X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=d1a728404623e9749c220cc68a2cd073c92bbe8b;hb=63f159414369b5ea19a8ca75d8cd8033c45d8341;hp=5719f09af05de6b5cf520e50e5314fadf848cd50;hpb=75ad748a68473ace540251427a74fb781b1145e9;p=mailer.git
diff --git a/inc/modules/admin.php b/inc/modules/admin.php
index 5719f09af0..b9578683dd 100644
--- a/inc/modules/admin.php
+++ b/inc/modules/admin.php
@@ -1,7 +1,7 @@
postRequestElement('hash'),
+ 'admin_login' => postRequestElement('admin_login')
+ );
+
+ // Validation okay so display form for final password change
+ loadTemplate('admin_reset_password_form', false, $content);
+ } else {
+ // Cannot validate the login data and hash
+ displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}');
+ }
+ } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('admin_pass1')) && (postRequestElement('admin_pass1') == postRequestElement('admin_pass2'))) {
+ // Okay, we shall the admin password here. So first revalidate the hash
+ if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'))) {
+ // Output result
+ loadTemplate('admin_reset_password_done', false, doResetAdminPassword(postRequestElement('admin_login'), postRequestElement('admin_pass1')));
+ } else {
+ // Validation failed
+ displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}');
+ }
+ } else {
+ // Output reset password form
+ loadTemplate('admin_reset_password_send_link');
}
-}
- elseif ((empty($_COOKIE['admin_login'])) || (empty($_COOKIE['admin_md5'])) || (empty($_COOKIE['admin_last'])) || (empty($_COOKIE['admin_to'])) || (($_COOKIE['admin_last'] + bigintval($_COOKIE['admin_to']) * 3600 * 24) < time()))
-{
+} elseif ((!isSessionVariableSet('admin_id')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
// At leat one administrator account was created
- if ((!empty($_COOKIE['admin_login'])) && (!empty($_COOKIE['admin_md5'])) && (!empty($_COOKIE['admin_last'])) && (!empty($_COOKIE['admin_to'])))
- {
+ if ((isSessionVariableSet('admin_id')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
// Timeout for last login, we have to logout first!
- $URL = URL."/modules.php?module=admin&action=login&logout=1";
- LOAD_URL($URL);
- }
- if (!empty($_GET['register']))
- {
+ redirectToUrl('modules.php?module=admin&logout=1');
+ } // END - if
+
+ if (isGetRequestElementSet('register')) {
// Registration of first admin is done
- if ($_GET['register'] == "done") OUTPUT_HTML ("".ADMIN_REGISTER_DONE."");
- }
+ if (getRequestElement('register') == 'done') {
+ // Regisration done!
+ displayMessage('{--ADMIN_REGISTER_DONE--}');
+ } // END - if
+ } // END - if
// Check if the admin has submitted data or not
- $ret = "";
- if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
- if ((isset($_POST['ok'])) && ($_POST['ok'] != "***"))
- {
- // All required data was entered so we check his account
- $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']);
- switch ($ret)
- {
- case "done": // Admin and password are okay, so we log in now
- $TIMEOUT = time() + (3600 * 24 * $_POST['timeout']);
- if ((@setcookie("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_login", $_POST['login'], $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_to", $_POST['timeout'], $TIMEOUT, COOKIE_PATH)))
- {
- // Construct URL and redirect
- $URL = URL."/modules.php?module=admin&";
-
- // Rewrite overview module
- if ($GLOBALS['what'] == "overview") {
- $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']);
- }
+ if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password')) || (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')))) {
+ setPostRequestElement('login', '***');
+ } // END - if
- // Add data to URL
- if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
- elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
- elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
+ if ((isFormSent('login')) && (postRequestElement('login') != '***')) {
+ // All required data was entered so we check his account
+ $ret = ifAdminLoginDataIsValid(postRequestElement('admin_login'), postRequestElement('admin_password'));
+ // Which status do we have?
+ switch ($ret) {
+ case 'done': // Admin and password are okay, so we log in now
// Load URL
- LOAD_URL($URL);
- }
- else
- {
- OUTPUT_HTML ("".ADMIN_LOGIN_FAILED."");
- ADD_FATAL(CANNOT_REGISTER_SESS);
- }
- break;
-
- case "404": // Administrator login not found
- $_POST['ok'] = $ret;
- $ret = ADMIN_NOT_FOUND;
- break;
-
- case "pass": // Wrong password
- $_POST['ok'] = $ret;
- $ret = WRONG_PASS;
- break;
- }
- }
- if ($ret != "done")
- {
- if (!empty($_POST['login']))
- {
- define('__LOGIN_VALUE', $_POST['login']);
- }
- else
- {
- define('__LOGIN_VALUE', "");
- }
-
- if (isset($_POST['ok']))
- {
+ redirectToUrl('modules.php?' . addAllGetRequestParameters());
+ break;
+
+ case '404': // Administrator login not found
+ setPostRequestElement('login', $ret);
+ $ret = '{%message,ADMIN_ACCOUNT_404=' . postRequestElement('admin_login') . '%}';
+ destroyAdminSession();
+ break;
+
+ case 'password': // Wrong password
+ setPostRequestElement('login', $ret);
+ $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]';
+ destroyAdminSession();
+ break;
+
+ default: // Others will be logged
+ logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
+ break;
+ } // END - switch
+ } // END - if
+
+ // Error detected?
