X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=69dc30b7c0d870dff917777cd8c67f08c4f26e3b;hb=5e7345f4959aacc2d5be0098f474770b483a0869;hp=fabb66504888bea817e944a75537a72334e8ef3e;hpb=bc72f913ef9ef26f4103d3deddb4d8be5337a1e5;p=mailer.git diff --git a/inc/modules/admin.php b/inc/modules/admin.php index fabb665048..69dc30b7c0 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -14,11 +14,10 @@ * $Date:: $ * * $Tag:: 0.2.1-FINAL $ * * $Author:: $ * - * Needs to be in all Files and every File needs "svn propset * - * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * For more information visit: http://www.mxchange.org * + * Copyright (c) 2009 - 2012 by Mailer Developer Team * + * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * @@ -38,14 +37,14 @@ // Some security stuff... if (!defined('__SECURITY')) { - die(); + exit(); } // END - if // Load include file loadIncludeOnce('inc/modules/admin/admin-inc.php'); // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!) -fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last')); +fixDeletedCookies(array('admin_id', 'admin_md5', 'admin_last')); // Init return value $ret = 'init'; @@ -53,43 +52,63 @@ $ret = 'init'; // Is no admin registered? if (!isAdminRegistered()) { // Admin is not registered so we have to inform the user - if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass1')) || (strlen(postRequestElement('pass1')) < 4) || (!isPostRequestElementSet('pass2')) || (strlen(postRequestElement('pass2')) < 4) || (postRequestElement('pass1') != postRequestElement('pass2')))) { + if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_pass1')) || (strlen(postRequestElement('admin_pass1')) < getConfig('minium_admin_pass_length')) || (!isPostRequestElementSet('admin_pass2')) || (strlen(postRequestElement('admin_pass2')) < getConfig('minium_admin_pass_length')) || (postRequestElement('admin_pass1') != postRequestElement('admin_pass2')))) { setPostRequestElement('ok', '***'); } // END - if + // Clear error message + $errorMessage = ''; + if ((isFormSent()) && (postRequestElement('ok') != '***')) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5(postRequestElement('pass1')); + $hashedPass = md5(postRequestElement('admin_pass1')); // Kill maybe existing session variables - destroyAdminSession(false); + destroyAdminSession(); // Do registration - $ret = addAdminAccount(postRequestElement('login'), $hashedPass, getConfig('WEBMASTER')); + $ret = addAdminAccount(postRequestElement('admin_login'), $hashedPass, getWebmaster()); // Check if registration wents fine switch ($ret) { case 'done': - $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); - if ($done === true) { + // Change ADMIN_REGISTERED entry + $done = changeDataInLocalConfigurationFile('ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); + + // Was it successfull? + if ($done === TRUE) { // Registering is done redirectToUrl('modules.php?module=admin&register=done'); } else { - $ret = getMessage('ADMIN_CANNOT_COMPLETE'); + // Registration incomplete + $errorMessage = '{--ADMIN_CANNOT_COMPLETE--}'; + + // Set this to have our error message displayed + setPostRequestElement('ok', '***'); } break; case 'failed': // Registration has failed - $ret = getMessage('ADMIN_REGISTER_FAILED'); + $errorMessage = '{--ADMIN_REGISTER_FAILED--}'; + + // Set this to have our error message displayed + setPostRequestElement('ok', '***'); break; case 'already': // Admin does already exists! - $ret = getMessage('ADMIN_LOGIN_ALREADY_REG'); + $errorMessage = '{--ADMIN_LOGIN_ALREADY_REG--}'; + + // Set this to have our error message displayed + setPostRequestElement('ok', '***'); break; default: // Any other kind will be logged - logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret)); + $errorMessage = sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret); + logDebugMessage(__FILE__, __LINE__, $errorMessage); + + // Set this to have our error message displayed + setPostRequestElement('ok', '***'); break; } // END - switch } // END - if @@ -97,146 +116,148 @@ if (!isAdminRegistered()) { // Whas that action okay? if ($ret != 'done') { // Init login name - $content['login'] = ''; - if (isPostRequestElementSet('login')) { - $content['login'] = postRequestElement('login'); + $content['admin_login'] = ''; + if (isPostRequestElementSet('admin_login')) { + $content['admin_login'] = postRequestElement('admin_login'); } // END - if // Init array elements - $content['login_message'] = ''; - $content['pass1_message'] = ''; - $content['pass2_message'] = ''; + $content['login_message'] = ''; + $content['pass1_message'] = ''; + $content['pass2_message'] = ''; + $content['error_message'] = ''; // Yet-another notice-fix - if ((isFormSent()) && (postRequestElement('ok') == '***')) { + if ((isFormSent('add_first_admin')) && (postRequestElement('ok') == '***')) { // Init