// SQL num rows
function SQL_NUMROWS($result) {
- if ($result != false) {
+ // Is the result a valid resource?
+ if (is_resource($result)) {
+ // Get the count of rows from database
$lines = @mysql_num_rows($result);
- if (empty($lines)) $lines = "0";
+ // Is the result empty? Then we have an error!
+ if (empty($lines)) $lines = "0";
} else {
// No resource given, no lines found!
$lines = "0";
return $EMAIL;
}
// Generate a hash for extra-security for all passwords
-function generateHash($plainText, $salt = "") {
+function generateHash ($plainText, $salt = "") {
global $_CONFIG, $_SERVER;
// Is the required extension "sql_patches" there?
//* DEBUG: */ die($passHash."<br>".$newHash." (".strlen($newHash).")");
$ret = generateHash($newHash, $_CONFIG['master_salt']);
+ } else {
+ // Hash it simple
+ //* DEBUG: */ echo "--".$passHash."--<br />\n";
+ $ret = md5($passHash);
+ //* DEBUG: */ echo "++".$ret."++<br />\n";
}
// Return result
define('ADMIN_CONFIG_MAILID_REDIRECT_REJECT', "Auf Ablehnungsseite umleiten.");
define('REASON_DIRECT_PAYMENT', "Direkte Gutschrift (siehe evtl. vorangegangene Mail)");
define('SUBJECT_DIRECT_PAYMENT', "Direkte {!POINTS!}-Gutschrift durch das System");
+define('ADMIN_LOGOUT_SQL_PATCHES_DONE', "Sie wurden automatisch ausgeloggt, da Sie die Erweiterung <strong>sql_patches</strong> installiert haben und dabei das Passort-Hashing geändert/verbessert wurde. Bitte erneut einloggen!");
//
?>
// Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to'));
-// Is the logout empty?
-if (empty($_GET['logout'])) $_GET['logout'] = "";
-
if (!isBooleanConstantAndTrue('admin_registered')) {
// Admin is not registered so we have to inform the user
if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***";
if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) {
// Hash the password with the old function because we are here in install mode
- $hashedPass = md5($hashedPass);
+ $hashedPass = md5($_POST['pass']);
// Do registration
$ret = REGISTER_ADMIN($_POST['login'], $hashedPass);
// Any other kind
$ret = "done";
}
+
if (!isBooleanConstantAndTrue('admin_registered')) {
// Write to config that registration is done
admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
break;
}
}
+
+ // Whas that action okay?
if ($ret != "done") {
// Fixes another "Notice"
if (!empty($_POST['login'])) {
// Load login form template
LOAD_TEMPLATE("admin_login_form", false, $content);
}
-} elseif ($_GET['logout'] == "1") {
+} elseif (isset($_GET['logout'])) {
// Only try to remove cookies
if (set_session("admin_login", "") && set_session("admin_md5", "") && set_session("admin_last", "") && set_session("admin_to", "")) {
// Also remove array elements
@session_destroy();
// Load logout template
- LOAD_TEMPLATE("admin_logout");
+ if (isset($_GET['sql_patches'])) {
+ // Special logout redirect for sql_patchrs
+ LOAD_TEMPLATE("admin_logout_sql_patches");
+ } else {
+ // Logged out normally
+ LOAD_TEMPLATE("admin_logout");
+ }
} else {
// Something went wrong here...
OUTPUT_HTML("<STRONG class=\"admin_fatal\">".ADMIN_LOGOUT_FAILED."</STRONG>");
} else {
// Maybe an Admin want's to login?
$ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE(get_session('admin_login')), SQL_ESCAPE(get_session('admin_md5')));
- switch ($ret) {
+ switch ($ret)
+ {
case "done":
// Cookie-Data accepted
if ((set_session("admin_md5", SQL_ESCAPE(get_session('admin_md5')))) && (set_session("admin_login", SQL_ESCAPE(get_session('admin_login')))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) {
}
//
-function REGISTER_ADMIN ($user, $md5)
+function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER)
{
$ret = "failed";
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
array($user), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 0)
- {
+ if (SQL_NUMROWS($result) == 0) {
// Ok, let's create the admin login
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')",
- array($user, $md5), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')",
+ array($user, $md5, $email), __FILE__, __LINE__);
$ret = "done";
- }
- else
- {
+ } else {
// Free memory
SQL_FREERESULT($result);
{
global $cacheArray, $_CONFIG, $cacheInstance;
$ret = "404"; $pass = "";
- if (!empty($cacheArray['admins']['aid'][$admin_login]))
- {
+ if (!empty($cacheArray['admins']['aid'][$admin_login])) {
// Get password from cache
$pass = $cacheArray['admins']['password'][$admin_login];
$ret = "pass";
$_CONFIG['cache_hits']++;
- }
- else
- {
+ } else {
// Get password from DB
$result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
array($admin_login), __FILE__, __LINE__);
- if (SQL_NUMROWS($result) == 1)
- {
+ if (SQL_NUMROWS($result) == 1) {
$ret = "pass";
list($pass) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
}
}
- //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."<br />";
- if ((strlen($pass) == 32) && ($pass == md5($password)))
- {
+ //* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."<br />";
+ if ((strlen($pass) == 32) && ($pass == md5($password))) {
// Generate new hash
$pass = generateHash($password);
- if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done";
- }
- elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))
- {
+
+ // Is the sql_patches not installed, than we cannot have a valid hashed password here!
