X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=761d9181aa0a6ab11251c6a1374f0af26ac73ff6;hb=9fb328e0aa7cd605f2f89e85640815da300a9eb2;hp=1c58a7b53eadfbce3112962e32662bf2016feb8b;hpb=8454545089b9b77695498cd855cf50075151d957;p=mailer.git
diff --git a/inc/modules/admin.php b/inc/modules/admin.php
index 1c58a7b53e..761d9181aa 100644
--- a/inc/modules/admin.php
+++ b/inc/modules/admin.php
@@ -1,7 +1,7 @@
SQL_ESCAPE($_POST['hash']),
- 'login' => SQL_ESCAPE($_POST['login'])
+ 'hash' => postRequestElement('hash'),
+ 'admin_login' => postRequestElement('admin_login')
);
// Validation okay so display form for final password change
- LOAD_TEMPLATE("admin_reset_password_form", false, $content);
+ loadTemplate('admin_reset_password_form', FALSE, $content);
} else {
// Cannot validate the login data and hash
- LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED);
+ displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}');
}
- } elseif ((isset($_POST['reset_pass'])) && (!empty($_POST['hash'])) && (!empty($_POST['login'])) && (!empty($_POST['pass1'])) && ($_POST['pass1'] == $_POST['pass2'])) {
+ } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('admin_pass1')) && (postRequestElement('admin_pass1') == postRequestElement('admin_pass2'))) {
// Okay, we shall the admin password here. So first revalidate the hash
- if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login'])) {
- // Set the password now
- $OUT = ADMIN_RESET_PASSWORD($_POST['login'], $_POST['pass1']);
-
+ if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'))) {
// Output result
- LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT);
+ loadTemplate('admin_reset_password_done', FALSE, doResetAdminPassword(postRequestElement('admin_login'), postRequestElement('admin_pass1')));
} else {
// Validation failed
- LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2);
+ displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}');
}
} else {
// Output reset password form
- LOAD_TEMPLATE("admin_send_reset_link");
+ loadTemplate('admin_reset_password_send_link');
}
-} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((get_session('admin_last') + bigintval(get_session('admin_to')) * 3600 * 24) < time())) {
+} elseif ((!isSessionVariableSet('admin_id')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
// At leat one administrator account was created
- if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) {
+ if ((isSessionVariableSet('admin_id')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
// Timeout for last login, we have to logout first!
- LOAD_URL(URL."/modules.php?module=admin&action=login&logout=1");
+ redirectToUrl('modules.php?module=admin&logout=1');
} // END - if
- if (!empty($_GET['register'])) {
+ if (isGetRequestElementSet('register')) {
// Registration of first admin is done
- if ($_GET['register'] == "done") OUTPUT_HTML("".ADMIN_REGISTER_DONE."");
+ if (getRequestElement('register') == 'done') {
+ // Regisration done!
+ displayMessage('{--ADMIN_REGISTER_DONE--}');
+ } // END - if
} // END - if
// Check if the admin has submitted data or not
- $ret = "";
- if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
- if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
+ if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password')) || (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')))) {
+ setPostRequestElement('login', '***');
+ } // END - if
+
+ if ((isFormSent('login')) && (postRequestElement('login') != '***')) {
// All required data was entered so we check his account
- $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']);
+ $ret = ifAdminLoginDataIsValid(postRequestElement('admin_login'), postRequestElement('admin_password'));
// Which status do we have?
- switch ($ret)
- {
- case "done": // Admin and password are okay, so we log in now
- // Construct URL and redirect
- $URL = URL."/modules.php?module=admin&";
-
- // Rewrite overview module
- if ($GLOBALS['what'] == "overview") {
- $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']);
- } // END - if
-
- // Add data to URL
- if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
- elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
- elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
-
- // Load URL
- LOAD_URL($URL);
- break;
-
- case "404": // Administrator login not found
- $_POST['ok'] = $ret;
- $ret = ADMIN_NOT_FOUND;
- DESTROY_ADMIN_SESSION();
- break;
-
- case "pass": // Wrong password
- $_POST['ok'] = $ret;
- $ret = WRONG_PASS." [".ADMIN_RESET_PASS."]\n";
- DESTROY_ADMIN_SESSION();
- break;
+ switch ($ret) {
+ case 'done': // Admin and password are okay, so we log in now
+ // Load URL
+ redirectToUrl('modules.php?' . addAllGetRequestParameters());
+ break;
+
+ case '404': // Administrator login not found
+ setPostRequestElement('login', $ret);
+ $ret = '{%message,ADMIN_ACCOUNT_404=' . postRequestElement('admin_login') . '%}';
+ destroyAdminSession();
+ break;
+
+ case 'password': // Wrong password
+ setPostRequestElement('login', $ret);
+ $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]';
+ destroyAdminSession();
+ break;
+
+ default: // Others will be logged
+ logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
+ break;
} // END - switch
} // END - if
// Error detected?
