Deprecated variables for templates removed, mor EL-rewrites, getMessage() rewritten:
[mailer.git] / inc / modules / admin.php
1 <?php
2 /************************************************************************
3  * Mailer v0.2.1-FINAL                                Start: 08/31/2003 *
4  * ===================                          Last change: 07/02/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : admin.php                                        *
8  * -------------------------------------------------------------------- *
9  * Short description : Administration module                            *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Administrationsmodul                             *
12  * -------------------------------------------------------------------- *
13  * $Revision::                                                        $ *
14  * $Date::                                                            $ *
15  * $Tag:: 0.2.1-FINAL                                                 $ *
16  * $Author::                                                          $ *
17  * Needs to be in all Files and every File needs "svn propset           *
18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
19  * -------------------------------------------------------------------- *
20  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
21  * Copyright (c) 2009, 2010 by Mailer Developer Team                    *
22  * For more information visit: http://www.mxchange.org                  *
23  *                                                                      *
24  * This program is free software; you can redistribute it and/or modify *
25  * it under the terms of the GNU General Public License as published by *
26  * the Free Software Foundation; either version 2 of the License, or    *
27  * (at your option) any later version.                                  *
28  *                                                                      *
29  * This program is distributed in the hope that it will be useful,      *
30  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
31  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
32  * GNU General Public License for more details.                         *
33  *                                                                      *
34  * You should have received a copy of the GNU General Public License    *
35  * along with this program; if not, write to the Free Software          *
36  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
37  * MA  02110-1301  USA                                                  *
38  ************************************************************************/
39
40 // Some security stuff...
41 if (!defined('__SECURITY')) {
42         die();
43 } // END - if
44
45 // Load include file
46 loadIncludeOnce('inc/modules/admin/admin-inc.php');
47
48 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
49 fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last'));
50
51 // Init return value
52 $ret = 'init';
53
54 // Is no admin registered?
55 if (!isAdminRegistered()) {
56         // Admin is not registered so we have to inform the user
57         if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass1')) || (strlen(postRequestParameter('pass1')) < 4) || (!isPostRequestParameterSet('pass2')) || (strlen(postRequestParameter('pass2')) < 4) || (postRequestParameter('pass1') != postRequestParameter('pass2')))) {
58                 setPostRequestParameter('ok', '***');
59         } // END - if
60
61         // Clear error message
62         $errorMessage = '';
63
64         if ((isFormSent()) && (postRequestParameter('ok') != '***')) {
65                 // Hash the password with the old function because we are here in install mode
66                 $hashedPass = md5(postRequestParameter('pass1'));
67
68                 // Kill maybe existing session variables
69                 destroyAdminSession(false);
70
71                 // Do registration
72                 $ret = addAdminAccount(postRequestParameter('login'), $hashedPass, getConfig('WEBMASTER'));
73
74                 // Check if registration wents fine
75                 switch ($ret) {
76                         case 'done':
77                                 $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0);
78                                 if ($done === true) {
79                                         // Registering is done
80                                         redirectToUrl('modules.php?module=admin&amp;register=done');
81                                 } else {
82                                         // Registration incomplete
83                                         $errorMessage = getMessage('ADMIN_CANNOT_COMPLETE');
84
85                                         // Set this to have our error message displayed
86                                         setPostRequestParameter('ok', '***');
87                                 }
88                                 break;
89
90                         case 'failed': // Registration has failed
91                                 $errorMessage = getMessage('ADMIN_REGISTER_FAILED');
92
93                                 // Set this to have our error message displayed
94                                 setPostRequestParameter('ok', '***');
95                                 break;
96
97                         case 'already': // Admin does already exists!
98                                 $errorMessage = getMessage('ADMIN_LOGIN_ALREADY_REG');
99
100                                 // Set this to have our error message displayed
101                                 setPostRequestParameter('ok', '***');
102                                 break;
103
104                         default:
105                                 // Any other kind will be logged
106                                 $errorMessage = sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret);
107                                 logDebugMessage(__FILE__, __LINE__, $errorMessage);
108
109                                 // Set this to have our error message displayed
110                                 setPostRequestParameter('ok', '***');
111                                 break;
112                 } // END - switch
113         } // END - if
114
115         // Whas that action okay?
116         if ($ret != 'done') {
117                 // Init login name
118                 $content['login'] = '';
119                 if (isPostRequestParameterSet('login')) {
120                         $content['login'] = postRequestParameter('login');
121                 } // END - if
122
123                 // Init array elements
124                 $content['login_message']   = '';
125                 $content['pass1_message']    = '';
126                 $content['pass2_message']    = '';
127
128                 // Yet-another notice-fix
129                 if ((isFormSent()) && (postRequestParameter('ok') == '***')) {
130                         // Init variables
131                         $loginMessage = '';
132                         $pass1Message = '';
133                         $pass2Message = '';
134
135                         // No login entered?
136                         if (empty($content['login'])) $loginMessage = getMessage('ADMIN_NO_LOGIN');
137
138                         // An error comes back from registration?
