fabb66504888bea817e944a75537a72334e8ef3e
[mailer.git] / inc / modules / admin.php
1 <?php
2 /************************************************************************
3  * Mailer v0.2.1-FINAL                                Start: 08/31/2003 *
4  * ===================                          Last change: 07/02/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : admin.php                                        *
8  * -------------------------------------------------------------------- *
9  * Short description : Administration module                            *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Administrationsmodul                             *
12  * -------------------------------------------------------------------- *
13  * $Revision::                                                        $ *
14  * $Date::                                                            $ *
15  * $Tag:: 0.2.1-FINAL                                                 $ *
16  * $Author::                                                          $ *
17  * Needs to be in all Files and every File needs "svn propset           *
18  * svn:keywords Date Revision" (autoprobset!) at least!!!!!!            *
19  * -------------------------------------------------------------------- *
20  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
21  * For more information visit: http://www.mxchange.org                  *
22  *                                                                      *
23  * This program is free software; you can redistribute it and/or modify *
24  * it under the terms of the GNU General Public License as published by *
25  * the Free Software Foundation; either version 2 of the License, or    *
26  * (at your option) any later version.                                  *
27  *                                                                      *
28  * This program is distributed in the hope that it will be useful,      *
29  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
30  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
31  * GNU General Public License for more details.                         *
32  *                                                                      *
33  * You should have received a copy of the GNU General Public License    *
34  * along with this program; if not, write to the Free Software          *
35  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
36  * MA  02110-1301  USA                                                  *
37  ************************************************************************/
38
39 // Some security stuff...
40 if (!defined('__SECURITY')) {
41         die();
42 } // END - if
43
44 // Load include file
45 loadIncludeOnce('inc/modules/admin/admin-inc.php');
46
47 // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!)
48 fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last'));
49
50 // Init return value
51 $ret = 'init';
52
53 // Is no admin registered?
54 if (!isAdminRegistered()) {
55         // Admin is not registered so we have to inform the user
56         if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass1')) || (strlen(postRequestElement('pass1')) < 4) || (!isPostRequestElementSet('pass2')) || (strlen(postRequestElement('pass2')) < 4) || (postRequestElement('pass1') != postRequestElement('pass2')))) {
57                 setPostRequestElement('ok', '***');
58         } // END - if
59
60         if ((isFormSent()) && (postRequestElement('ok') != '***')) {
61                 // Hash the password with the old function because we are here in install mode
62                 $hashedPass = md5(postRequestElement('pass1'));
63
64                 // Kill maybe existing session variables
65                 destroyAdminSession(false);
66
67                 // Do registration
68                 $ret = addAdminAccount(postRequestElement('login'), $hashedPass, getConfig('WEBMASTER'));
69
70                 // Check if registration wents fine
71                 switch ($ret) {
72                         case 'done':
73                                 $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0);
74                                 if ($done === true) {
75                                         // Registering is done
76                                         redirectToUrl('modules.php?module=admin&amp;register=done');
77                                 } else {
78                                         $ret = getMessage('ADMIN_CANNOT_COMPLETE');
79                                 }
80                                 break;
81
82                         case 'failed': // Registration has failed
83                                 $ret = getMessage('ADMIN_REGISTER_FAILED');
84                                 break;
85
86                         case 'already': // Admin does already exists!
87                                 $ret = getMessage('ADMIN_LOGIN_ALREADY_REG');
88                                 break;
89
90                         default:
91                                 // Any other kind will be logged
92                                 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret));
93                                 break;
94                 } // END - switch
95         } // END - if
96
97         // Whas that action okay?
98         if ($ret != 'done') {
99                 // Init login name
100                 $content['login'] = '';
101                 if (isPostRequestElementSet('login')) {
102                         $content['login'] = postRequestElement('login');
103                 } // END - if
104
105                 // Init array elements
106                 $content['login_message']   = '';
107                 $content['pass1_message']    = '';
108                 $content['pass2_message']    = '';
109
110                 // Yet-another notice-fix
111                 if ((isFormSent()) && (postRequestElement('ok') == '***')) {
112                         // Init variables
113                         $loginMessage = '';
114                         $pass1Message = '';
115                         $pass2Message = '';
116
117                         // No login entered?
118                         if (empty($content['login'])) $loginMessage = getMessage('ADMIN_NO_LOGIN');
119
120                         // An error comes back from registration?
121                         if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $ret;
122
123                         // No password 1 entered or to short?
124                         if (!isPostRequestElementSet('pass1')) $pass1Message = getMessage('ADMIN_NO_PASS1');
125                          elseif (strlen(postRequestElement('pass1')) < 4) $pass1Message = getMessage('ADMIN_SHORT_PASS1');
126
127                         // No password 2 entered or to short?
