[mailer.git] / inc / modules / admin.php

<?php
/************************************************************************
 * Mailer v0.2.1-FINAL                                Start: 08/31/2003 *
 * ===================                          Last change: 07/02/2004 *
 *                                                                      *
 * -------------------------------------------------------------------- *
 * File              : admin.php                                        *
 * -------------------------------------------------------------------- *
 * Short description : Administration module                            *
 * -------------------------------------------------------------------- *
 * Kurzbeschreibung  : Administrationsmodul                             *
 * -------------------------------------------------------------------- *
 * $Revision::                                                        $ *
 * $Date::                                                            $ *
 * $Tag:: 0.2.1-FINAL                                                 $ *
 * $Author::                                                          $ *
 * -------------------------------------------------------------------- *
 * Copyright (c) 2003 - 2009 by Roland Haeder                           *
 * Copyright (c) 2009, 2010 by Mailer Developer Team                    *
 * For more information visit: http://www.mxchange.org                  *
 *                                                                      *
 * This program is free software; you can redistribute it and/or modify *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2 of the License, or    *
 * (at your option) any later version.                                  *
 *                                                                      *
 * This program is distributed in the hope that it will be useful,      *
 * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
 * GNU General Public License for more details.                         *
 *                                                                      *
 * You should have received a copy of the GNU General Public License    *
 * along with this program; if not, write to the Free Software          *
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
 * MA  02110-1301  USA                                                  *
 ************************************************************************/

// Some security stuff...
if (!defined('__SECURITY')) {
        die();
} // END - if

// Load include file
loadIncludeOnce('inc/modules/admin/admin-inc.php');

// Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
fixDeletedCookies(array('admin_id', 'admin_md5', 'admin_last'));

// Init return value
$ret = 'init';

// Is no admin registered?
if (!isAdminRegistered()) {
        // Admin is not registered so we have to inform the user
        if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass1')) || (strlen(postRequestParameter('pass1')) < 4) || (!isPostRequestParameterSet('pass2')) || (strlen(postRequestParameter('pass2')) < 4) || (postRequestParameter('pass1') != postRequestParameter('pass2')))) {
                setPostRequestParameter('ok', '***');
        } // END - if

        // Clear error message
        $errorMessage = '';

        if ((isFormSent()) && (postRequestParameter('ok') != '***')) {
                // Hash the password with the old function because we are here in install mode
                $hashedPass = md5(postRequestParameter('pass1'));

                // Kill maybe existing session variables
                destroyAdminSession(false);

                // Do registration
                $ret = addAdminAccount(postRequestParameter('login'), $hashedPass, getConfig('WEBMASTER'));

                // Check if registration wents fine
                switch ($ret) {
                        case 'done':
                                $done = changeDataInFile(getCachePath() . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0);
                                if ($done === true) {
                                        // Registering is done
                                        redirectToUrl('modules.php?module=admin&amp;register=done');
                                } else {
                                        // Registration incomplete
                                        $errorMessage = '{--ADMIN_CANNOT_COMPLETE--}';

                                        // Set this to have our error message displayed
                                        setPostRequestParameter('ok', '***');
                                }
                                break;

                        case 'failed': // Registration has failed
                                $errorMessage = '{--ADMIN_REGISTER_FAILED--}';

                                // Set this to have our error message displayed
                                setPostRequestParameter('ok', '***');
                                break;

                        case 'already': // Admin does already exists!
                                $errorMessage = '{--ADMIN_LOGIN_ALREADY_REG--}';

                                // Set this to have our error message displayed
                                setPostRequestParameter('ok', '***');
                                break;

                        default:
                                // Any other kind will be logged
                                $errorMessage = sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret);
                                logDebugMessage(__FILE__, __LINE__, $errorMessage);

                                // Set this to have our error message displayed
                                setPostRequestParameter('ok', '***');
                                break;
                } // END - switch
        } // END - if

        // Whas that action okay?
        if ($ret != 'done') {
                // Init login name
                $content['login'] = '';
                if (isPostRequestParameterSet('login')) {
                        $content['login'] = postRequestParameter('login');
                } // END - if

                // Init array elements
                $content['login_message']   = '';
                $content['pass1_message']    = '';
                $content['pass2_message']    = '';

                // Yet-another notice-fix
                if ((isFormSent()) && (postRequestParameter('ok') == '***')) {
                        // Init variables
                        $loginMessage = '';
                        $pass1Message = '';
                        $pass2Message = '';

                        // No login entered?
                        if (empty($content['login'])) $loginMessage = '{--ADMIN_NO_LOGIN--}';

                        // An error comes back from registration?
                        if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $errorMessage;