139                         if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $errorMessage;
140
141                         // No password 1 entered or to short?
142                         if (!isPostRequestParameterSet('pass1')) $pass1Message = getMessage('ADMIN_NO_PASS1');
143                          elseif (strlen(postRequestParameter('pass1')) < 4) $pass1Message = getMessage('ADMIN_SHORT_PASS1');
144
145                         // No password 2 entered or to short?
146                         if (!isPostRequestParameterSet('pass2')) $pass2Message = getMessage('ADMIN_NO_PASS2');
147                          elseif (strlen(postRequestParameter('pass2')) < 4) $pass2Message = getMessage('ADMIN_SHORT_PASS2');
148
149                         // Both didn't match?
150                         if (postRequestParameter('pass1') != postRequestParameter('pass2')) {
151                                 // No match
152                                 if (empty($pass1Message)) $pass1Message = getMessage('ADMIN_PASS1_MISMATCH');
153                                 if (empty($pass2Message)) $pass2Message = getMessage('ADMIN_PASS2_MISMATCH');
154                         } // END - if
155
156                         // Output error messages
157                         $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
158                         $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message);
159                         $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message);
160                 } // END - if
161
162                 // Output message in seperate template
163                 loadTemplate('admin_settings_saved', false, '{--ADMIN_ACCOUNT_NOT_REGISTERED_YET--}');
164
165                 // Load register template
166                 loadTemplate('admin_reg_form', false, $content);
167         } // END - if
168 } elseif (isGetRequestParameterSet('reset_pass')) {
169         // Is the form submitted?
170         if ((isPostRequestParameterSet('send_link')) && (isPostRequestParameterSet('email'))) {
171                 // Output result
172                 loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestParameter('email')));
173         } elseif (isGetRequestParameterSet('hash')) {
174                 // Output form for hash validation
175                 loadTemplate('admin_validate_reset_hash_form', false, getRequestParameter('hash'));
176         } elseif ((isPostRequestParameterSet('validate_hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('hash'))) {
177                 // Validate the login data and hash
178                 $valid = adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'));
179
180                 // Valid?
181                 if ($valid === true) {
182                         // Prepare content first
183                         $content = array(
184                                 'hash'  => secureString(postRequestParameter('hash')),
185                                 'login' => secureString(postRequestParameter('login'))
186                         );
187
188                         // Validation okay so display form for final password change
189                         loadTemplate('admin_reset_password_form', false, $content);
190                 } else {
191                         // Cannot validate the login data and hash
192                         loadTemplate('admin_settings_saved', false, '{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}');
193                 }
194         } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) {
195                 // Okay, we shall the admin password here. So first revalidate the hash
196                 if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) {
197                         // Output result
198                         loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1')));
199                 } else {
200                         // Validation failed
201                         loadTemplate('admin_settings_saved', false, '{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}');
202                 }
203         } else {
204                 // Output reset password form
205                 loadTemplate('admin_send_reset_link');
206         }
207 } elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
208         // At leat one administrator account was created
209         if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
210                 // Timeout for last login, we have to logout first!
211                 redirectToUrl('modules.php?module=admin&amp;logout=1');
212         } // END - if
213
214         if (isGetRequestParameterSet('register')) {
215                 // Registration of first admin is done
216                 if (getRequestParameter('register') == 'done') loadTemplate('admin_settings_saved', false, '{--ADMIN_REGISTER_DONE--}');
217         } // END - if
218
219         // Check if the admin has submitted data or not
220         if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass')) || (strlen(postRequestParameter('pass')) < 4))) {
221                 setPostRequestParameter('ok', '***');
222         } // END - if
223
224         if ((isFormSent()) && (postRequestParameter('ok') != '***')) {
225                 // All required data was entered so we check his account
226                 $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('pass'));
227
228                 // Which status do we have?
229                 switch ($ret) {
230                         case 'done': // Admin and password are okay, so we log in now
231                                 // Construct URL and redirect
232                                 $url = 'modules.php?module=admin&amp;';
233
234                                 // Rewrite overview module
235                                 if (getWhat() == 'overview') {
236                                         setAction(getActionFromModuleWhat(getModule(), getWhat()));
237                                 } // END - if
238
239                                 // Add data to URL
240                                 if (isWhatSet())        $url .= 'what='.getWhat();
241                                  elseif (isActionSet()) $url .= 'action='.getAction();
242                                  elseif (isGetRequestParameterSet('area'))  $url .= 'area='.getRequestParameter('area');
243
244                          // Load URL
245                          redirectToUrl($url);
246                          break;
247
248                         case '404': // Administrator login not found
249                                 setPostRequestParameter('ok', $ret);
250                                 $ret = getMaskedMessage('ADMIN_ACCOUNT_404', postRequestParameter('login'));
251                                 destroyAdminSession();
252                                 break;
253
254                         case 'pass': // Wrong password
255                                 setPostRequestParameter('ok', $ret);
256                                 $ret = '{--WRONG_PASS--} [<a href="{%url=modules.php?module=admin&amp;reset_pass=1%}">{--ADMIN_RESET_PASS--}</a>]';
257                                 destroyAdminSession();
258                                 break;
259
260                         default: // Others will be logged
261                                 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
262                                 break;
263                 } // END - switch
264         } // END - if
265
266         // Error detected?