+ if ($ret != 'done') {
+ $content['admin_login'] = '';
+ if (isPostRequestElementSet('admin_login')) {
+ $content['admin_login'] = postRequestElement('admin_login');
+ } // END - if
+
+ // Init array elements
+ $content['login_message'] = '';
+ $content['pass_message'] = '';
+
+ if (isFormSent('login')) {
// Set messages to zero
+ $loginMessage = '';
+ $passwdMessage = '';
+
+ // Check for login
+ if (!isPostRequestElementSet('admin_login')) {
+ // No login entered?
+ $loginMessage = '{--ADMIN_NO_LOGIN--}';
+ } elseif ((!empty($ret)) && (postRequestElement('login') == '404')) {
+ // An error comes back from login?
+ $loginMessage = $ret;
+ }
- $MSG1 = ""; $MSG2 = "";
- // No login entered?
- if (empty($_POST['login'])) $MSG1 = ADMIN_NO_LOGIN;
-
- // An error comes back from login?
- if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret;
-
- // No password entered?
- if (empty($_POST['pass'])) $MSG2 = ADMIN_NO_PASS;
-
- // Or password too short?
- if (strlen($_POST['pass']) < 4) $MSG2 = ADMIN_SHORT_PASS;
-
- // An error comes back from login?
- if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret;
-
- // Load message template
- define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
- define('__MSG_PASS' , LOAD_TEMPLATE("admin_login_msg", true, $MSG2));
+ // Check for password
+ if (!isPostRequestElementSet('admin_password')) {
+ // No password entered?
+ $passwdMessage = '{--ADMIN_NO_PASS--}';
+ } elseif (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')) {
+ // Or password too short?
+ $passwdMessage = '{--ADMIN_SHORT_PASS--}';
+ } elseif ((!empty($ret)) && (postRequestElement('login') == 'password')) {
+ // An error comes back from login?
+ $passwdMessage = $ret;
+ }
- // Reset variables
- $MSG1 = ""; $MSG2 = "";
- }
- else
- {
- // Set constants to empty for hiding them
- define('__MSG_LOGIN', "");
- define('__MSG_PASS' , "");
- }
+ // Load message templates if the messages have been set
+ if (!empty($loginMessage)) {
+ $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
+ } // END - if
+ if (!empty($passwdMessage)) {
+ $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage);
+ } // END - if
+ } // END - if
- // Load login form
- if (!empty($GLOBALS['what']))
- {
- // Restore old what value
- $content = array('target' => "what", 'value' => $GLOBALS['what']);
- }
- elseif (!empty($GLOBALS['action']))
- {
- if ($GLOBALS['action'] != "logout")
- {
- // Restore old action value
- $content = array('target' => "action", 'value' => $GLOBALS['action']);
- }
- else
- {
- // Set default values
- $content = array('target' => "action", 'value' => "login");
- }
- }
- elseif (!empty($_GET['area']))
- {
- // Restore old area value
- $content = array('target' => "area", 'value' => $_GET['area']);
- }
- else
- {
- // Set default values
- $content = array('target' => "action", 'value' => "login");
- }
+ // Add all parameter
+ $content['all_parameter'] = addAllGetRequestParameters();
// Load login form template
- LOAD_TEMPLATE("admin_login_form", false, $content);
- }
-}
- elseif ($_GET['logout'] == "1")
-{
+ loadTemplate('admin_login_form', false, $content);
+ } // END - if
+} elseif (isGetRequestElementSet('logout')) {
// Only try to remove cookies
- if (@setcookie("admin_login", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_md5", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_last", "", (time() - 3600), COOKIE_PATH) && @setcookie("admin_to", "", (time() - 3600), COOKIE_PATH))
- {
- // Also remove array elements
- unset($_COOKIE['admin_login']);
- unset($_COOKIE['admin_md5']);
- unset($_COOKIE['admin_last']);
- unset($_COOKIE['admin_to']);
-
- // Destroy session
- @session_destroy();
-
+ if (destroyAdminSession()) {
// Load logout template
- LOAD_TEMPLATE("admin_logout");
- }
- else
- {
+ if (isGetRequestElementSet('register')) {
+ // Secure input
+ $register = getRequestElement('register');
+
+ // Special logout redirect for installation of given extension
+ loadTemplate(sprintf("admin_logout_%s_install", $register));
+ } elseif (isGetRequestElementSet('remove')) {
+ // Secure input
+ $remove = getRequestElement('remove');
+
+ // Special logout redirect for removal of given extension
+ loadTemplate(sprintf("admin_logout_%s_remove", $remove));
+ } else {
+ // Logged out normally
+ loadTemplate('admin_logout');
+ }
+ } else {
// Something went wrong here...