                        // No password 1 entered or to short?
                        if (!isPostRequestParameterSet('pass1')) $pass1Message = '{--ADMIN_NO_PASS1--}';
                         elseif (strlen(postRequestParameter('pass1')) < 4) $pass1Message = '{--ADMIN_SHORT_PASS1--}';

                        // No password 2 entered or to short?
                        if (!isPostRequestParameterSet('pass2')) $pass2Message = '{--ADMIN_NO_PASS2--}';
                         elseif (strlen(postRequestParameter('pass2')) < 4) $pass2Message = '{--ADMIN_SHORT_PASS2--}';

                        // Both didn't match?
                        if (postRequestParameter('pass1') != postRequestParameter('pass2')) {
                                // No match
                                if (empty($pass1Message)) $pass1Message = '{--ADMIN_PASS1_MISMATCH--}';
                                if (empty($pass2Message)) $pass2Message = '{--ADMIN_PASS2_MISMATCH--}';
                        } // END - if

                        // Output error messages
                        $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
                        $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message);
                        $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message);
                } // END - if

                // Output message in seperate template
                loadTemplate('admin_settings_saved', false, '{--ADMIN_ACCOUNT_NOT_REGISTERED_YET--}');

                // Load register template
                loadTemplate('admin_reg_form', false, $content);
        } // END - if
} elseif (isGetRequestParameterSet('reset_pass')) {
        // Is the form submitted?
        if ((isPostRequestParameterSet('send_link')) && (isPostRequestParameterSet('email'))) {
                // Output result
                loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestParameter('email')));
        } elseif (isGetRequestParameterSet('hash')) {
                // Output form for hash validation
                loadTemplate('admin_validate_reset_hash_form', false, getRequestParameter('hash'));
        } elseif ((isPostRequestParameterSet('validate_hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('hash'))) {
                // Validate the login data and hash
                $valid = adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'));

                // Valid?
                if ($valid === true) {
                        // Prepare content first
                        $content = array(
                                'hash'  => secureString(postRequestParameter('hash')),
                                'login' => secureString(postRequestParameter('login'))
                        );

                        // Validation okay so display form for final password change
                        loadTemplate('form_reset_password_form', false, $content);
                } else {
                        // Cannot validate the login data and hash
                        loadTemplate('admin_settings_saved', false, '{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}');
                }
        } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) {
                // Okay, we shall the admin password here. So first revalidate the hash
                if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) {
                        // Output result
                        loadTemplate('form_reset_pass_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1')));
                } else {
                        // Validation failed
                        loadTemplate('admin_settings_saved', false, '{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}');
                }
        } else {
                // Output reset password form
                loadTemplate('admin_send_reset_link');
        }
} elseif ((!isSessionVariableSet('admin_id')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
        // At leat one administrator account was created
        if ((isSessionVariableSet('admin_id')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
                // Timeout for last login, we have to logout first!
                redirectToUrl('modules.php?module=admin&amp;logout=1');
        } // END - if

        if (isGetRequestParameterSet('register')) {
                // Registration of first admin is done
                if (getRequestParameter('register') == 'done') loadTemplate('admin_settings_saved', false, '{--ADMIN_REGISTER_DONE--}');
        } // END - if

        // Check if the admin has submitted data or not
        if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('password')) || (strlen(postRequestParameter('password')) < 4))) {
                setPostRequestParameter('ok', '***');
        } // END - if

        if ((isFormSent()) && (postRequestParameter('ok') != '***')) {
                // All required data was entered so we check his account
                $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('password'));

                // Which status do we have?
                switch ($ret) {
                        case 'done': // Admin and password are okay, so we log in now
                                // Construct URL and redirect
                                $url = 'modules.php?module=admin&amp;';

                                // Rewrite overview module
                                if (getWhat() == 'overview') {
                                        setAction(getActionFromModuleWhat(getModule(), getWhat()));
                                } // END - if

                                // Add data to URL
                                if (isWhatSet())        $url .= 'what='.getWhat();
                                 elseif (isActionSet()) $url .= 'action='.getAction();
                                 elseif (isGetRequestParameterSet('area'))  $url .= 'area='.getRequestParameter('area');

                         // Load URL
                         redirectToUrl($url);
                         break;

                        case '404': // Administrator login not found
                                setPostRequestParameter('ok', $ret);
                                $ret = getMaskedMessage('ADMIN_ACCOUNT_404', postRequestParameter('login'));
                                destroyAdminSession();
                                break;

                        case 'password': // Wrong password
                                setPostRequestParameter('ok', $ret);
                                $ret = '{--WRONG_PASS--} [<a href="{%url=modules.php?module=admin&amp;reset_pass=1%}">{--ADMIN_RESET_PASS--}</a>]';
                                destroyAdminSession();
                                break;