128                         if (!isPostRequestElementSet('pass2')) $pass2Message = getMessage('ADMIN_NO_PASS2');
129                          elseif (strlen(postRequestElement('pass2')) < 4) $pass2Message = getMessage('ADMIN_SHORT_PASS2');
130
131                         // Both didn't match?
132                         if (postRequestElement('pass1') != postRequestElement('pass2')) {
133                                 // No match
134                                 if (empty($pass1Message)) $pass1Message = getMessage('ADMIN_PASS1_MISMATCH');
135                                 if (empty($pass2Message)) $pass2Message = getMessage('ADMIN_PASS2_MISMATCH');
136                         } // END - if
137
138                         // Output error messages
139                         $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
140                         $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message);
141                         $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message);
142                 } // END - if
143
144                 // Output message in seperate template
145                 loadTemplate('admin_settings_saved', false, getMessage('ADMIN_NOT_REGISTERED'));
146
147                 // Load register template
148                 loadTemplate('admin_reg_form', false, $content);
149         }
150 } elseif (isGetRequestElementSet('reset_pass')) {
151         // Is the form submitted?
152         if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) {
153                 // Output result
154                 loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestElement('email')));
155         } elseif (isGetRequestElementSet('hash')) {
156                 // Output form for hash validation
157                 loadTemplate('admin_validate_reset_hash_form', false, getRequestElement('hash'));
158         } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('hash'))) {
159                 // Validate the login data and hash
160                 $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'));
161
162                 // Valid?
163                 if ($valid === true) {
164                         // Prepare content first
165                         $content = array(
166                                 'hash'  => secureString(postRequestElement('hash')),
167                                 'login' => secureString(postRequestElement('login'))
168                         );
169
170                         // Validation okay so display form for final password change
171                         loadTemplate('admin_reset_password_form', false, $content);
172                 } else {
173                         // Cannot validate the login data and hash
174                         loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
175                 }
176         } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('pass1')) && (postRequestElement('pass1') == postRequestElement('pass2'))) {
177                 // Okay, we shall the admin password here. So first revalidate the hash
178                 if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'))) {
179                         // Output result
180                         loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestElement('login'), postRequestElement('pass1')));
181                 } else {
182                         // Validation failed
183                         loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2'));
184                 }
185         } else {
186                 // Output reset password form
187                 loadTemplate('admin_send_reset_link');
188         }
189 } elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
190         // At leat one administrator account was created
191         if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
192                 // Timeout for last login, we have to logout first!
193                 redirectToUrl('modules.php?module=admin&amp;logout=1');
194         } // END - if
195
196         if (isGetRequestElementSet('register')) {
197                 // Registration of first admin is done
198                 if (getRequestElement('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE'));
199         } // END - if
200
201         // Check if the admin has submitted data or not
202         if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass')) || (strlen(postRequestElement('pass')) < 4))) {
203                 setPostRequestElement('ok', '***');
204         } // END - if
205
206         if ((isFormSent()) && (postRequestElement('ok') != '***')) {
207                 // All required data was entered so we check his account
208                 $ret = ifAdminLoginDataIsValid(postRequestElement('login'), postRequestElement('pass'));
209
210                 // Which status do we have?
211                 switch ($ret) {
212                         case 'done': // Admin and password are okay, so we log in now
213                                 // Construct URL and redirect
214                                 $URL = 'modules.php?module=admin&amp;';
215
216                                 // Rewrite overview module
217                                 if (getWhat() == 'overview') {
218                                         setAction(getModeAction(getModule(), getWhat()));
219                                 } // END - if
220
221                                 // Add data to URL
222                                 if (isWhatSet())        $URL .= 'what='.getWhat();
223                                  elseif (isActionSet()) $URL .= 'action='.getAction();
224                                  elseif (isGetRequestElementSet('area'))  $URL .= 'area='.getRequestElement('area');
225
226                          // Load URL
227                          redirectToUrl($URL);
228                          break;
229
230                         case '404': // Administrator login not found
231                                 setPostRequestElement('ok', $ret);
232                                 $ret = getMaskedMessage('ADMIN_404', postRequestElement('login'));
233                                 destroyAdminSession();
234                                 break;
235
236                         case 'pass': // Wrong password
237                                 setPostRequestElement('ok', $ret);
238                                 $ret = '{--WRONG_PASS--} [<a href="{%url=modules.php?module=admin&amp;reset_pass=1%}">{--ADMIN_RESET_PASS--}</a>]';
239                                 destroyAdminSession();
240                                 break;
241
242                         default: // Others will be logged
243                                 logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
244                                 break;
245                 } // END - switch
246         } // END - if
247
248         // Error detected?
