash')); + } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('hash'))) { // Validate the login data and hash - $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login']); + $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login')); // Valid? - if ($valid) { + if ($valid === true) { // Prepare content first $content = array( - 'hash' => SQL_ESCAPE($_POST['hash']), - 'login' => SQL_ESCAPE($_POST['login']) + 'hash' => SQL_ESCAPE(postRequestElement('hash')), + 'login' => SQL_ESCAPE(postRequestElement('login')) ); // Validation okay so display form for final password change - LOAD_TEMPLATE("admin_reset_password_form", false, $content); + loadTemplate('admin_reset_password_form', false, $content); } else { // Cannot validate the login data and hash - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED); + loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); } - } elseif ((isset($_POST['reset_pass'])) && (!empty($_POST['hash'])) && (!empty($_POST['login'])) && (!empty($_POST['pass1'])) && ($_POST['pass1'] == $_POST['pass2'])) { + } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('pass1')) && (postRequestElement('pass1') == postRequestElement('pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login'])) { - // Set the password now - $OUT = ADMIN_RESET_PASSWORD($_POST['login'], $_POST['pass1']); - + if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'))) { // Output result - LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT); + loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestElement('login'), postRequestElement('pass1'))); } else { // Validation failed - LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2); + loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2')); } } else { // Output reset password form - LOAD_TEMPLATE("admin_send_reset_link"); + loadTemplate('admin_send_reset_link'); } -} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((get_session('admin_last') + bigintval(get_session('admin_to')) * 3600 * 24) < time())) { +} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((getSession('admin_last') + bigintval(getSession('admin_to')) * 3600 * 24) < time())) { // At leat one administrator account was created if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) { // Timeout for last login, we have to logout first! - LOAD_URL("modules.php?module=admin&action=login&logout=1"); + redirectToUrl('modules.php?module=admin&logout=1'); } // END - if - if (!empty($_GET['register'])) { + if (isGetRequestElementSet('register')) { // Registration of first admin is done - if ($_GET['register'] == "done") LOAD_TEMPLATE("admin_settings_saved", false, "