More constant rewrites
[mailer.git] / inc / modules / admin.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 08/31/2003 *
4  * ===============                              Last change: 07/02/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : admin.php                                        *
8  * -------------------------------------------------------------------- *
9  * Short description : Administration module                            *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Administrationsmodul                             *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software; you can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License, or    *
21  * (at your option) any later version.                                  *
22  *                                                                      *
23  * This program is distributed in the hope that it will be useful,      *
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
26  * GNU General Public License for more details.                         *
27  *                                                                      *
28  * You should have received a copy of the GNU General Public License    *
29  * along with this program; if not, write to the Free Software          *
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
31  * MA  02110-1301  USA                                                  *
32  ************************************************************************/
33
34 // Some security stuff...
35 if (!defined('__SECURITY')) {
36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
37         require($INC);
38 }
39
40 // Load include file
41 LOAD_INC_ONCE("inc/modules/admin/admin-inc.php");
42
43 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
44 FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to'));
45
46 // Init return value
47 $ret = "init";
48
49 // Is no admin registered?
50 if (!isAdminRegistered()) {
51         // Admin is not registered so we have to inform the user
52         if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
53                 REQUEST_SET_POST('ok', "***");
54         }
55
56         if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
57                 // Hash the password with the old function because we are here in install mode
58                 $hashedPass = md5(REQUEST_POST('pass'));
59
60                 // Kill maybe existing session variables
61                 destroyAdminSession(false);
62
63                 // Do registration
64                 $ret = REGISTER_ADMIN(REQUEST_POST('login'), $hashedPass);
65                 switch ($ret)
66                 {
67                 case "done":
68                         $done = changeDataInFile(constant('PATH')."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
69                         if ($done === true) {
70                                 // Registering is done
71                                 LOAD_URL("modules.php?module=admin&amp;action=login&register=done");
72                         } else {
73                                 $ret = getMessage('ADMIN_CANNOT_COMPLETE');
74                         }
75                         break;
76
77                 case "failed":
78                         $ret = getMessage('ADMIN_REGISTER_FAILED');
79                         break;
80
81                 case "already":
82                 default:
83                         if ($ret == "already") {
84                                 // Admin does already exists!
85                                 $ret = getMessage('ADMIN_LOGIN_ALREADY_REG');
86                         } else {
87                                 // Any other kind will be logged and interpreted as 'done'
88                                 DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN() and interpreted as 'done'!", $ret));
89                                 // @TODO Why is this set to 'done'?
90                                 $ret = "done";
91                         }
92
93                         // Admin still not registered?
94                         if (!isAdminRegistered()) {
95                                 // Write to config that registration is done
96                                 changeDataInFile(constant('PATH')."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0);
97
98                                 // Load URL for login
99                                 LOAD_URL("modules.php?module=admin&amp;action=login");
100                         } // END - if
101                         break;
102                 }
103         }
104
105         // Whas that action okay?
106         if ($ret != "done") {
107                 // Fixes another "Notice"
108                 if (REQUEST_ISSET_POST(('login'))) {
109                         define('__LOGIN_VALUE', REQUEST_POST('login'));
110                 } else {
111                         define('__LOGIN_VALUE', "");
112                 }
113
114                 // Yet-another "Notice" fix
115                 if ((IS_FORM_SENT()) && (REQUEST_POST('ok') == "***")) {
116                         // No login entered?
117                         if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
118
119                         // An error comes back from registration?
120                         if (!empty($ret)) $MSG1 = $ret;
121
122                         // No password entered?
123                         if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
124
125                         // Or password too short?
126                         if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
127
128                         // Output error messages
129                         define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
130                         define('__MSG_PASS',  LOAD_TEMPLATE("admin_login_msg", true, $MSG2));
131
132                         // Reset variables
133                         $MSG1 = ""; $MSG2 = "";
134                 } else {
135                         // Reset values to nothing
136                         define('__MSG_LOGIN', "");
137                         define('__MSG_PASS' , "");
138                 }
139
140                 // Load register template
141                 LOAD_TEMPLATE("admin_reg_form");
142         }
143 } elseif (REQUEST_ISSET_GET(('reset_pass'))) {
144         // Is the form submitted?
