X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=57a889db6c197ca5ad162709d20716beac2a32eb;hb=dcc3ad7ebb9a1b9c6cf9122785301a0a18e42157;hp=86c378e821b6e9723b28531ab24459336ea6e689;hpb=74a607e3879faefdc2ca152605cb533806b98e83;p=mailer.git

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 86c378e821..57a889db6c 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -41,7 +41,7 @@ if (!defined('__SECURITY')) {
 } // END - if
 
 // Register an administrator account
-function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
+function addAdminAccount ($adminLogin, $passHash, $adminEmail, $accessLevel = 'deny') {
 	// Login does already exist
 	$ret = 'already';
 
@@ -51,13 +51,25 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
 
 	// Is the entry there?
 	if (SQL_HASZERONUMS($result)) {
-		// Ok, let's create the admin login
-		SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
-			array(
-				$adminLogin,
-				$passHash,
-				$adminEmail
-			), __FUNCTION__, __LINE__);
+		// Is ext-admins installed and version at least 0.3.0?
+		if (isExtensionInstalledAndNewer('admins', '0.3.0')) {
+			// Ok, let's create the admin login
+			SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`, `default_acl`) VALUES ('%s', '%s', '%s', '%s')",
+				array(
+					$adminLogin,
+					$passHash,
+					$adminEmail,
+					$accessLevel
+				), __FUNCTION__, __LINE__);
+		} else {
+			// Ok, let's create the admin login
+			SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
+				array(
+					$adminLogin,
+					$passHash,
+					$adminEmail
+				), __FUNCTION__, __LINE__);
+		}
 
 		// All done
 		$ret = 'done';
@@ -133,12 +145,15 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) {
 		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash);
 
 		// If they both match, the login data is valid
-		if ($testHash == $passHash) {
+		if ($testHash != $passHash) {
+			// Passwords don't match
+			$ret = 'password';
+		} elseif (!isAdmin()) {
+			// Is not valid session
+			$ret = 'session';
+		} else {
 			// All fine
 			$ret = 'done';
-		} else {
-			// Set status
-			$ret = 'password';
 		}
 	} // END - if
 
@@ -442,6 +457,15 @@ ORDER BY
 
 	// Load all entries
 	while ($content = SQL_FETCHARRAY($result)) {
+		// Default is none
+		$content['default'] = '';
+
+		// Is the id the same?
+		if ($content['id'] == $adminId) {
+			// Set this as default
+			$content['default'] = ' selected="selected"';
+		} // END - if
+
 		// Add the entry
 		$OUT .= loadTemplate('select_admins_option', TRUE, $content);
 	} // END - if
@@ -483,7 +507,7 @@ ORDER BY
 	while ($content = SQL_FETCHARRAY($result)) {
 		//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'userid=' . intval($userid) . '/' . $content['userid']);
 		$OUT .= '<option value="' . bigintval($content['userid']) . '"';
-		if (bigintval($userid) === bigintval($content['userid'])) {
+		if (bigintval($userid, FALSE, FALSE) === bigintval($content['userid'])) {
 			$OUT .= ' selected="selected"';
 		} // END - if
 		$OUT .= '>' . $content['surname'] . ' ' . $content['family'] . ' (' . bigintval($content['userid']) . ')</option>';
@@ -559,9 +583,10 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
 	$skip = FALSE;
 
 	// Now, walk through all entries and prepare them for saving
+	//* BUG: */ reportBug(__FUNCTION__, __LINE__, '<pre>'.print_r(postRequestArray(), TRUE).'</pre>');
 	foreach ($postData as $id => $val) {
 		// Process only formular field but not submit buttons ;)
-		if ($id == 'ok') {
+		if ($id =='save_config') {
 			// Skip this button
 			continue;
 		} // END - if
@@ -577,8 +602,13 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
 				$val = convertCommaToDot($val);
 			} // END - if
 
-			// Shall we add numbers or strings?
+			// Test value on float
 			$test = (float) $val;
+
+			// Debug message
+			//* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'test=' . $test . ',val=' . $val . ',id=' . $id);
+
+			// Shall we add numbers or strings?
 			if ('' . $val . '' == '' . $test . '') {
 				// Add numbers
 				array_push($tableData, sprintf("`%s`=%s", $id, $test));
@@ -630,7 +660,7 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
 
 		// Add both in one line
 		$keys   = implode('`, `', $keys);
-		$values = implode(', ' , $values);
+		$values = implode(', '  , $values);
 
 		// Generate SQL string
 		$sql = sprintf("INSERT INTO `{?_MYSQL_PREFIX?}%s` (%s) VALUES (%s)",
@@ -653,7 +683,10 @@ function adminSaveSettings (&$postData, $tableName = '_config', $whereStatement
 	rebuildCache('config', 'config');
 
 	// Settings saved, so display message?
-	if ($displayMessage === TRUE) displayMessage('{--SETTINGS_SAVED--}');
+	if ($displayMessage === TRUE) {
+		// Display a message
+		displayMessage('{--SETTINGS_SAVED--}');
+	} // END - if
 
