SQL_ESCAPE(REQUEST_POST('hash')),
'login' => SQL_ESCAPE(REQUEST_POST('login'))
);
// Validation okay so display form for final password change
LOAD_TEMPLATE("admin_reset_password_form", false, $content);
} else {
// Cannot validate the login data and hash
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
}
} elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
// Okay, we shall the admin password here. So first revalidate the hash
if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) {
// Set the password now
$OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1'));
// Output result
LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT);
} else {
// Validation failed
LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2'));
}
} else {
// Output reset password form
LOAD_TEMPLATE("admin_send_reset_link");
}
} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((get_session('admin_last') + bigintval(get_session('admin_to')) * 3600 * 24) < time())) {
// At leat one administrator account was created
if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) {
// Timeout for last login, we have to logout first!
LOAD_URL("modules.php?module=admin&action=login&logout=1");
} // END - if
if (REQUEST_ISSET_GET(('register'))) {
// Registration of first admin is done
if (REQUEST_GET('register') == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE'));
} // END - if
// Check if the admin has submitted data or not
if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
REQUEST_SET_POST('ok', "***");
}
if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) {
// All required data was entered so we check his account
$ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass'));
// Which status do we have?
switch ($ret)
{
case "done": // Admin and password are okay, so we log in now
// Construct URL and redirect
$URL = "modules.php?module=admin&";
// Rewrite overview module
if ($GLOBALS['what'] == "overview") {
$GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']);
} // END - if
// Add data to URL
if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
elseif (REQUEST_ISSET_GET(('area'))) $URL .= "area=".REQUEST_GET('area');
// Load URL
LOAD_URL($URL);
break;
case "404": // Administrator login not found
REQUEST_SET_POST('ok', $ret);
$ret = getMessage('ADMIN_NOT_FOUND');
destroyAdminSession();
break;
case "pass": // Wrong password
REQUEST_SET_POST('ok', $ret);
$ret = "{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]\n";
destroyAdminSession();
break;
default: // Others will be logged
DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret));
break;
} // END - switch
} // END - if
// Error detected?
if ($ret != "done") {
if (REQUEST_ISSET_POST(('login'))) {
define('__LOGIN_VALUE', REQUEST_POST('login'));
} else {
define('__LOGIN_VALUE', "");
}
if (IS_FORM_SENT()) {
// Set messages to zero
$MSG1 = ""; $MSG2 = "";
// No login entered?
if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN');
// An error comes back from login?
if ((!empty($ret)) && (REQUEST_POST('ok') == "404")) $MSG1 = $ret;
// No password entered?
if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS');
// Or password too short?
if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS');
// An error comes back from login?
if ((!empty($ret)) && (REQUEST_POST('ok') == "pass")) $MSG2 = $ret;
// Load message template
define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1));
define('__MSG_PASS' , LOAD_TEMPLATE("admin_login_msg", true, $MSG2));
// Reset variables
$MSG1 = ""; $MSG2 = "";
} else {
// Set constants to empty for hiding them
define('__MSG_LOGIN', "");
define('__MSG_PASS' , "");
}
// Load login form
if (!empty($GLOBALS['what'])) {
// Restore old what value
$content = array('target' => "what", 'value' => $GLOBALS['what']);
} elseif (!empty($GLOBALS['action'])) {
if ($GLOBALS['action'] != "logout") {
// Restore old action value
$content = array('target' => "action", 'value' => $GLOBALS['action']);
} else {
// Set default values
$content = array('target' => "action", 'value' => "login");
}
} elseif (REQUEST_ISSET_GET(('area'))) {
// Restore old area value
$content = array('target' => "area", 'value' => REQUEST_GET('area'));
} else {
// Set default values
$content = array('target' => "action", 'value' => "login");
}
// Load login form template
LOAD_TEMPLATE("admin_login_form", false, $content);
} // END - if
} elseif (REQUEST_ISSET_GET(('logout'))) {
// Only try to remove cookies
if (destroyAdminSession()) {
// Load logout template
if (REQUEST_ISSET_GET(('register'))) {
// Secure input
$register = REQUEST_GET(('register'));
// Special logout redirect for installation of given extension
LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
} elseif (REQUEST_ISSET_GET(('remove'))) {
// Secure input
$remove = REQUEST_GET(('remove'));
// Special logout redirect for removal of given extension
LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
} else {
// Logged out normally
LOAD_TEMPLATE("admin_logout");
}
} else {
// Something went wrong here...
LOAD_TEMPLATE("admin_settings_saved", false, "{--ADMIN_LOGOUT_FAILED--}
");
// Add fatal message
addFatalMessage(getMessage('CANNOT_UNREG_SESS'));
}
} else {
// Maybe an Admin want's to login?
$ret = CHECK_ADMIN_COOKIES(get_session('admin_login'), get_session('admin_md5'));
switch ($ret)
{
case "done":
// Check for access control line of current menu entry
define('__ACL_ALLOW', RUN_FILTER('check_admin_acl'));
// When type of admin menu is not set fallback to old menu system
if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', "OLD");
// Check for version and switch between old menu system and new "intelligent menu system"
if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (INCLUDE_READABLE("inc/modules/admin/lasys-inc.php"))) {
// Default area is the entrance, of course
$area = "entrance";
// Check for similar URL variable
if (REQUEST_ISSET_GET(('area'))) $area = REQUEST_GET(('area'));
// Load "logical-area menu-system" file
LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php");
// Create new-style menu system will "logical areas"
ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']);
} else {
// This little call constructs the whole default old and lacky menu system
// on left side
ADMIN_DO_ACTION($GLOBALS['what']);
}
break;
case "404": // Administrator login not found
REQUEST_SET_POST('ok', $ret);
destroyAdminSession();
addFatalMessage(getMessage('ADMIN_NOT_FOUND'));
break;
case "pass": // Wrong password
REQUEST_SET_POST('ok', $ret);
destroyAdminSession();
addFatalMessage(getMessage('WRONG_PASS'));
break;
default: // Others will be logged
DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_COOKIES()", $ret));
break;
}
}
//
?>