X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=1807ee960f078b3e1f691302decddf6655442831;hp=aed89a43eabd77624309c84a11d10cc8e2a6497c;hb=e5527fd38a6585c8466dc28d013f12d21eb7c07a;hpb=d26e8ed6303691be6c5a0eff216494bdd6cfbe8d diff --git a/inc/modules/admin.php b/inc/modules/admin.php index aed89a43ea..1807ee960f 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -1,7 +1,7 @@ SQL_ESCAPE(REQUEST_POST('hash')), - 'login' => SQL_ESCAPE(REQUEST_POST('login')) + 'hash' => postRequestElement('hash'), + 'admin_login' => postRequestElement('admin_login') ); // Validation okay so display form for final password change - LOAD_TEMPLATE("admin_reset_password_form", false, $content); + loadTemplate('admin_reset_password_form', FALSE, $content); } else { // Cannot validate the login data and hash - LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); + displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}'); } - } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) { + } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('admin_password1')) && (postRequestElement('admin_password1') == postRequestElement('admin_password2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) { - // Set the password now - $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1')); - + if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'))) { // Output result - LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT); + loadTemplate('admin_reset_password_done', FALSE, doResetAdminPassword(postRequestElement('admin_login'), postRequestElement('admin_password1'))); } else { // Validation failed - LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2')); + displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}'); } } else { // Output reset password form - LOAD_TEMPLATE("admin_send_reset_link"); + loadTemplate('admin_reset_password_send_link'); } -} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((get_session('admin_last') + bigintval(get_session('admin_to')) * 3600 * 24) < time())) { +} elseif ((!isSessionVariableSet('admin_id')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) { // At leat one administrator account was created - if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) { + if ((isSessionVariableSet('admin_id')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) { // Timeout for last login, we have to logout first! - LOAD_URL("modules.php?module=admin&logout=1"); + redirectToUrl('modules.php?module=admin&logout=1'); } // END - if - if (REQUEST_ISSET_GET(('register'))) { + if (isGetRequestElementSet('setup')) { // Registration of first admin is done - if (REQUEST_GET('register') == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE')); + if (getRequestElement('setup') == 'done') { + // Regisration done! + displayMessage('{--ADMIN_REGISTER_DONE--}'); + } // END - if } // END - if // Check if the admin has submitted data or not - if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) { - REQUEST_SET_POST('ok', "***"); - } + if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password')) || (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')))) { + setPostRequestElement('login', '***'); + } // END - if - if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) { + if ((isFormSent('login')) && (postRequestElement('login') != '***')) { // All required data was entered so we check his account - $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass')); + $ret = ifAdminLoginDataIsValid(postRequestElement('admin_login'), postRequestElement('admin_password')); // Which status do we have? - switch ($ret) - { - case "done": // Admin and password are okay, so we log in now - // Construct URL and redirect - $URL = "modules.php?module=admin&"; - - // Rewrite overview module - if ($GLOBALS['what'] == "overview") { - $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']); - } // END - if - - // Add data to URL - if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what']; - elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action']; - elseif (REQUEST_ISSET_GET(('area'))) $URL .