145         if ((REQUEST_ISSET_POST(('send_link'))) && (REQUEST_ISSET_POST(('email')))) {
146                 // Try to send the link out
147                 $OUT = ADMIN_SEND_PASSWORD_RESET_LINK(REQUEST_POST('email'));
148
149                 // Output result
150                 LOAD_TEMPLATE("admin_settings_saved", false, $OUT);
151         } elseif (REQUEST_ISSET_GET(('hash'))) {
152                 // Output form for hash validation
153                 LOAD_TEMPLATE("admin_validate_reset_hash_form", false, REQUEST_GET('hash'));
154         } elseif ((REQUEST_ISSET_POST(('validate_hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('hash')))) {
155                 // Validate the login data and hash
156                 $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'));
157
158                 // Valid?
159                 if ($valid === true) {
160                         // Prepare content first
161                         $content = array(
162                                 'hash'  => SQL_ESCAPE(REQUEST_POST('hash')),
163                                 'login' => SQL_ESCAPE(REQUEST_POST('login'))
164                         );
165
166                         // Validation okay so display form for final password change
167                         LOAD_TEMPLATE("admin_reset_password_form", false, $content);
168                 } else {
169                         // Cannot validate the login data and hash
170                         LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
171                 }
172         } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
173                 // Okay, we shall the admin password here. So first revalidate the hash
174                 if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) {
175                         // Set the password now
176                         $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1'));
177
178                         // Output result
179                         LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT);
180                 } else {
181                         // Validation failed
182                         LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2'));
183                 }
184         } else {
185                 // Output reset password form
186                 LOAD_TEMPLATE("admin_send_reset_link");
187         }
188 } elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((get_session('admin_last') + bigintval(get_session('admin_to')) * 3600 * 24) < time())) {
189         // At leat one administrator account was created
190         if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) {
191                 // Timeout for last login, we have to logout first!
192                 LOAD_URL("modules.php?module=admin&amp;action=login&amp;logout=1");
193         } // END - if
194
195         if (REQUEST_ISSET_GET(('register'))) {
196                 // Registration of first admin is done
197                 if (REQUEST_GET('register') == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
198         } // END - if
199
200         // Check if the admin has submitted data or not
201         if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
202                 REQUEST_SET_POST('ok', "***");
203         }
204
205         if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
206                 // All required data was entered so we check his account
207                 $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass'));
208
209                 // Which status do we have?
210                 switch ($ret)
211                 {
212                 case "done": // Admin and password are okay, so we log in now
213                         // Construct URL and redirect
214                         $URL = "modules.php?module=admin&amp;";
215
216                         // Rewrite overview module
217                         if ($GLOBALS['what'] == "overview") {
218                                 $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']);
219                         } // END - if
220
221                         // Add data to URL
222                         if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
223                          elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
224                          elseif (REQUEST_ISSET_GET(('area'))) $URL .= "area=".REQUEST_GET('area');
225
226                         // Load URL
227                         LOAD_URL($URL);
228                         break;
229
230                 case "404": // Administrator login not found
231                         REQUEST_SET_POST('ok', $ret);
232                         $ret = getMessage('ADMIN_NOT_FOUND');
233                         destroyAdminSession();
234                         break;
235
236                 case "pass": // Wrong password
237                         REQUEST_SET_POST('ok', $ret);
238                         $ret = "{--WRONG_PASS--} [<a href=\"{!URL!}/modules.php?module=admin&amp;reset_pass=1\">{--ADMIN_RESET_PASS--}</a>]\n";
239                         destroyAdminSession();
240                         break;
241
242                 default: // Others will be logged
243                         DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret));
244                         break;
245                 } // END - switch
246         } // END - if
247
248         // Error detected?
249         if ($ret != "done") {
250                 if (REQUEST_ISSET_POST(('login'))) {
251                         define('__LOGIN_VALUE', REQUEST_POST('login'));
252                 } else {
253                         define('__LOGIN_VALUE', "");
254                 }
255
256                 if (IS_FORM_SENT()) {
257                         // Set messages to zero
258                         $MSG1 = ""; $MSG2 = "";
259
260                         // No login entered?
261                         if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
262
263                         // An error comes back from login?
264                         if ((!empty($ret)) && (REQUEST_POST('ok') == "404")) $MSG1 = $ret;
265
266                         // No password entered?
267                         if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
268
269                         // Or password too short?
