postRequestElement('hash'), 'admin_login' => postRequestElement('admin_login') ); // Validation okay so display form for final password change loadTemplate('admin_reset_password_form', false, $content); } else { // Cannot validate the login data and hash displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}'); } } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('admin_pass1')) && (postRequestElement('admin_pass1') == postRequestElement('admin_pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'))) { // Output result loadTemplate('admin_reset_password_done', false, doResetAdminPassword(postRequestElement('admin_login'), postRequestElement('admin_pass1'))); } else { // Validation failed displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}'); } } else { // Output reset password form loadTemplate('admin_reset_password_send_link'); } } elseif ((!isSessionVariableSet('admin_id')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) { // At leat one administrator account was created if ((isSessionVariableSet('admin_id')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) { // Timeout for last login, we have to logout first! redirectToUrl('modules.php?module=admin&logout=1'); } // END - if if (isGetRequestElementSet('register')) { // Registration of first admin is done if (getRequestElement('register') == 'done') { // Regisration done! displayMessage('{--ADMIN_REGISTER_DONE--}'); } // END - if } // END - if // Check if the admin has submitted data or not if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password')) || (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')))) { setPostRequestElement('login', '***'); } // END - if if ((isFormSent('login')) && (postRequestElement('login') != '***')) { // All required data was entered so we check his account $ret = ifAdminLoginDataIsValid(postRequestElement('admin_login'), postRequestElement('admin_password')); // Which status do we have? switch ($ret) { case 'done': // Admin and password are okay, so we log in now // Load URL redirectToUrl('modules.php?' . addAllGetRequestParameters()); break; case '404': // Administrator login not found setPostRequestElement('login', $ret); $ret = '{%message,ADMIN_ACCOUNT_404=' . postRequestElement('admin_login') . '%}'; destroyAdminSession(); break; case 'password': // Wrong password setPostRequestElement('login', $ret); $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; destroyAdminSession(); break; default: // Others will be logged logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret)); break; } // END - switch } // END - if // Error detected? if ($ret != 'done') { $content['admin_login'] = ''; if (isPostRequestElementSet('admin_login')) { $content['admin_login'] = postRequestElement('admin_login'); } // END - if // Init array elements $content['login_message'] = ''; $content['pass_message'] = ''; if (isFormSent('login')) { // Set messages to zero $loginMessage = ''; $passwdMessage = ''; // Check for login if (!isPostRequestElementSet('admin_login')) { // No login entered? $loginMessage = '{--ADMIN_NO_LOGIN--}'; } elseif ((!empty($ret)) && (postRequestElement('login') == '404')) { // An error comes back from login? $loginMessage = $ret; } // Check for password if (!isPostRequestElementSet('admin_password')) { // No password entered? $passwdMessage = '{--ADMIN_NO_PASS--}'; } elseif (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')) { // Or password too short? $passwdMessage = '{--ADMIN_SHORT_PASS--}'; } elseif ((!empty($ret)) && (postRequestElement('login') == 'password')) { // An error comes back from login? $passwdMessage = $ret; } // Load message templates if the messages have been set if (!empty($loginMessage)) { $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); } // END - if if (!empty($passwdMessage)) { $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); } // END - if } // END - if // Add all parameter $content['all_parameter'] = addAllGetRequestParameters(); // Load login form template loadTemplate('admin_login_form', false, $content); } // END - if } elseif (isGetRequestElementSet('logout')) { // Only try to remove cookies if (destroyAdminSession()) { // Load logout template if (isGetRequestElementSet('register')) { // Secure input $register = getRequestElement('register'); // Special logout redirect for installation of given extension loadTemplate(sprintf("admin_logout_%s_install", $register)); } elseif (isGetRequestElementSet('remove')) { // Secure input $remove = getRequestElement('remove'); // Special logout redirect for removal of given extension loadTemplate(sprintf("admin_logout_%s_remove", $remove)); } else { // Logged out normally loadTemplate('admin_logout'); } } else { // Something went wrong here... loadTemplate('admin_settings_unsaved', false, '{--ADMIN_LOGOUT_FAILED--}'); // Add fatal message addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}'); } } else { // Maybe an Admin want's to login? $ret = ifAdminCookiesAreValid(getCurrentAdminId(), getAdminMd5()); // Check status switch ($ret) { case 'done': // Check for access control line of current menu entry runFilterChain('check_admin_acl'); // Check for version and switch between old menu system and new intelligent menu system if (adminGetMenuMode() == 'NEW') { // Load include for admin AJAX loadIncludeOnce('inc/ajax/ajax_admin.php'); // Load main template loadTemplate('admin_ajax_main'); } else { /* * This little call constructs the whole default old and lacky menu system * on left side. It also renders the content on right side */ doAdminAction(); } break; case '404': // Administrator login not found setPostRequestElement('login', $ret); displayMessage('{%message,ADMIN_ACCOUNT_404=' . getCurrentAdminId() . '%}'); destroyAdminSession(); break; case 'password': // Wrong password setPostRequestElement('login', $ret); displayMessage('{--WRONG_PASS--}'); destroyAdminSession(); break; default: // Others will be logged logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret)); break; } // END - switch } // [EOF] ?>