- if ($ret != "done") {
- if (!empty($_POST['login'])) {
- define('__LOGIN_VALUE', $_POST['login']);
- } else {
- define('__LOGIN_VALUE', "");
- }
+ if ($ret != 'done') {
+ $content['admin_login'] = '';
+ if (isPostRequestElementSet('admin_login')) {
+ $content['admin_login'] = postRequestElement('admin_login');
+ } // END - if
- if (isset($_POST['ok'])) {
- // Set messages to zero
- $MSG1 = ""; $MSG2 = "";
-
- // No login entered?
- if (empty($_POST['login'])) $MSG1 = ADMIN_NO_LOGIN;
-
- // An error comes back from login?
- if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret;
-
- // No password entered?
- if (empty($_POST['pass'])) $MSG2 = ADMIN_NO_PASS;
+ // Init array elements
+ $content['login_message'] = '';
+ $content['pass_message'] = '';
- // Or password too short?
- if (strlen($_POST['pass']) < 4) $MSG2 = ADMIN_SHORT_PASS;
-
- // An error comes back from login?
- if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret;
+ if (isFormSent('login')) {
+ // Set messages to zero
+ $loginMessage = '';
+ $passwdMessage = '';
+
+ // Check for login
+ if (!isPostRequestElementSet('admin_login')) {
+ // No login entered?
+ $loginMessage = '{--ADMIN_NO_LOGIN--}';
+ } elseif ((!empty($ret)) && (postRequestElement('login') == '404')) {
+ // An error comes back from login?
+ $loginMessage = $ret;
+ }
- // Load message template
- define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
- define('__MSG_PASS' , LOAD_TEMPLATE("admin_login_msg", true, $MSG2));
+ // Check for password
+ if (!isPostRequestElementSet('admin_password')) {
+ // No password entered?
+ $passwdMessage = '{--ADMIN_NO_PASS--}';
+ } elseif (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')) {
+ // Or password too short?
+ $passwdMessage = '{--ADMIN_SHORT_PASS--}';
+ } elseif ((!empty($ret)) && (postRequestElement('login') == 'password')) {
+ // An error comes back from login?
+ $passwdMessage = $ret;
+ }
- // Reset variables
- $MSG1 = ""; $MSG2 = "";
- } else {
- // Set constants to empty for hiding them
- define('__MSG_LOGIN', "");
- define('__MSG_PASS' , "");
- }
+ // Load message templates if the messages have been set
+ if (!empty($loginMessage)) {
+ $content['login_message'] = loadTemplate('admin_login_msg', TRUE, $loginMessage);
+ } // END - if
+ if (!empty($passwdMessage)) {
+ $content['pass_message'] = loadTemplate('admin_login_msg', TRUE, $passwdMessage);
+ } // END - if
+ } // END - if
- // Load login form
- if (!empty($GLOBALS['what'])) {
- // Restore old what value
- $content = array('target' => "what", 'value' => $GLOBALS['what']);
- } elseif (!empty($GLOBALS['action'])) {
- if ($GLOBALS['action'] != "logout") {
- // Restore old action value
- $content = array('target' => "action", 'value' => $GLOBALS['action']);
- } else {
- // Set default values
- $content = array('target' => "action", 'value' => "login");
- }
- } elseif (!empty($_GET['area'])) {
- // Restore old area value
- $content = array('target' => "area", 'value' => $_GET['area']);
- } else {
- // Set default values
- $content = array('target' => "action", 'value' => "login");
- }
+ // Add all parameter
+ $content['all_parameter'] = addAllGetRequestParameters();
// Load login form template
- LOAD_TEMPLATE("admin_login_form", false, $content);
+ loadTemplate('admin_login_form', FALSE, $content);
} // END - if
-} elseif (isset($_GET['logout'])) {
+} elseif (isGetRequestElementSet('logout')) {
// Only try to remove cookies
- if (DESTROY_ADMIN_SESSION()) {
+ if (destroyAdminSession()) {
// Load logout template
- if (isset($_GET['register'])) {
+ if (isGetRequestElementSet('register')) {
// Secure input
- $register = SQL_ESCAPE($_GET['register']);
+ $register = getRequestElement('register');
// Special logout redirect for installation of given extension
- LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
- } elseif (isset($_GET['remove'])) {
+ loadTemplate(sprintf("admin_logout_%s_install", $register));
+ } elseif (isGetRequestElementSet('remove')) {
// Secure input
- $remove = SQL_ESCAPE($_GET['remove']);
+ $remove = getRequestElement('remove');
// Special logout redirect for removal of given extension
- LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
+ loadTemplate(sprintf("admin_logout_%s_remove", $remove));
} else {
// Logged out normally
- LOAD_TEMPLATE("admin_logout");
+ loadTemplate('admin_logout');
}
} else {
// Something went wrong here...
