X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=8e583b643686f84c4c268eb5eddcc8fb45215eb1;hb=7f104f6fe558bb56b4205241435a2357c2feece1;hp=2c3dffea5de11a272b5ec64479ecffef55512608;hpb=51d65692668408a44920ce069a37c5fa4f5ba257;p=mailer.git
diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 2c3dffea5d..8e583b6436 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -67,7 +67,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
$data = array();
// Is the cache valid?
- if (!empty($cacheArray['admins']['aid'][$admin_login])) {
+ if (!empty($cacheArray['admins']['password'][$admin_login])) {
// Get password from cache
$data['password'] = $cacheArray['admins']['password'][$admin_login];
$ret = "pass";
@@ -79,7 +79,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
$data['login_failtures'] = $cacheArray['admins']['login_failtures'][$admin_login];
$data['last_failture'] = $cacheArray['admins']['last_failture'][$admin_login];
} // END - if
- } elseif (GET_EXT_VERSION("cache") == "") {
+ } elseif (EXT_IS_ACTIVE("cache")) {
$ADD = "";
if (GET_EXT_VERSION("admins") >= "0.7.0") {
// Load them here
@@ -122,7 +122,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
// Check if password is same
//* DEBUG: */ echo "*".$ret.",".$data['password'].",".$password.",".$salt."*
\n";
- if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && (!empty($salt))) {
+ if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) {
// Re-hash the plain passord with new random salt
$data['password'] = generateHash($password);
@@ -211,28 +211,12 @@ function LOGIN_ADMIN ($adminLogin, $passHash) {
function CHECK_ADMIN_COOKIES ($admin_login, $password) {
global $cacheArray, $_CONFIG;
$ret = "404"; $pass = "";
- if (!empty($cacheArray['admins']['aid'][$admin_login])) {
- // Get password from cache
- $pass = $cacheArray['admins']['password'][$admin_login];
- $ret = "pass";
- $_CONFIG['cache_hits']++;
- } elseif (GET_EXT_VERSION("cache") == "") {
- // Get password from DB
- $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
- array($admin_login), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1) {
- // Entry found
- $ret = "pass";
- // Fetch password
- list($pass) = SQL_FETCHROW($result);
- }
+ // Get hash
+ $pass = GET_ADMIN_HASH($admin_login);
+ if ($pass != "-1") $ret = "pass";
- // Free result
- SQL_FREERESULT($result);
- }
-
- //* DEBUG: */ echo __FUNCTION__.":".generatePassString($pass)."(".strlen($pass).")/".$password."(".strlen($password).")
\n";
+ //* DEBUG: */ print __FUNCTION__."(".__LINE__."):".generatePassString($pass)."(".strlen($pass).")/".$password."(".strlen($password).")
\n";
// Check if password matches
if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {
@@ -314,24 +298,20 @@ function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
}
//
-function ADMIN_DO_ACTION($wht)
-{
+function ADMIN_DO_ACTION($wht) {
global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $DATA, $DEPTH;
+
//* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*
\n";
- if (EXT_IS_ACTIVE("cache"))
- {
+ if (EXT_IS_ACTIVE("cache")) {
// Include cache instance
global $cacheInstance;
}
// Remove any spaces from variable
- if (empty($wht))
- {
+ if (empty($wht)) {
// Default admin action is the overview page
$wht = "overview";
- }
- else
- {
+ } else {
// Compile out some chars
$wht = COMPILE_CODE($wht, false, false, false);
}
@@ -356,29 +336,21 @@ function ADMIN_DO_ACTION($wht)
LOAD_TEMPLATE("admin_main_header");
// Check if action/what pair is valid
- $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu
+ $result_action = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admin_menu
WHERE action='%s' AND ((what='%s' AND what != 'overview') OR ((what='' OR what IS NULL) AND '%s'='overview'))
LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
- // Free memory
- SQL_FREERESULT($result);
+ if (SQL_NUMROWS($result_action) == 1) {
// Is valid but does the inlcude file exists?
$INC = sprintf("%sinc/modules/admin/action-%s.php", PATH, $act);
- if ((FILE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true))
- {
+ if ((FILE_READABLE($INC)) && (VALIDATE_MENU_ACTION("admin", $act, $wht)) && (__ACL_ALLOW == true)) {
// Ok, we finally load the admin action module
include($INC);
- }
- elseif (__ACL_ALLOW == false)
- {
+ } elseif (__ACL_ALLOW == false) {
// Access denied
LOAD_TEMPLATE("admin_menu_failed", false, ADMINS_ACCESS_DENIED);
ADD_FATAL(ADMINS_ACCESS_DENIED);
- }
- else
- {
+ } else {
// Include file not found! :-(
LOAD_TEMPLATE("admin_menu_failed", false, ADMIN_404_ACTION);
ADD_FATAL(ADMIN_404_ACTION_1.$act.ADMIN_404_ACTION_2);
@@ -389,6 +361,9 @@ LIMIT 1", array($act, $wht, $wht), __FILE__, __LINE__);
ADD_FATAL(ADMIN_INVALID_ACTION_1.$act."/".$wht.ADMIN_INVALID_ACTION_2);
}
+ // Free memory
+ SQL_FREERESULT($result_action);
+
// Tableset footer
LOAD_TEMPLATE("admin_main_footer");
}