267         if ($ret != 'done') {
268                 $content['login'] = '';
269                 if (isPostRequestParameterSet('login')) {
270                         $content['login'] = postRequestParameter('login');
271                 } // END - if
272
273                 // Init array elements
274                 $content['login_message'] = '';
275                 $content['pass_message']  = '';
276
277                 if (isFormSent()) {
278                         // Set messages to zero
279                         $loginMessage = ''; $passwdMessage = '';
280
281                         // No login entered?
282                         if (!isPostRequestParameterSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN');
283
284                         // An error comes back from login?
285                         if ((!empty($ret)) && (postRequestParameter('ok') == '404')) $loginMessage = $ret;
286
287                         // No password entered?
288                         if (!isPostRequestParameterSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS');
289
290                         // Or password too short?
291                         if (strlen(postRequestParameter('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS');
292
293                         // An error comes back from login?
294                         if ((!empty($ret)) && (postRequestParameter('ok') == 'pass')) $passwdMessage = $ret;
295
296                         // Load message template
297                         $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
298                         $content['pass_message']  = loadTemplate('admin_login_msg', true, $passwdMessage);
299                 } // END - if
300
301                 // Load login form
302                 if (isWhatSet()) {
303                         // Restore old what value
304                         $content = merge_array($content, array('target' => 'what', 'value' => getWhat()));
305                 } elseif (isActionSet()) {
306                         if (getAction() != 'logout') {
307                                 // Restore old action value
308                                 $content = merge_array($content, array('target' => 'action', 'value' => getAction()));
309                         } else {
310                                 // Set default values
311                                 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
312                         }
313                 } elseif (isGetRequestParameterSet('area')) {
314                         // Restore old area value
315                         $content = merge_array(
316                                 $content,
317                                 array(
318                                         'target' => 'area',
319                                         'value'  => getRequestParameter('area')
320                                 )
321                         );
322                 } else {
323                         // Set default values
324                         $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
325                 }
326
327                 // Load login form template
328                 loadTemplate('admin_login_form', false, $content);
329         } // END - if
330 } elseif (isGetRequestParameterSet('logout')) {
331         // Only try to remove cookies
332         if (destroyAdminSession()) {
333                 // Load logout template
334                 if (isGetRequestParameterSet('register')) {
335                         // Secure input
336                         $register = getRequestParameter('register');
337
338                         // Special logout redirect for installation of given extension
339                         loadTemplate(sprintf("admin_logout_%s_install", $register));
340                 } elseif (isGetRequestParameterSet('remove')) {
341                         // Secure input
342                         $remove = getRequestParameter('remove');
343
344                         // Special logout redirect for removal of given extension
345                         loadTemplate(sprintf("admin_logout_%s_remove", $remove));
346                 } else {
347                         // Logged out normally
348                         loadTemplate('admin_logout');
349                 }
350         } else {
351                 // Something went wrong here...
352                 loadTemplate('admin_settings_saved', false, '<div class="admin_fatal">{--ADMIN_LOGOUT_FAILED--}</div>');
353
354                 // Add fatal message
355                 addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS'));
356         }
357 } else {
358         // Maybe an Admin want's to login?
359         $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5'));
360
361         // Check status
362         switch ($ret) {
363                 case 'done':
364                         // Check for access control line of current menu entry
365                         runFilterChain('check_admin_acl');
366
367                         // When type of admin menu is not set fallback to old menu system
368                         if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD');
369
370                         // Check for version and switch between old menu system and new intelligent menu system
371                         if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) {
372                                 // Default area is the entrance, of course
373                                 $area = 'entrance';
374
375                                 // Check for similar URL variable
376                                 if (isGetRequestParameterSet('area')) $area = getRequestParameter('area');
377
378                                 // Load logical-area menu-system file
379                                 loadIncludeOnce('inc/modules/admin/lasys-inc.php');
380
381                                 // Create new-style menu system will logical areas
382                                 doAdminLogicalArea($area, $action, getWhat());
383                         } else {
384                                 // This little call constructs the whole default old and lacky menu system
385                                 // on left side. It also renders the content on right side
386                                 doAdminAction();
387                         }
388                         break;
389
390                 case '404': // Administrator login not found
391                         setPostRequestParameter('ok', $ret);
392                         loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_ACCOUNT_404', getSession('admin_login')));
393                         destroyAdminSession();
394                         break;
395
396                 case 'pass': // Wrong password
397                         setPostRequestParameter('ok', $ret);
398                         loadTemplate('admin_settings_saved', false, '{--WRONG_PASS--}');
399                         destroyAdminSession();
400                         break;
401
402                 default: // Others will be logged
403                         logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));
404                         break;
405         } // END - switch
406 }
407
408 // [EOF]
409 ?>