- OUTPUT_HTML("".ADMIN_LOGOUT_FAILED."");
+ loadTemplate('admin_settings_unsaved', FALSE, '{--ADMIN_LOGOUT_FAILED--}');
// Add fatal message
- ADD_FATAL(CANNOT_UNREG_SESS);
+ addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}');
}
} else {
// Maybe an Admin want's to login?
- $ret = CHECK_ADMIN_COOKIES(get_session('admin_login'), get_session('admin_md5'));
- switch ($ret)
- {
- case "done":
- // Cookie-Data accepted
- if ((set_session("admin_md5", get_session('admin_md5'))) && (set_session("admin_login", get_session('admin_login'))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) {
- // Ok, Cookie-Update done
+ $ret = ifAdminCookiesAreValid(getCurrentAdminId(), getAdminMd5());
+
+ // Check status
+ switch ($ret) {
+ case 'done':
// Check for access control line of current menu entry
- define('__ACL_ALLOW', RUN_FILTER('check_admin_acl'));
+ runFilterChain('check_admin_acl');
- // When type of admin menu is not set fallback to old menu system
- if (getConfig('admin_menu') == null) $_CONFIG['admin_menu'] = "OLD";
+ // Check for version and switch between old menu system and new intelligent menu system
+ if (adminGetMenuMode() == 'NEW') {
+ // Load include for admin AJAX
+ loadIncludeOnce('inc/ajax/ajax_admin.php');
- // Check for version and switch between old menu system and new "intelligent menu system"
- if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (FILE_READABLE(PATH."inc/modules/admin/lasys-inc.php"))) {
- // Default area is the entrance, of course
- $area = "entrance";
+ // Load main template
+ loadTemplate('admin_ajax_main');
+ } else {
+ /*
+ * This little call constructs the whole default old and lacky menu system
+ * on left side. It also renders the content on right side
+ */
+ doAdminAction();
+ }
+ break;
- // Check for similar URL variable
- if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']);
+ case '404': // Administrator login not found
+ setPostRequestElement('login', $ret);
+ displayMessage('{%message,ADMIN_ACCOUNT_404=' . getCurrentAdminId() . '%}');
+ destroyAdminSession();
+ break;
- // Load "logical-area menu-system" file
- require_once(PATH."inc/modules/admin/lasys-inc.php");
+ case 'password': // Wrong password
+ setPostRequestElement('login', $ret);
+ displayMessage('{--WRONG_PASS--}');
+ destroyAdminSession();
+ break;
- // Create new-style menu system will "logical areas"
- ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']);
- } else {
- // This little call constructs the whole default old and lacky menu system
- // on left side
- ADMIN_DO_ACTION($GLOBALS['what']);
- }
- } else {
- // Login failed (cookies enabled?)
- OUTPUT_HTML("".ADMIN_LOGIN_FAILED."");
- ADD_FATAL(CANNOT_RE_REGISTER_SESS);
- }
- break;
-
- case "404": // Administrator login not found
- $_POST['ok'] = $ret;
- DESTROY_ADMIN_SESSION();
- ADD_FATAL(ADMIN_NOT_FOUND);
- break;
-
- case "pass": // Wrong password
- $_POST['ok'] = $ret;
- DESTROY_ADMIN_SESSION();
- ADD_FATAL(WRONG_PASS);
- break;
- }
+ default: // Others will be logged
+ logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));
+ break;
+ } // END - switch
}
-//
+// [EOF]
?>