270                         if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
271
272                         // An error comes back from login?
273                         if ((!empty($ret)) && (REQUEST_POST('ok') == "pass")) $MSG2 = $ret;
274
275                         // Load message template
276                         define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
277                         define('__MSG_PASS' , LOAD_TEMPLATE("admin_login_msg", true, $MSG2));
278
279                         // Reset variables
280                         $MSG1 = ""; $MSG2 = "";
281                 } else {
282                         // Set constants to empty for hiding them
283                         define('__MSG_LOGIN', "");
284                         define('__MSG_PASS' , "");
285                 }
286
287                 // Load login form
288                 if (!empty($GLOBALS['what'])) {
289                         // Restore old what value
290                         $content = array('target' => "what", 'value' => $GLOBALS['what']);
291                 } elseif (!empty($GLOBALS['action'])) {
292                         if ($GLOBALS['action'] != "logout") {
293                                 // Restore old action value
294                                 $content = array('target' => "action", 'value' => $GLOBALS['action']);
295                         } else {
296                                 // Set default values
297                                 $content = array('target' => "action", 'value' => "login");
298                         }
299                 } elseif (REQUEST_ISSET_GET(('area'))) {
300                         // Restore old area value
301                         $content = array('target' => "area", 'value' => REQUEST_GET('area'));
302                 } else {
303                         // Set default values
304                         $content = array('target' => "action", 'value' => "login");
305                 }
306
307                 // Load login form template
308                 LOAD_TEMPLATE("admin_login_form", false, $content);
309         } // END - if
310 } elseif (REQUEST_ISSET_GET(('logout'))) {
311         // Only try to remove cookies
312         if (destroyAdminSession()) {
313                 // Load logout template
314                 if (REQUEST_ISSET_GET(('register'))) {
315                         // Secure input
316                         $register = REQUEST_GET(('register'));
317
318                         // Special logout redirect for installation of given extension
319                         LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
320                 } elseif (REQUEST_ISSET_GET(('remove'))) {
321                         // Secure input
322                         $remove = REQUEST_GET(('remove'));
323
324                         // Special logout redirect for removal of given extension
325                         LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
326                 } else {
327                         // Logged out normally
328                         LOAD_TEMPLATE("admin_logout");
329                 }
330         } else {
331                 // Something went wrong here...
332                 LOAD_TEMPLATE("admin_settings_saved", false, "<div class=\"admin_fatal\">{--ADMIN_LOGOUT_FAILED--}</div>");
333
334                 // Add fatal message
335                 addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS'));
336         }
337 } else {
338         // Maybe an Admin want's to login?
339         $ret = CHECK_ADMIN_COOKIES(get_session('admin_login'), get_session('admin_md5'));
340         switch ($ret)
341         {
342         case "done":
343                 // Check for access control line of current menu entry
344                 $GLOBALS['acl_allow'] = runFilterChain('check_admin_acl');
345
346                 // When type of admin menu is not set fallback to old menu system
347                 if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', "OLD");
348
349                 // Check for version and switch between old menu system and new "intelligent menu system"
350                 if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (INCLUDE_READABLE("inc/modules/admin/lasys-inc.php"))) {
351                         // Default area is the entrance, of course
352                         $area = "entrance";
353
354                         // Check for similar URL variable
355                         if (REQUEST_ISSET_GET(('area'))) $area = REQUEST_GET(('area'));
356
357                         // Load "logical-area menu-system" file
358                         LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php");
359
360                         // Create new-style menu system will "logical areas"
361                         ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']);
362                 } else {
363                         // This little call constructs the whole default old and lacky menu system
364                         // on left side
365                         ADMIN_DO_ACTION($GLOBALS['what']);
366                 }
367                 break;
368
369         case "404": // Administrator login not found
370                 REQUEST_SET_POST('ok', $ret);
371                 destroyAdminSession();
372                 addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_NOT_FOUND'));
373                 break;
374
375         case "pass": // Wrong password
376                 REQUEST_SET_POST('ok', $ret);
377                 destroyAdminSession();
378                 addFatalMessage(__FILE__, __LINE__, getMessage('WRONG_PASS'));
379                 break;
380
381         default: // Others will be logged
382                 DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_COOKIES()", $ret));
383                 break;
384         }
385 }
386
387 //
388 ?>