                        default: // Others will be logged
                                logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
                                break;
                } // END - switch
        } // END - if

        // Error detected?
        if ($ret != 'done') {
                $content['login'] = '';
                if (isPostRequestParameterSet('login')) {
                        $content['login'] = postRequestParameter('login');
                } // END - if

                // Init array elements
                $content['login_message'] = '';
                $content['pass_message']  = '';

                if (isFormSent()) {
                        // Set messages to zero
                        $loginMessage = ''; $passwdMessage = '';

                        // No login entered?
                        if (!isPostRequestParameterSet('login')) $loginMessage = '{--ADMIN_NO_LOGIN--}';

                        // An error comes back from login?
                        if ((!empty($ret)) && (postRequestParameter('ok') == '404')) $loginMessage = $ret;

                        // No password entered?
                        if (!isPostRequestParameterSet('password')) $passwdMessage = '{--ADMIN_NO_PASS--}';

                        // Or password too short?
                        if (strlen(postRequestParameter('password')) < 4) $passwdMessage = '{--ADMIN_SHORT_PASS--}';

                        // An error comes back from login?
                        if ((!empty($ret)) && (postRequestParameter('ok') == 'password')) $passwdMessage = $ret;

                        // Load message template
                        $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
                        $content['pass_message']  = loadTemplate('admin_login_msg', true, $passwdMessage);
                } // END - if

                // Load login form
                if (isWhatSet()) {
                        // Restore old what value
                        $content = merge_array($content, array('target' => 'what', 'value' => getWhat()));
                } elseif (isActionSet()) {
                        if (getAction() != 'logout') {
                                // Restore old action value
                                $content = merge_array($content, array('target' => 'action', 'value' => getAction()));
                        } else {
                                // Set default values
                                $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
                        }
                } elseif (isGetRequestParameterSet('area')) {
                        // Restore old area value
                        $content = merge_array(
                                $content,
                                array(
                                        'target' => 'area',
                                        'value'  => getRequestParameter('area')
                                )
                        );
                } else {
                        // Set default values
                        $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
                }

                // Load login form template
                loadTemplate('admin_login_form', false, $content);
        } // END - if
} elseif (isGetRequestParameterSet('logout')) {
        // Only try to remove cookies
        if (destroyAdminSession()) {
                // Load logout template
                if (isGetRequestParameterSet('register')) {
                        // Secure input
                        $register = getRequestParameter('register');

                        // Special logout redirect for installation of given extension
                        loadTemplate(sprintf("admin_logout_%s_install", $register));
                } elseif (isGetRequestParameterSet('remove')) {
                        // Secure input
                        $remove = getRequestParameter('remove');

                        // Special logout redirect for removal of given extension
                        loadTemplate(sprintf("admin_logout_%s_remove", $remove));
                } else {
                        // Logged out normally
                        loadTemplate('admin_logout');
                }
        } else {
                // Something went wrong here...
                loadTemplate('admin_settings_unsaved', false, '{--ADMIN_LOGOUT_FAILED--}');

                // Add fatal message
                addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}');
        }
} else {
        // Maybe an Admin want's to login?
        $ret = ifAdminCookiesAreValid(getSession('admin_id'), getSession('admin_md5'));

        // Check status
        switch ($ret) {
                case 'done':
                        // Check for access control line of current menu entry
                        runFilterChain('check_admin_acl');

                        // When type of admin menu is not set fallback to old menu system
                        if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD');

                        // Check for version and switch between old menu system and new intelligent menu system
                        if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) {
                                // Default area is the entrance, of course
                                $area = 'entrance';

                                // Check for similar URL variable
                                if (isGetRequestParameterSet('area')) $area = getRequestParameter('area');

                                // Load logical-area menu-system file
                                loadIncludeOnce('inc/modules/admin/lasys-inc.php');

                                // Create new-style menu system will logical areas
                                doAdminLogicalArea($area, $action, getWhat());
                        } else {
                                // This little call constructs the whole default old and lacky menu system
                                // on left side. It also renders the content on right side
                                doAdminAction();
                        }
                        break;

                case '404': // Administrator login not found
                        setPostRequestParameter('ok', $ret);
                        loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_ACCOUNT_404', getSession('admin_id')));
                        destroyAdminSession();
                        break;

                case 'password': // Wrong password
                        setPostRequestParameter('ok', $ret);
                        loadTemplate('admin_settings_saved', false, '{--WRONG_PASS--}');
                        destroyAdminSession();
                        break;

                default: // Others will be logged
                        logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));
                        break;
        } // END - switch
}

// [EOF]
?>