X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=1807ee960f078b3e1f691302decddf6655442831;hp=572888450ffb638c05c6e4ca6cd53ec2a0d5ff1f;hb=e5527fd38a6585c8466dc28d013f12d21eb7c07a;hpb=03486c08011d4c233e2455c8e5335ecc0818333f diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 572888450f..1807ee960f 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -16,8 +16,8 @@ * $Author:: $ * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009 - 2011 by Mailer Developer Team * - * For more information visit: http://www.mxchange.org * + * Copyright (c) 2009 - 2013 by Mailer Developer Team * + * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * @@ -37,7 +37,7 @@ // Some security stuff... if (!defined('__SECURITY')) { - die(); + exit(); } // END - if // Load include file @@ -51,164 +51,39 @@ $ret = 'init'; // Is no admin registered? if (!isAdminRegistered()) { - // Admin is not registered so we have to inform the user - if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass1')) || (strlen(postRequestParameter('pass1')) < getConfig('minium_admin_pass_length')) || (!isPostRequestParameterSet('pass2')) || (strlen(postRequestParameter('pass2')) < getConfig('minium_admin_pass_length')) || (postRequestParameter('pass1') != postRequestParameter('pass2')))) { - setPostRequestParameter('ok', '***'); - } // END - if - - // Clear error message - $errorMessage = ''; - - if ((isFormSent()) && (postRequestParameter('ok') != '***')) { - // Hash the password with the old function because we are here in install mode - $hashedPass = md5(postRequestParameter('pass1')); - - // Kill maybe existing session variables - destroyAdminSession(false); - - // Do registration - $ret = addAdminAccount(postRequestParameter('login'), $hashedPass, getWebmaster()); - - // Check if registration wents fine - switch ($ret) { - case 'done': - // Change ADMIN_REGISTERED entry - $done = changeDataInLocalConfigurationFile('ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); - - // Was it successfull? - if ($done === true) { - // Registering is done - redirectToUrl('modules.php?module=admin&register=done'); - } else { - // Registration incomplete - $errorMessage = '{--ADMIN_CANNOT_COMPLETE--}'; - - // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); - } - break; - - case 'failed': // Registration has failed - $errorMessage = '{--ADMIN_REGISTER_FAILED--}'; - - // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); - break; - - case 'already': // Admin does already exists! - $errorMessage = '{--ADMIN_LOGIN_ALREADY_REG--}'; - - // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); - break; - - default: - // Any other kind will be logged - $errorMessage = sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret); - logDebugMessage(__FILE__, __LINE__, $errorMessage); - - // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); - break; - } // END - switch - } // END - if - - // Whas that action okay? - if ($ret != 'done') { - // Init login name - $content['login'] = ''; - if (isPostRequestParameterSet('login')) { - $content['login'] = postRequestParameter('login'); - } // END - if - - // Init array elements - $content['login_message'] = ''; - $content['pass1_message'] = ''; - $content['pass2_message'] = ''; - $content['error_message'] = ''; - - // Yet-another notice-fix - if ((isFormSent()) && (postRequestParameter('ok') == '***')) { - // Init variables - $loginMessage = ''; - $pass1Message = ''; - $pass2Message = ''; - - // No login entered? - if (empty($content['login'])) { - $loginMessage = '{--ADMIN_NO_LOGIN--}'; - } // END - if - - // An error comes back from registration? - if ((!empty($ret)) && ($ret != 'init')) { - $loginMessage = $errorMessage; - } // END - if - - // No password 1 entered or to short? - if (!isPostRequestParameterSet('pass1')) { - $pass1Message = '{--ADMIN_NO_PASS1--}'; - } elseif (strlen(postRequestParameter('pass1')) < getConfig('minium_admin_pass_length')) { - $pass1Message = '{--ADMIN_SHORT_PASS1--}'; - } - - // No password 2 entered or to short? - if (!isPostRequestParameterSet('pass2')) { - $pass2Message = '{--ADMIN_NO_PASS2--}'; - } elseif (strlen(postRequestParameter('pass2')) < getConfig('minium_admin_pass_length')) { - $pass2Message = '{--ADMIN_SHORT_PASS2--}'; - } - - // Both didn't match? - if (postRequestParameter('pass1') != postRequestParameter('pass2')) { - // No match - if (empty($pass1Message)) $pass1Message = '{--ADMIN_PASS1_MISMATCH--}'; - if (empty($pass2Message)) $pass2Message = '{--ADMIN_PASS2_MISMATCH--}'; - } // END - if - - // Output error messages - $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); - $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message); - $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message); - $content['error_message'] = loadTemplate('admin_login_msg', true, $errorMessage); - } // END - if - - // Output message in seperate template - displayMessage('{--ADMIN_ACCOUNT_NOT_REGISTERED_YET--}'); - - // Load register template - loadTemplate('admin_reg_form', false, $content); - } // END - if -} elseif (isGetRequestParameterSet('reset_pass')) { + // Register first admin + registerFirstAdmin(); +} elseif (isGetRequestElementSet('reset_pass')) { // Is the form submitted? - if ((isPostRequestParameterSet('send_link')) && (isPostRequestParameterSet('email'))) { + if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) { // Output result - displayMessage(sendAdminPasswordResetLink(postRequestParameter('email'))); - } elseif (isGetRequestParameterSet('hash')) { + displayMessage(sendAdminPasswordResetLink(postRequestElement('email'))); + } elseif (isGetRequestElementSet('hash')) { // Output form for hash validation - loadTemplate('admin_validate_reset_hash_form', false, getRequestParameter('hash')); - } elseif ((isPostRequestParameterSet('validate_hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('hash'))) { + loadTemplate('admin_validate_reset_hash_form', FALSE, getRequestElement('hash')); + } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('hash'))) { // Validate the login data and hash - $valid = adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login')); + $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login')); // Valid? - if ($valid === true) { + if ($valid === TRUE) { // Prepare content first $content = array( - 'hash' => secureString(postRequestParameter('hash')), - 'login' => secureString(postRequestParameter('login')) + 'hash' => postRequestElement('hash'), + 'admin_login' => postRequestElement('admin_login') ); // Validation okay so display form for final password change - loadTemplate('admin_reset_password_form', false, $content); + loadTemplate('admin_reset_password_form', FALSE, $content); } else { // Cannot validate the login data and hash displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}'); } - } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) { + } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('admin_password1')) && (postRequestElement('admin_password1') == postRequestElement('admin_password2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) { + if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'))) { // Output result - loadTemplate('admin_reset_password_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1'))); + loadTemplate('admin_reset_password_done', FALSE, doResetAdminPassword(postRequestElement('admin_login'), postRequestElement('admin_password1'))); } else { // Validation failed displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}'); @@ -224,163 +99,120 @@ if (!isAdminRegistered()) { redirectToUrl('modules.php?module=admin&logout=1'); } // END - if - if (isGetRequestParameterSet('register')) { + if (isGetRequestElementSet('setup')) { // Registration of first admin is done - if (getRequestParameter('register') == 'done') { + if (getRequestElement('setup') == 'done') { // Regisration done! displayMessage('{--ADMIN_REGISTER_DONE--}'); } // END - if } // END - if // Check if the admin has submitted data or not - if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('password')) || (strlen(postRequestParameter('password')) < getConfig('minium_admin_pass_length')))) { - setPostRequestParameter('ok', '***'); + if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password')) || (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')))) { + setPostRequestElement('login', '***'); } // END - if - if ((isFormSent()) && (postRequestParameter('ok') != '***')) { + if ((isFormSent('login')) && (postRequestElement('login') != '***')) { // All required data was entered so we check his account - $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('password')); + $ret = ifAdminLoginDataIsValid(postRequestElement('admin_login'), postRequestElement('admin_password')); // Which status do we have? switch ($ret) { case 'done': // Admin and password are okay, so we log in now - // Construct URL and redirect - $url = 'modules.php?module=admin&'; - - // Rewrite overview module - if (getWhat() == 'overview') { - setAction(getActionFromModuleWhat(getModule(), getWhat())); - } // END - if - - // Add data to URL - if (isWhatSet()) { - $url .= 'what=' . getWhat(); - } elseif (isActionSet()) { - $url .= 'action=' . getAction(); - } elseif (isGetRequestParameterSet('area')) { - $url .= 'area=' . getRequestParameter('area'); - } - // Load URL - redirectToUrl($url); + redirectToUrl('modules.php?' . addAllGetRequestParameters()); break; case '404': // Administrator login not found - setPostRequestParameter('ok', $ret); - $ret = getMaskedMessage('ADMIN_ACCOUNT_404', postRequestParameter('login')); - destroyAdminSession(); + setPostRequestElement('login', $ret); + $ret = '{%message,ADMIN_ACCOUNT_404=' . postRequestElement('admin_login') . '%}'; + destroyAdminSession(TRUE); break; case 'password': // Wrong password - setPostRequestParameter('ok', $ret); + setPostRequestElement('login', $ret); $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; - destroyAdminSession(); + destroyAdminSession(TRUE); break; default: // Others will be logged - logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret)); + logDebugMessage(__FILE__, __LINE__, sprintf('Unknown return code %s from ifAdminLoginDataIsValid()', $ret)); break; } // END - switch } // END - if // Error detected? if ($ret != 'done') { - $content['login'] = ''; - if (isPostRequestParameterSet('login')) { - $content['login'] = postRequestParameter('login'); + $content['admin_login'] = ''; + if (isPostRequestElementSet('admin_login')) { + $content['admin_login'] = postRequestElement('admin_login'); } // END - if // Init array elements $content['login_message'] = ''; $content['pass_message'] = ''; - if (isFormSent()) { + if (isFormSent('login')) { // Set messages to zero $loginMessage = ''; $passwdMessage = ''; // Check for login - if (!isPostRequestParameterSet('login')) { + if (!isPostRequestElementSet('admin_login')) { // No login entered? $loginMessage = '{--ADMIN_NO_LOGIN--}'; - } elseif ((!empty($ret)) && (postRequestParameter('ok') == '404')) { + } elseif ((!empty($ret)) && (postRequestElement('login') == '404')) { // An error comes back from login? $loginMessage = $ret; } // Check for password - if (!isPostRequestParameterSet('password')) { + if (!isPostRequestElementSet('admin_password')) { // No password entered? - $passwdMessage = '{--ADMIN_NO_PASS--}'; - } elseif (strlen(postRequestParameter('password')) < getConfig('minium_admin_pass_length')) { - // Or password too short? - $passwdMessage = '{--ADMIN_SHORT_PASS--}'; - } elseif ((!empty($ret)) && (postRequestParameter('ok') == 'password')) { + $passwdMessage = '{--ADMIN_NO_PASSWORD--}'; + } elseif ((!empty($ret)) && (postRequestElement('login') == 'password')) { // An error comes back from login? $passwdMessage = $ret; } // Load message templates if the messages have been set if (!empty($loginMessage)) { - $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); + $content['login_message'] = loadTemplate('admin_login_msg', TRUE, $loginMessage); } // END - if if (!empty($passwdMessage)) { - $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); + $content['pass_message'] = loadTemplate('admin_login_msg', TRUE, $passwdMessage); } // END - if } // END - if - // Load login form - if (isWhatSet()) { - // Restore old what value - $content = merge_array($content, array('target' => 'what', 'value' => getWhat())); - } elseif (isActionSet()) { - if (getAction() != 'logout') { - // Restore