variables $loginMessage = ''; $pass1Message = ''; $pass2Message = ''; // No login entered? - if (empty($content['login'])) $loginMessage = getMessage('ADMIN_NO_LOGIN'); + if (empty($content['admin_login'])) { + $loginMessage = '{--ADMIN_NO_LOGIN--}'; + } // END - if // An error comes back from registration? - if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $ret; + if ((!empty($ret)) && ($ret != 'init')) { + $loginMessage = $errorMessage; + } // END - if // No password 1 entered or to short? - if (!isPostRequestElementSet('pass1')) $pass1Message = getMessage('ADMIN_NO_PASS1'); - elseif (strlen(postRequestElement('pass1')) < 4) $pass1Message = getMessage('ADMIN_SHORT_PASS1'); + if (!isPostRequestElementSet('admin_pass1')) { + $pass1Message = '{--ADMIN_NO_PASSWORD1--}'; + } elseif (strlen(postRequestElement('admin_pass1')) < getConfig('minium_admin_pass_length')) { + $pass1Message = '{--ADMIN_SHORT_PASSWORD1--}'; + } // No password 2 entered or to short? - if (!isPostRequestElementSet('pass2')) $pass2Message = getMessage('ADMIN_NO_PASS2'); - elseif (strlen(postRequestElement('pass2')) < 4) $pass2Message = getMessage('ADMIN_SHORT_PASS2'); + if (!isPostRequestElementSet('admin_pass2')) { + $pass2Message = '{--ADMIN_NO_PASSWORD2--}'; + } elseif (strlen(postRequestElement('admin_pass2')) < getConfig('minium_admin_pass_length')) { + $pass2Message = '{--ADMIN_SHORT_PASSWORD2--}'; + } // Both didn't match? - if (postRequestElement('pass1') != postRequestElement('pass2')) { + if (postRequestElement('admin_pass1') != postRequestElement('admin_pass2')) { // No match - if (empty($pass1Message)) $pass1Message = getMessage('ADMIN_PASS1_MISMATCH'); - if (empty($pass2Message)) $pass2Message = getMessage('ADMIN_PASS2_MISMATCH'); + if (empty($pass1Message)) $pass1Message = '{--ADMIN_PASSWORD1_MISMATCH--}'; + if (empty($pass2Message)) $pass2Message = '{--ADMIN_PASSWORD2_MISMATCH--}'; } // END - if // Output error messages - $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); - $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message); - $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message); + $content['login_message'] = loadTemplate('admin_login_msg', TRUE, $loginMessage); + $content['pass1_message'] = loadTemplate('admin_login_msg', TRUE, $pass1Message); + $content['pass2_message'] = loadTemplate('admin_login_msg', TRUE, $pass2Message); + $content['error_message'] = loadTemplate('admin_login_msg', TRUE, $errorMessage); } // END - if // Output message in seperate template - loadTemplate('admin_settings_saved', false, getMessage('ADMIN_NOT_REGISTERED')); + displayMessage('{--ADMIN_ACCOUNT_NOT_REGISTERED_YET--}'); // Load register template - loadTemplate('admin_reg_form', false, $content); - } + loadTemplate('admin_reg_form', FALSE, $content); + } // END - if } elseif (isGetRequestElementSet('reset_pass')) { // Is the form submitted? if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) { // Output result - loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestElement('email'))); + displayMessage(sendAdminPasswordResetLink(postRequestElement('email'))); } elseif (isGetRequestElementSet('hash')) { // Output form for hash validation - loadTemplate('admin_validate_reset_hash_form', false, getRequestElement('hash')); - } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('hash'))) { + loadTemplate('admin_validate_reset_hash_form', FALSE, getRequestElement('hash')); + } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('hash'))) { // Validate the login data and hash - $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login')); + $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login')); // Valid? - if ($valid === true) { + if ($valid === TRUE) { // Prepare content first $content = array( - 'hash' => secureString(postRequestElement('hash')), - 'login' => secureString(postRequestElement('login')) + 'hash' => postRequestElement('hash'), + 'admin_login' => postRequestElement('admin_login') ); // Validation okay so display form for final password change - loadTemplate('admin_reset_password_form', false, $content); + loadTemplate('admin_reset_password_form', FALSE, $content); } else { // Cannot validate the login data and hash - loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); + displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}'); } - } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('pass1')) && (postRequestElement('pass1') == postRequestElement('pass2'))) { + } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('admin_pass1')) && (postRequestElement('admin_pass1') == postRequestElement('admin_pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'))) { + if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'))) { // Output result - loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestElement('login'), postRequestElement('pass1'))); + loadTemplate('admin_reset_password_done', FALSE, doResetAdminPassword(postRequestElement('admin_login'), postRequestElement('admin_pass1'))); } else { // Validation failed - loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2')); + displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}'); } } else { // Output reset password form - loadTemplate('admin_send_reset_link'); + loadTemplate('admin_reset_password_send_link'); } -} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) { +} elseif ((!isSessionVariableSet('admin_id')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) { // At leat one administrator account was created - if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) { + if ((isSessionVariableSet('admin_id')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) { // Timeout for last login, we have to logout first! redirectToUrl('modules.php?module=admin&logout=1'); } // END - if if (isGetRequestElementSet('register')) { // Registration of first admin is done - if (getRequestElement('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE')); + if (getRequestElement('register') == 'done') { + // Regisration done! + displayMessage('{--ADMIN_REGISTER_DONE--}'); + } // END - if } // END - if // Check if the admin has submitted data or not - if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass')) || (strlen(postRequestElement('pass')) < 4))) { - setPostRequestElement('ok', '***'); + if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password')) || (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')))) { + setPostRequestElement('login', '***'); } // END - if - if ((isFormSent()) && (postRequestElement('ok') != '***')) { + if ((isFormSent('login')) && (postRequestElement('login') != '***')) { // All required data was entered so we check his account - $ret = ifAdminLoginDataIsValid(postRequestElement('login'), postRequestElement('pass')); + $ret = ifAdminLoginDataIsValid(postRequestElement('admin_login'), postRequestElement('admin_password')); // Which status do we have? switch ($ret) { case 'done': // Admin and password are okay, so we log in now - // Construct URL and redirect - $URL = 'modules.php?module=admin&'; - - // Rewrite overview module - if (getWhat() == 'overview') { - setAction(getModeAction(getModule(), getWhat())); - } // END - if - - // Add data to URL - if (isWhatSet()) $URL .= 'what='.getWhat(); - elseif (isActionSet()) $URL .= 'action='.getAction(); - elseif (isGetRequestElementSet('area')) $URL .= 'area='.getRequestElement('area'); - - // Load URL - redirectToUrl($URL); - break; + // Load URL + redirectToUrl('modules.php?' . addAllGetRequestParameters()); + break; case '404': // Administrator login not found - setPostRequestElement('ok', $ret); - $ret = getMaskedMessage('ADMIN_404', postRequestElement('login')); - destroyAdminSession(); + setPostRequestElement('login', $ret); + $ret = '{%message,ADMIN_ACCOUNT_404=' . postRequestElement('admin_login') . '%}'; + destroyAdminSession(TRUE); break; - case 'pass': // Wrong password - setPostRequestElement('ok', $ret); + case 'password': // Wrong password + setPostRequestElement('login', $ret); $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; - destroyAdminSession(); + destroyAdminSession(TRUE); break; default: // Others will be logged @@ -247,65 +268,59 @@ if (!isAdminRegistered()) { // Error detected? if ($ret != 'done') { - $content['login'] = ''; - if (isPostRequestElementSet('login')) { - $content['login'] = postRequestElement('login'); + $content['admin_login'] = ''; + if (isPostRequestElementSet('admin_login')) { + $content['admin_login'] = postRequestElement('admin_login'); } // END - if // Init array elements $content['login_message'] = ''; $content['pass_message'] = ''; - if (isFormSent()) { + if (isFormSent('login')) { // Set messages to zero - $loginMessage = ''; $passwdMessage = ''; - - // No login entered? - if (!isPostRequestElementSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); - - // An error comes back from login? - if ((!empty($ret)) && (postRequestElement('ok') == '404')) $loginMessage = $ret; - - // No password entered? - if (!isPostRequestElementSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS'); - - // Or password too short? - if (strlen(postRequestElement('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); + $loginMessage = ''; + $passwdMessage = ''; + + // Check for login + if (!isPostRequestElementSet('admin_login')) { + // No login entered? + $loginMessage = '{--ADMIN_NO_LOGIN--}'; + } elseif ((!empty($ret)) && (postRequestElement('login') == '404')) { + // An error comes back from login? + $loginMessage = $ret; + } - // An error comes back from login? - if ((!empty($ret)) && (postRequestElement('ok') == 'pass')) $passwdMessage = $ret; + // Check for password + if (!isPostRequestElementSet('admin_password')) { + // No password entered? + $passwdMessage = '{--ADMIN_NO_PASS--}'; + } elseif (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')) { + // Or password too short? + $passwdMessage = '{--ADMIN_SHORT_PASS--}'; + } elseif ((!empty($ret)) && (postRequestElement('login') == 'password')) { + // An error comes back from login? + $passwdMessage = $ret; + } - // Load message template - $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); - $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); + // Load message templates if the messages have been set + if (!empty($loginMessage)) { + $content['login_message'] = loadTemplate('admin_login_msg', TRUE, $loginMessage); + } // END - if + if (!empty($passwdMessage)) { + $content['pass_message'] = loadTemplate('admin_login_msg', TRUE, $passwdMessage); + } // END - if } // END - if - // Load login form - if (isWhatSet()) { - // Restore old what value - $content = merge_array($content, array('target' => 'what', 'value' => getWhat())); - } elseif (isActionSet()) { - if (getAction() != 'logout') { - // Restore old action value - $content = merge_array($content, array('target' => 'action', 'value' => getAction())); - } else { - // Set default values - $content = merge_array($content, array('target' => 'action', 'value' => 'login')); - } - } elseif (isGetRequestElementSet('area')) { - // Restore old area value - $content = merge_array($content, array('target' => 'area', 'value' => getRequestElement('area'))); - } else { - // Set default values - $content = merge_array($content, array('target' => 'action', 'value' => 'login')); - } + // Add all parameter + $content['all_parameter'] = addAllGetRequestParameters(); // Load login form template - loadTemplate('admin_login_form', false, $content); + loadTemplate('admin_login_form', FALSE, $content); } // END - if } elseif (isGetRequestElementSet('logout')) { // Only try to remove cookies - if (destroyAdminSession()) { + if (destroyAdminSession(TRUE)) { // Load logout template if (isGetRequestElementSet('register')) { // Secure input @@ -325,14 +340,14 @@ if (!isAdminRegistered()) { } } else { // Something went wrong here... - loadTemplate('admin_settings_saved', false, '
{--ADMIN_LOGOUT_FAILED--}
'); + loadTemplate('admin_settings_unsaved', FALSE, '{--ADMIN_LOGOUT_FAILED--}'); // Add fatal message - addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS')); + addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}'); } } else { // Maybe an Admin want's to login? - $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5')); + $ret = ifAdminCookiesAreValid(getCurrentAdminId(), getAdminMd5()); // Check status switch ($ret) { @@ -340,39 +355,38 @@ if (!isAdminRegistered()) { // Check for access control line of current menu entry runFilterChain('check_admin_acl'); - // When type of admin menu is not set fallback to old menu system - if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD'); - // Check for version and switch between old menu system and new intelligent menu system - if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) { - // Default area is the entrance, of course - $area = 'entrance'; + if (adminGetMenuMode() == 'NEW') { + // Load include for admin AJAX + loadIncludeOnce('inc/ajax/ajax_admin.php'); - // Check for similar URL variable - if (isGetRequestElementSet('area')) $area = getRequestElement('area'); - - // Load logical-area menu-system file - loadIncludeOnce('inc/modules/admin/lasys-inc.php'); - - // Create new-style menu system will logical areas - doAdminLogicalArea($area, $action, getWhat()); + // Load main template + loadTemplate('admin_ajax_main'); } else { - // This little call constructs the whole default old and lacky menu system - // on left side. It also renders the content on right side + /* + * This little call constructs the whole default old and lacky menu system + * on left side. It also renders the content on right side + */ doAdminAction(); } break; case '404': // Administrator login not found - setPostRequestElement('ok', $ret); - loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_404', getSession('admin_login'))); - destroyAdminSession(); + setPostRequestElement('login', $ret); + displayMessage('{%message,ADMIN_ACCOUNT_404=' . getCurrentAdminId() . '%}'); + destroyAdminSession(TRUE); + break; + + case 'password': // Wrong password + setPostRequestElement('login', $ret); + displayMessage('{--WRONG_PASS--}'); + destroyAdminSession(TRUE); break; - case 'pass': // Wrong password - setPostRequestElement('ok', $ret); - loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS')); - destroyAdminSession(); + case 'session': // Invalid admin session + setPostRequestElement('login', $ret); + displayMessage('{--INVALID_ADMIN_SESSION--}'); + destroyAdminSession(TRUE); break; default: // Others will be logged