= "area=".REQUEST_GET('area'); - - // Load URL - LOAD_URL($URL); - break; - - case "404": // Administrator login not found - REQUEST_SET_POST('ok', $ret); - $ret = getMessage('ADMIN_NOT_FOUND'); - destroyAdminSession(); - break; - - case "pass": // Wrong password - REQUEST_SET_POST('ok', $ret); - $ret = "{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]\n"; - destroyAdminSession(); - break; - - default: // Others will be logged - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret)); - break; + switch ($ret) { + case 'done': // Admin and password are okay, so we log in now + // Load URL + redirectToUrl('modules.php?' . addAllGetRequestParameters()); + break; + + case '404': // Administrator login not found + setPostRequestElement('login', $ret); + $ret = '{%message,ADMIN_ACCOUNT_404=' . postRequestElement('admin_login') . '%}'; + destroyAdminSession(TRUE); + break; + + case 'password': // Wrong password + setPostRequestElement('login', $ret); + $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; + destroyAdminSession(TRUE); + break; + + default: // Others will be logged + logDebugMessage(__FILE__, __LINE__, sprintf('Unknown return code %s from ifAdminLoginDataIsValid()', $ret)); + break; } // END - switch } // END - if // Error detected? - if ($ret != "done") { - if (REQUEST_ISSET_POST(('login'))) { - define('__LOGIN_VALUE', REQUEST_POST('login')); - } else { - define('__LOGIN_VALUE', ""); - } + if ($ret != 'done') { + $content['admin_login'] = ''; + if (isPostRequestElementSet('admin_login')) { + $content['admin_login'] = postRequestElement('admin_login'); + } // END - if - if (IS_FORM_SENT()) { - // Set messages to zero - $MSG1 = ""; $MSG2 = ""; + // Init array elements + $content['login_message'] = ''; + $content['pass_message'] = ''; - // No login entered? - if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN'); - - // An error comes back from login? - if ((!empty($ret)) && (REQUEST_POST('ok') == "404")) $MSG1 = $ret; - - // No password entered? - if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS'); - - // Or password too short? - if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); - - // An error comes back from login? - if ((!empty($ret)) && (REQUEST_POST('ok') == "pass")) $MSG2 = $ret; + if (isFormSent('login')) { + // Set messages to zero + $loginMessage = ''; + $passwdMessage = ''; + + // Check for login + if (!isPostRequestElementSet('admin_login')) { + // No login entered? + $loginMessage = '{--ADMIN_NO_LOGIN--}'; + } elseif ((!empty($ret)) && (postRequestElement('login') == '404')) { + // An error comes back from login? + $loginMessage = $ret; + } - // Load message template - define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1)); - define('__MSG_PASS' , LOAD_TEMPLATE("admin_login_msg", true, $MSG2)); + // Check for password + if (!isPostRequestElementSet('admin_password')) { + // No password entered? + $passwdMessage = '{--ADMIN_NO_PASSWORD--}'; + } elseif ((!empty($ret)) && (postRequestElement('login') == 'password')) { + // An error comes back from login? + $passwdMessage = $ret; + } - // Reset variables - $MSG1 = ""; $MSG2 = ""; - } else { - // Set constants to empty for hiding them - define('__MSG_LOGIN', ""); - define('__MSG_PASS' , ""); - } + // Load message templates if the messages have been set + if (!empty($loginMessage)) { + $content['login_message'] = loadTemplate('admin_login_msg', TRUE, $loginMessage); + } // END - if + if (!empty($passwdMessage)) { + $content['pass_message'] = loadTemplate('admin_login_msg', TRUE, $passwdMessage); + } // END - if + } // END - if - // Load login form - if (!empty($GLOBALS['what'])) { - // Restore old what value - $content = array('target' => "what", 'value' => $GLOBALS['what']); - } elseif (!empty($GLOBALS['action'])) { - if ($GLOBALS['action'] != "logout") { - // Restore old action value - $content = array('target' => "action", 'value' => $GLOBALS['action']); - } else { - // Set default values - $content = array('target' => "action", 'value' => "login"); - } - } elseif (REQUEST_ISSET_GET(('area'))) { - // Restore old area value - $content = array('target' => "area", 'value' => REQUEST_GET('area')); - } else { - // Set default values - $content = array('target' => "action", 'value' => "login"); - } + // Add all parameter + $content['all_parameter'] = addAllGetRequestParameters(); // Load login form template - LOAD_TEMPLATE("admin_login_form", false, $content); + loadTemplate('admin_login_form', FALSE, $content); } // END - if -} elseif (REQUEST_ISSET_GET(('logout'))) { +} elseif (isGetRequestElementSet('logout')) { // Only