old action value - $content = merge_array($content, array('target' => 'action', 'value' => getAction())); - } else { - // Set default values - $content = merge_array($content, array('target' => 'action', 'value' => 'login')); - } - } elseif (isGetRequestParameterSet('area')) { - // Restore old area value - $content = merge_array( - $content, - array( - 'target' => 'area', - 'value' => getRequestParameter('area') - ) - ); - } else { - // Set default values - $content = merge_array($content, array('target' => 'action', 'value' => 'login')); - } + // Add all parameter + $content['all_parameter'] = addAllGetRequestParameters(); // Load login form template - loadTemplate('admin_login_form', false, $content); + loadTemplate('admin_login_form', FALSE, $content); } // END - if -} elseif (isGetRequestParameterSet('logout')) { +} elseif (isGetRequestElementSet('logout')) { // Only try to remove cookies - if (destroyAdminSession()) { + if (destroyAdminSession(TRUE)) { // Load logout template - if (isGetRequestParameterSet('register')) { + if (isGetRequestElementSet('setup')) { // Secure input - $register = getRequestParameter('register'); + $register = getRequestElement('setup'); // Special logout redirect for installation of given extension - loadTemplate(sprintf("admin_logout_%s_install", $register)); - } elseif (isGetRequestParameterSet('remove')) { + loadTemplate(sprintf('admin_logout_%s_install', $register)); + } elseif (isGetRequestElementSet('remove')) { // Secure input - $remove = getRequestParameter('remove'); + $remove = getRequestElement('remove'); // Special logout redirect for removal of given extension - loadTemplate(sprintf("admin_logout_%s_remove", $remove)); + loadTemplate(sprintf('admin_logout_%s_remove', $remove)); } else { // Logged out normally loadTemplate('admin_logout'); } } else { // Something went wrong here... - loadTemplate('admin_settings_unsaved', false, '{--ADMIN_LOGOUT_FAILED--}'); + displayErrorMessage('{--ADMIN_LOGOUT_FAILED--}'); // Add fatal message addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}'); @@ -396,39 +228,41 @@ if (!isAdminRegistered()) { runFilterChain('check_admin_acl'); // Check for version and switch between old menu system and new intelligent menu system - if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) { - // Default area is the entrance, of course - $area = 'entrance'; - - // Check for similar URL variable - if (isGetRequestParameterSet('area')) $area = getRequestParameter('area'); + if (adminGetMenuMode() == 'NEW') { + // Load include for admin AJAX + loadIncludeOnce('inc/ajax/ajax_admin.php'); - // Load logical-area menu-system file - loadIncludeOnce('inc/modules/admin/lasys-inc.php'); - - // Create new-style menu system will logical areas - doAdminLogicalArea($area, $action, getWhat()); + // Load main template + loadTemplate('admin_ajax_main'); } else { - // This little call constructs the whole default old and lacky menu system - // on left side. It also renders the content on right side + /* + * This little call constructs the whole default old and lacky menu system + * on left side. It also renders the content on right side + */ doAdminAction(); } break; case '404': // Administrator login not found - setPostRequestParameter('ok', $ret); - displayMessage(getMaskedMessage('ADMIN_ACCOUNT_404', getCurrentAdminId())); - destroyAdminSession(); + setPostRequestElement('login', $ret); + displayMessage('{%message,ADMIN_ACCOUNT_404=' . getCurrentAdminId() . '%}'); + destroyAdminSession(TRUE); break; case 'password': // Wrong password - setPostRequestParameter('ok', $ret); + setPostRequestElement('login', $ret); displayMessage('{--WRONG_PASS--}'); - destroyAdminSession(); + destroyAdminSession(TRUE); + break; + + case 'session': // Invalid admin session + setPostRequestElement('login', $ret); + displayMessage('{--INVALID_ADMIN_SESSION--}'); + destroyAdminSession(TRUE); break; default: // Others will be logged - logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret)); + logDebugMessage(__FILE__, __LINE__, sprintf('Unknown return code %s from ifAdminCookiesAreValid()', $ret)); break; } // END - switch }