- OUTPUT_HTML ("".ADMIN_LOGOUT_FAILED."");
+ loadTemplate('admin_settings_unsaved', false, '{--ADMIN_LOGOUT_FAILED--}');
// Add fatal message
- ADD_FATAL(CANNOT_UNREG_SESS);
+ addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}');
}
-}
- else
-{
+} else {
// Maybe an Admin want's to login?
- $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE($_COOKIE['admin_login']), SQL_ESCAPE($_COOKIE['admin_md5']));
- switch ($ret)
- {
- case "done":
- // Cookie-Data accepted
- $TIMEOUT = time() + bigintval($_COOKIE['admin_to']);
- if ((@setcookie("admin_md5", SQL_ESCAPE($_COOKIE['admin_md5']), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_login", SQL_ESCAPE($_COOKIE['admin_login']), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_last", time(), $TIMEOUT, COOKIE_PATH)) && (@setcookie("admin_to", bigintval($_COOKIE['admin_to']), $TIMEOUT, COOKIE_PATH)))
- {
- // Ok, Cookie-Update done
- if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2"))
- {
- // Check if action GET variable was set
- $act = SQL_ESCAPE($GLOBALS['action']);
- if (!empty($GLOBALS['what'])) {
- // Get action value by what-value
- $act = GET_ACTION("admin", $GLOBALS['what']);
- }
-
- // Check for access control line of current menu entry
- define('__ACL_ALLOW', ADMINS_CHECK_ACL($act, $GLOBALS['what']));
+ $ret = ifAdminCookiesAreValid(getCurrentAdminId(), getAdminMd5());
+
+ // Check status
+ switch ($ret) {
+ case 'done':
+ // Check for access control line of current menu entry
+ runFilterChain('check_admin_acl');
+
+ // Check for version and switch between old menu system and new intelligent menu system
+ if (adminGetMenuMode() == 'NEW') {
+ // Load include for admin AJAX
+ loadIncludeOnce('inc/ajax/ajax_admin.php');
+
+ // Load main template
+ loadTemplate('admin_ajax_main');
+ } else {
+ /*
+ * This little call constructs the whole default old and lacky menu system
+ * on left side. It also renders the content on right side
+ */
+ doAdminAction();
}
- else
- {
- // Extension not installed so it's always allowed to access everywhere!
- define('__ACL_ALLOW', true);
- }
-
- // When type of admin menu is not set fallback to old menu system
- if (empty($CONFIG['admin_menu'])) $CONFIG['admin_menu'] = "OLD";
-
- // Check for version and switch between old menu system and new "intelligent menu system"
- if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (file_exists(PATH."inc/modules/admin/la_sys-inc.php")))
- {
- // Default area is the entrance, of course
- $area = "entrance";
-
- // Check for similar URL variable
- if (!empty($_GET['area'])) $area = $_GET['area'];
-
- // Load "logical-area menu-system" file
- require_once(PATH."inc/modules/admin/la_sys-inc.php");
+ break;
- // Create new-style menu system will "logical areas"
- ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']);
- }
- else
- {
- // This little call constructs the whole default old and lacky menu system
- // on left side
- ADMIN_DO_ACTION($GLOBALS['what']);
- }
- }
- else
- {
- // Login failed (cookies enabled?)
- OUTPUT_HTML ("".ADMIN_LOGIN_FAILED."");
- ADD_FATAL(CANNOT_RE_REGISTER_SESS);
- }
- break;
+ case '404': // Administrator login not found
+ setPostRequestElement('login', $ret);
+ displayMessage('{%message,ADMIN_ACCOUNT_404=' . getCurrentAdminId() . '%}');
+ destroyAdminSession();
+ break;
- case "404": // Administrator login not found
- $_POST['ok'] = $ret;
- ADD_FATAL(ADMIN_NOT_FOUND);
- break;
+ case 'password': // Wrong password
+ setPostRequestElement('login', $ret);
+ displayMessage('{--WRONG_PASS--}');
+ destroyAdminSession();
+ break;
- case "pass": // Wrong password
- $_POST['ok'] = $ret;
- ADD_FATAL(WRONG_PASS);
- break;
- }
+ default: // Others will be logged
+ logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));
+ break;
+ } // END - switch
}
-if (admin_registered)
-{
- // Check config.php and inc directory for right access rights
- if (is_INCWritable("config")) ADD_FATAL(FATAL_CONFIG_WRITABLE);
- if (is_INCWritable("dummy")) ADD_FATAL(FATAL_INC_WRITABLE);
-}
-//
+// [EOF]
?>