try to remove cookies - if (destroyAdminSession()) { + if (destroyAdminSession(TRUE)) { // Load logout template - if (REQUEST_ISSET_GET(('register'))) { + if (isGetRequestElementSet('setup')) { // Secure input - $register = REQUEST_GET(('register')); + $register = getRequestElement('setup'); // Special logout redirect for installation of given extension - LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register)); - } elseif (REQUEST_ISSET_GET(('remove'))) { + loadTemplate(sprintf('admin_logout_%s_install', $register)); + } elseif (isGetRequestElementSet('remove')) { // Secure input - $remove = REQUEST_GET(('remove')); + $remove = getRequestElement('remove'); // Special logout redirect for removal of given extension - LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove)); + loadTemplate(sprintf('admin_logout_%s_remove', $remove)); } else { // Logged out normally - LOAD_TEMPLATE("admin_logout"); + loadTemplate('admin_logout'); } } else { // Something went wrong here... - LOAD_TEMPLATE("admin_settings_saved", false, "
{--ADMIN_LOGOUT_FAILED--}
"); + displayErrorMessage('{--ADMIN_LOGOUT_FAILED--}'); // Add fatal message - addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS')); + addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}'); } } else { // Maybe an Admin want's to login? - $ret = CHECK_ADMIN_COOKIES(get_session('admin_login'), get_session('admin_md5')); - switch ($ret) - { - case "done": - // Check for access control line of current menu entry - $GLOBALS['acl_allow'] = runFilterChain('check_admin_acl'); + $ret = ifAdminCookiesAreValid(getCurrentAdminId(), getAdminMd5()); - // When type of admin menu is not set fallback to old menu system - if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', "OLD"); + // Check status + switch ($ret) { + case 'done': + // Check for access control line of current menu entry + runFilterChain('check_admin_acl'); + + // Check for version and switch between old menu system and new intelligent menu system + if (adminGetMenuMode() == 'NEW') { + // Load include for admin AJAX + loadIncludeOnce('inc/ajax/ajax_admin.php'); + + // Load main template + loadTemplate('admin_ajax_main'); + } else { + /* + * This little call constructs the whole default old and lacky menu system + * on left side. It also renders the content on right side + */ + doAdminAction(); + } + break; - // Check for version and switch between old menu system and new "intelligent menu system" - if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (INCLUDE_READABLE("inc/modules/admin/lasys-inc.php"))) { - // Default area is the entrance, of course - $area = "entrance"; + case '404': // Administrator login not found + setPostRequestElement('login', $ret); + displayMessage('{%message,ADMIN_ACCOUNT_404=' . getCurrentAdminId() . '%}'); + destroyAdminSession(TRUE); + break; - // Check for similar URL variable - if (REQUEST_ISSET_GET(('area'))) $area = REQUEST_GET(('area')); + case 'password': // Wrong password + setPostRequestElement('login', $ret); + displayMessage('{--WRONG_PASS--}'); + destroyAdminSession(TRUE); + break; - // Load "logical-area menu-system" file - LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php"); + case 'session': // Invalid admin session + setPostRequestElement('login', $ret); + displayMessage('{--INVALID_ADMIN_SESSION--}'); + destroyAdminSession(TRUE); + break; - // Create new-style menu system will "logical areas" - ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']); - } else { - // This little call constructs the whole default old and lacky menu system - // on left side - ADMIN_DO_ACTION($GLOBALS['what']); - } - break; - - case "404": // Administrator login not found - REQUEST_SET_POST('ok', $ret); - destroyAdminSession(); - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_NOT_FOUND')); - break; - - case "pass": // Wrong password - REQUEST_SET_POST('ok', $ret); - destroyAdminSession(); - addFatalMessage(__FILE__, __LINE__, getMessage('WRONG_PASS')); - break; - - default: // Others will be logged - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_COOKIES()", $ret)); - break; - } + default: // Others will be logged + logDebugMessage(__FILE__, __LINE__, sprintf('Unknown return code %s from ifAdminCookiesAreValid()', $ret)); + break; + } // END - switch } -// +// [EOF] ?>