249         if ($ret != 'done') {
250                 $content['login'] = '';
251                 if (isPostRequestElementSet('login')) {
252                         $content['login'] = postRequestElement('login');
253                 } // END - if
254
255                 // Init array elements
256                 $content['login_message'] = '';
257                 $content['pass_message']  = '';
258
259                 if (isFormSent()) {
260                         // Set messages to zero
261                         $loginMessage = ''; $passwdMessage = '';
262
263                         // No login entered?
264                         if (!isPostRequestElementSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN');
265
266                         // An error comes back from login?
267                         if ((!empty($ret)) && (postRequestElement('ok') == '404')) $loginMessage = $ret;
268
269                         // No password entered?
270                         if (!isPostRequestElementSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS');
271
272                         // Or password too short?
273                         if (strlen(postRequestElement('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS');
274
275                         // An error comes back from login?
276                         if ((!empty($ret)) && (postRequestElement('ok') == 'pass')) $passwdMessage = $ret;
277
278                         // Load message template
279                         $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
280                         $content['pass_message']  = loadTemplate('admin_login_msg', true, $passwdMessage);
281                 } // END - if
282
283                 // Load login form
284                 if (isWhatSet()) {
285                         // Restore old what value
286                         $content = merge_array($content, array('target' => 'what', 'value' => getWhat()));
287                 } elseif (isActionSet()) {
288                         if (getAction() != 'logout') {
289                                 // Restore old action value
290                                 $content = merge_array($content, array('target' => 'action', 'value' => getAction()));
291                         } else {
292                                 // Set default values
293                                 $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
294                         }
295                 } elseif (isGetRequestElementSet('area')) {
296                         // Restore old area value
297                         $content = merge_array($content, array('target' => 'area', 'value' => getRequestElement('area')));
298                 } else {
299                         // Set default values
300                         $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
301                 }
302
303                 // Load login form template
304                 loadTemplate('admin_login_form', false, $content);
305         } // END - if
306 } elseif (isGetRequestElementSet('logout')) {
307         // Only try to remove cookies
308         if (destroyAdminSession()) {
309                 // Load logout template
310                 if (isGetRequestElementSet('register')) {
311                         // Secure input
312                         $register = getRequestElement('register');
313
314                         // Special logout redirect for installation of given extension
315                         loadTemplate(sprintf("admin_logout_%s_install", $register));
316                 } elseif (isGetRequestElementSet('remove')) {
317                         // Secure input
318                         $remove = getRequestElement('remove');
319
320                         // Special logout redirect for removal of given extension
321                         loadTemplate(sprintf("admin_logout_%s_remove", $remove));
322                 } else {
323                         // Logged out normally
324                         loadTemplate('admin_logout');
325                 }
326         } else {
327                 // Something went wrong here...
328                 loadTemplate('admin_settings_saved', false, '<div class="admin_fatal">{--ADMIN_LOGOUT_FAILED--}</div>');
329
330                 // Add fatal message
331                 addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS'));
332         }
333 } else {
334         // Maybe an Admin want's to login?
335         $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5'));
336
337         // Check status
338         switch ($ret) {
339                 case 'done':
340                         // Check for access control line of current menu entry
341                         runFilterChain('check_admin_acl');
342
343                         // When type of admin menu is not set fallback to old menu system
344                         if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD');
345
346                         // Check for version and switch between old menu system and new intelligent menu system
347                         if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) {
348                                 // Default area is the entrance, of course
349                                 $area = 'entrance';
350
351                                 // Check for similar URL variable
352                                 if (isGetRequestElementSet('area')) $area = getRequestElement('area');
353
354                                 // Load logical-area menu-system file
355                                 loadIncludeOnce('inc/modules/admin/lasys-inc.php');
356
357                                 // Create new-style menu system will logical areas
358                                 doAdminLogicalArea($area, $action, getWhat());
359                         } else {
360                                 // This little call constructs the whole default old and lacky menu system
361                                 // on left side. It also renders the content on right side
362                                 doAdminAction();
363                         }
364                         break;
365
366                 case '404': // Administrator login not found
367                         setPostRequestElement('ok', $ret);
368                         loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_404', getSession('admin_login')));
369                         destroyAdminSession();
370                         break;
371
372                 case 'pass': // Wrong password
373                         setPostRequestElement('ok', $ret);
374                         loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS'));
375                         destroyAdminSession();
376                         break;
377
378                 default: // Others will be logged
379                         logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));
380                         break;
381         } // END - switch
382 }
383
384 // [EOF]
385 ?>