 	// Return affected rows
 	return $affected;
@@ -714,8 +747,8 @@ function generateUserProfileLink ($userid, $title = '', $what = '') {
 
 		// Is what set?
 		if (empty($what)) {
-			// Then get it
-			$what = getWhat();
+			// Then get it to 'list_user'
+			$what = 'list_user';
 		} // END - if
 
 		if (($title == '0') && ($what == 'list_refs')) {
@@ -844,9 +877,10 @@ function adminChangeActivationStatus ($IDs, $table, $row, $idRow = 'id') {
 }
 
 // Build a special template list
-function adminListBuilder ($listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId = array('userid')) {
+// @TODO cacheFiles is not yet supported
+function adminListBuilder ($listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId = array('userid'), $content = array()) {
 	// Call inner (general) function
-	doGenericListBuilder('admin', $listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId);
+	doGenericListBuilder('admin', $listType, $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId, $content);
 }
 
 // Change status of "build" list
@@ -946,7 +980,7 @@ function adminBuilderStatusHandler ($mode, $tableName, $columns, $filterFunction
 }
 
 // Delete rows by given id numbers
-function adminDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array()) {
+function adminDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $deleteNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array(), $content = array()) {
 	// $tableName must be an array
 	if ((!is_array($tableName)) || (count($tableName) != 1)) {
 		// No tableName specified
@@ -977,12 +1011,12 @@ function adminDeleteEntriesConfirm ($tableName, $columns = array(), $filterFunct
 		}
 	} else {
 		// List for deletion confirmation
-		adminListBuilder('delete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+		adminListBuilder('delete', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId, $content);
 	}
 }
 
 // Edit rows by given id numbers
-function adminEditEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $timeColumns = array(), $editNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array()) {
+function adminEditEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $timeColumns = array(), $editNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid'), $rawUserId = array('userid'), $cacheFiles = array(), $content = array()) {
 	// $tableName must be an array
 	if ((!is_array($tableName)) || (count($tableName) != 1)) {
 		// No tableName specified
@@ -1013,11 +1047,12 @@ function adminEditEntriesConfirm ($tableName, $columns = array(), $filterFunctio
 		}
 	} else {
 		// List for editing
-		adminListBuilder('edit', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn);
+		adminListBuilder('edit', $tableName, $columns, $filterFunctions, $extraValues, $idColumn, $userIdColumn, $rawUserId, $content);
 	}
 }
 
 // Un-/lock rows by given id numbers
+// @TODO rawUserId/content is not yet supported
 function adminLockEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $statusArray = array(), $lockNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid')) {
 	// $tableName must be an array
 	if ((!is_array($tableName)) || (count($tableName) != 1)) {
@@ -1042,6 +1077,7 @@ function adminLockEntriesConfirm ($tableName, $columns = array(), $filterFunctio
 }
 
 // Undelete rows by given id numbers
+// @TODO rawUserId/cacheFiles/content is not yet supported
 function adminUndeleteEntriesConfirm ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $statusArray = array(), $undeleteNow = array(FALSE), $idColumn = array('id'), $userIdColumn = array('userid')) {
 	// $tableName must be an array
 	if ((!is_array($tableName)) || (count($tableName) != 1)) {
@@ -1067,6 +1103,12 @@ function adminUndeleteEntriesConfirm ($tableName, $columns = array(), $filterFun
 
 // Adds a given entry to the database
 function adminAddEntries ($tableName, $columns = array(), $filterFunctions = array(), $extraValues = array(), $timeColumns = array(), $columnIndex = NULL) {
+	// Is the userid set?
+	if (!isPostRequestElementSet('userid')) {
+		// Then set NULL here
+		setPostRequestElement('userid', NULL);
+	} // END - if
+
 	// Call inner function
 	doGenericAddEntries($tableName, $columns, $filterFunctions, $extraValues, $timeColumns, $columnIndex);
 
@@ -1303,7 +1345,7 @@ function doVerifyExpertSettings () {
 			// Okay, does he want to see them?
 			if (isAdminsExpertWarningEnabled()) {
 				// Ask for them
-				if (isFormSent()) {
+				if (isFormSent('save_expert')) {
 					// Is the element set, then we need to change the admin
 					if (isPostRequestElementSet('expert_settings')) {
 						// Get it and prepare final post data array
@@ -1558,5 +1600,141 @@ function doAdminProcessMenuWeightning ($type, $AND) {
 	} // END - if
 }
 