+ if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done";
+ } elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) {
// Old hashing way
return $ret;
}
$salt = __SALT;
// Check if password is same
- if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt)))
- {
+ if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) {
// Update password
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
array($pass, $admin_login), __FILE__, __LINE__);
// Shall I remove the cache file?
- if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false))
- {
+ if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) {
if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
}
// Password matches!
$ret = "done";
- }
- elseif ((empty($salt)) && ($ret == "pass"))
- {
+ } elseif ((empty($salt)) && ($ret == "pass")) {
// Something bad went wrong
$ret = "failed";
}
return $ret;
}
+
// Only be executed on cookie checking
function CHECK_ADMIN_COOKIES ($admin_login, $password) {
global $cacheArray, $_CONFIG;
$result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
array($admin_login), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
+ // Entry found
$ret = "pass";
+
+ // Fetch password
list($pass) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
}
+
+ // Free result
+ SQL_FREERESULT($result);
}
- //* DEBUG: */ echo "*".$pass."/".$password."<br />";
+ //* DEBUG: */ echo __FUNCTION__.":".$pass."/".$password."<br />";
// Check if password matches
- if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password))) {
+ if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {
// Passwords matches!
$ret = "done";
}
return $ret;
}
//
-function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0)
-{
- $done = false; $seek++; $found = false;
- if (file_exists($file))
- {
+function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
+ // Initialize some variables
+ $done = false;
+ $seek++;
+ $found = false;
+
+ // Is the file there and read-/write-able?
+ if ((file_exists($file)) && (is_readable($file)) && (is_writeable($file))) {
$search = "CFG: ".$comment;
$tmp = $file.".tmp";
- $fp = fopen($file, 'r') or OUTPUT_HTML("<STRONG>READ:</STRONG> ".$file."<br />");
- if ($fp)
- {
- $fp_tmp = fopen($tmp, 'w') or OUTPUT_HTML("<STRONG>WRITE:</STRONG> ".$tmp."<br />");
- if ($fp_tmp)
- {
- while (! feof($fp))
- {
+
+ // Open the source file
+ $fp = @fopen($file, 'r') or OUTPUT_HTML("<STRONG>READ:</STRONG> ".$file."<br />");
+
+ // Is the resource valid?
+ if (is_resource($fp)) {
+ // Open temporary file
+ $fp_tmp = @fopen($tmp, 'w') or OUTPUT_HTML("<STRONG>WRITE:</STRONG> ".$tmp."<br />");
+
+ // Is the resource again valid?
+ if (is_resource($fp_tmp)) {
+ while (!feof($fp)) {
+ // Read from source file
$line = fgets ($fp, 1024);
+
if (strpos($line, $search) > -1) { $next = 0; $found = true; }
- if ($next > -1)
- {
- if ($next == $seek)
- {
+
+ if ($next > -1) {
+ if ($next == $seek) {
$next = -1;
$line = $prefix . $DATA . $suffix."\n";
- }
- else
- {
+ } else {
$next++;
}
}
+
+ // Write to temp file
fputs($fp_tmp, $line);
}
+
+ // Close temp file
fclose($fp_tmp);
+
// Finished writing tmp file
$done = true;
}
+
+ // Close source file
fclose($fp);
- if (($done) && ($found))
- {
+
+ if (($done) && ($found)) {
// Copy back tmp file and delete tmp :-)
@copy($tmp, $file);
@unlink($tmp);
define('_FATAL', false);
- }
- elseif (!$found)
- {
+ } elseif (!$found) {
OUTPUT_HTML("<STRONG>CHANGE:</STRONG> 404!");
define('_FATAL', true);
- }
- else
- {
+ } else {
OUTPUT_HTML("<STRONG>TMP:</STRONG> UNDONE!");
define('_FATAL', true);
}
}
- }
- else
- {
+ } else {
+ // File not found, not readable or writeable
OUTPUT_HTML("<STRONG>404:</STRONG> ".$file."<br />");
}
}
+
//
function ADMIN_DO_ACTION($wht)
{
// ... so we can finally register and load it in registration mode
$status = EXTENSION_REGISTER($ext_name, $id);
- if ($status) {
+ if ($status == true) {
+ // Is this sql_patches? Then we need to auto-logout!
+ if ($ext_name == "sql_patches") {
+ // Auto-logout here
+ LOAD_URL("admin.php?module=admin&logout=1&sql_patches=1");
+ }
+
// Extension was found and successfully registered
LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_EXTENSION_REGISTERED);
************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
echo "<STRONG>".LANG_WARNING.":</STRONG> ".WARN_NULL_PASSWORD;
}
-
// Init configuration arrays
$_CONFIG = array(
'code_length' => 0
// Is it a valid resource?
if ($db === true) {
+ // Load more include files
+ require_once(PATH."inc/mysql-manager.php"); // Functions which interact with the database
+
// Load configuration stuff
$result = SQL_QUERY("SELECT pass_len, points_register, points_ref, least_cats, check_double_email, check_double_pass, admin_notify, url_tlock, test_text, max_tlength, test_subj, autosend_active, max_send, url_blacklist, auto_purge, auto_purge_active, last_update, unconfirmed, profile_lock, online_timeout, mad_timestamp, mad_count, profile_update, send_prof_update, resend_profile_update, code_length, patch_level, patch_ctime, guest_stats, ref_payout, activate_xchange, order_multi_page, display_refid, ip_timeout, allow_direct_pay, config
FROM "._MYSQL_PREFIX."_config
if (SQL_NUMROWS($result) == 1) {
// Load data when previous SQL query did not fail
- if (!$result) {
+ if (!is_resource($result)) {
// Something went wrong
ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG);
return;
// Initialize include-file-pool
$INC_POOL = array();
- // Load more include files
- require_once(PATH."inc/mysql-manager.php"); // Functions which interact with the database
-
// Run daily reset
if ((date("d", $_CONFIG['last_update']) != date("d", time()) || ((isBooleanConstantAndTrue('DEBUG_MODE')))) && (!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($CSS != 1)) {
// Do daily things in external PHP file but only when script is completely setup
require_once(PATH."inc/load_extensions.php");
// Loading patching system is required here...
- require_once(PATH."inc/patch-system.php"); // Initialize patch system
+ require_once(PATH."inc/patch-system.php"); // Initialize patch system
// Functions which are related to themes
require_once(PATH."inc/theme-manager.php");
$dummy = CHECK_MODULE($GLOBALS['module']);
if ($dummy == "done") COUNT_MODULE($GLOBALS['module']);
unset($dummy);
+
+ // Shall we activate the exchange?
if ($_CONFIG['activate_xchange'] > 0) activateExchange();
} else {
// If you will read following error message you probably need to contact me (webmaster@mxchange.org)
// and download the sql-upgrades extension from my server. Please ask me which SQL file(s) you need to
// import *BEFORE* you import them!
ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG);
+
+ // Reset link and db here, close database first
+ SQL_CLOSE($link, __FILE__, __LINE__);
+ $link = false; $db = false;
}
// Free memory
************************************************************************/
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
-{
+if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
}
return $name;
}
+
// Check validity of a given module name (no file extension)
function CHECK_MODULE($mod) {
// We need them now here...
// Return the value
return $ret;
}
+
// Add menu description pending on given file name (without path!)
-function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true)
-{
+function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) {
global $DEPTH, $_CONFIG;
$LINK_ADD = ""; $OUT = ""; $AND = "";
// First we have to do some analysis...
if (!$return) $DEPTH++;
$prefix = "";
}
+
$prefix .= " -> ";
+
if (ereg(".php", $search)) {
$search = substr($search, 0, strpos($search, ".php"));
}
+
$result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1",
array($ACC_LVL, $type, $search), __FILE__, __LINE__);
+
if (SQL_NUMROWS($result) == 1) {
list($ret) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
//
function ADD_MENU($MODE, $act, $wht) {
global $_CONFIG;
+
+ // Init some variables
+ $main_cnt = 0;
+ $AND = "";
+ $main_action = "";
+ $sub_what = "";
+
if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID;
- $main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = "";
- if (!IS_ADMIN())
- {
+
+ // Non-admin shall not see all menus
+ if (!IS_ADMIN()) {
$AND = "AND visible='Y' AND locked='N'";
}
+
// Load SQL data and add the menu to the output stream...
$result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort",
array($MODE), __FILE__, __LINE__);
//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
- if (SQL_NUMROWS($result_main) > 0)
- {
+ if (SQL_NUMROWS($result_main) > 0) {
OUTPUT_HTML("<TABLE border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"".$MODE."_menu\">");
// There are menus available, so we simply display them... :)
- while (list($main_title, $main_action) = SQL_FETCHROW($result_main))
- {
+ while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) {
//* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*<br />\n";
// Load menu header template
$BLOCK_MODE = false; $act = $main_action;
$result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort",
array($MODE, $main_action), __FILE__, __LINE__);
$ctl = SQL_NUMROWS($result_sub);
- if ($ctl > 0)
- {
+ if ($ctl > 0) {
$cnt=0;
- while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub))
- {
+ while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) {
+ // Init content
$content = "";
// Full file name for checking menu
// If admin login is not given take current from cookies...
if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) {
- $admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5');
+ // Get admin login and password from session/cookies
+ $admin = SQL_ESCAPE(get_session('admin_login'));
+ $passCookie = SQL_ESCAPE(get_session('admin_md5'));
}
//* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."<br />";
if (SQL_NUMROWS($result) == 1) {
// Admin login was found so let's load password from DB
list($passDB) = SQL_FETCHROW($result);
+
+ // Generate password hash
$valPass = generatePassString($passDB);
}
if (!empty($valPass)) {
// Check if password is valid
- //* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*<br>";
- $ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
+ //* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*<br />\n";
+ $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache"))));
}
// Return result of comparision
projects / mailer.git / commitdiff