+// Function to register first admin
+function registerFirstAdmin () {
+	// Make sure that no admin is registered
+	assert(!isAdminRegistered());
+
+	// Admin is not registered so we have to inform the user
+	if ((isFormSent('add_first_admin')) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password1')) || (strlen(postRequestElement('admin_password1')) < getConfig('minium_admin_pass_length')) || (!isPostRequestElementSet('admin_password2')) || (strlen(postRequestElement('admin_password2')) < getConfig('minium_admin_pass_length')) || (postRequestElement('admin_password1') != postRequestElement('admin_password2')))) {
+		setPostRequestElement('add_first_admin', '***');
+	} // END - if
+
+	// Clear error message
+	$errorMessage = '';
+	$ret = 'init';
+
+	// Is form for first admin sent?
+	if ((isFormSent('add_first_admin')) && (postRequestElement('add_first_admin') != '***')) {
+		// Hash the password with the old function because we are here in install mode
+		$hashedPass = md5(postRequestElement('admin_password1'));
+
+		// Kill maybe existing session variables
+		destroyAdminSession();
+
+		// Do registration
+		$ret = addAdminAccount(postRequestElement('admin_login'), $hashedPass, getWebmaster(), 'allow');
+
+		// Check if registration wents fine
+		switch ($ret) {
+			case 'done':
+				// Change ADMIN_REGISTERED entry
+				$done = changeDataInLocalConfigurationFile('ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0);
+
+				// Was it successfull?
+				if ($done === TRUE) {
+					// Registering is done
+					redirectToUrl('modules.php?module=admin&amp;register=done');
+				} else {
+					// Registration incomplete
+					$errorMessage = '{--ADMIN_CANNOT_COMPLETE--}';
+
+					// Set this to have our error message displayed
+					setPostRequestElement('add_first_admin', '***');
+				}
+				break;
+
+			case 'failed': // Registration has failed
+				$errorMessage = '{--ADMIN_REGISTER_FAILED--}';
+
+				// Set this to have our error message displayed
+				setPostRequestElement('add_first_admin', '***');
+				break;
+
+			case 'already': // Admin does already exists!
+				$errorMessage = '{--ADMIN_LOGIN_ALREADY_REG--}';
+
+				// Set this to have our error message displayed
+				setPostRequestElement('add_first_admin', '***');
+				break;
+
+			default:
+				// Any other kind will be logged
+				$errorMessage = sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret);
+				logDebugMessage(__FUNCTION__, __LINE__, $errorMessage);
+
+				// Set this to have our error message displayed
+				setPostRequestElement('add_first_admin', '***');
+				break;
+		} // END - switch
+	} // END - if
+
+	// Whas that action okay?
+	if ($ret != 'done') {
+		// Init login name
+		$content['admin_login'] = '';
+		if (isPostRequestElementSet('admin_login')) {
+			$content['admin_login'] = postRequestElement('admin_login');
+		} // END - if
+
+		// Init array elements
+		$content['login_message'] = '';
+		$content['password1_message'] = '';
+		$content['password2_message'] = '';
+		$content['error_message'] = '';
+
+		// Yet-another notice-fix
+		if ((isFormSent('add_first_admin')) && (postRequestElement('add_first_admin') == '***')) {
+			// Init variables
+			$loginMessage = '';
+			$password1Message = '';
+			$password2Message = '';
+
+			// No login entered?
+			if (empty($content['admin_login'])) {
+				$loginMessage = '{--ADMIN_NO_LOGIN--}';
+			} // END - if
+
+			// An error comes back from registration?
+			if ((!empty($ret)) && ($ret != 'init')) {
+				$loginMessage = $errorMessage;
+			} // END - if
+
+			// No password 1 entered or to short?
+			if (!isPostRequestElementSet('admin_password1')) {
+				$password1Message = '{--ADMIN_NO_PASSWORD1--}';
+			} elseif (strlen(postRequestElement('admin_password1')) < getConfig('minium_admin_pass_length')) {
+				$password1Message = '{--ADMIN_SHORT_PASSWORD1--}';
+			}
+
+			// No password 2 entered or to short?
+			if (!isPostRequestElementSet('admin_password2')) {
+				$password2Message = '{--ADMIN_NO_PASSWORD2--}';
+			} elseif (strlen(postRequestElement('admin_password2')) < getConfig('minium_admin_pass_length')) {
+				$password2Message = '{--ADMIN_SHORT_PASSWORD2--}';
+			}
+
+			// Both didn't match?
+			if (postRequestElement('admin_password1') != postRequestElement('admin_password2')) {
+				// No match
+				if (empty($password1Message)) $password1Message = '{--ADMIN_PASSWORD1_MISMATCH--}';
+				if (empty($password2Message)) $password2Message = '{--ADMIN_PASSWORD2_MISMATCH--}';
+			} // END - if
+
+			// Output error messages
+			$content['login_message'] = loadTemplate('admin_login_msg', TRUE, $loginMessage);
+			$content['password1_message'] = loadTemplate('admin_login_msg', TRUE, $password1Message);
+			$content['password2_message'] = loadTemplate('admin_login_msg', TRUE, $password2Message);
+			$content['error_message'] = loadTemplate('admin_login_msg', TRUE, $errorMessage);
+		} // END - if
+
+		// Output message in seperate template
+		displayMessage('{--ADMIN_ACCOUNT_NOT_REGISTERED_YET--}');
+
+		// Load register template
+		loadTemplate('admin_reg_form', FALSE, $content);
+	} // END - if
+}
+
 // [EOF]
 ?>