X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=198995ae10a5686dee2201ef647306850404e2f1;hp=2127e9f67b3943c75814d3e34cfcb7845b3291d7;hb=f74581eca45c393033acfd9d7798b958031bc625;hpb=c81e9ed85e01215e464d94446773bcd5e6699194 diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 2127e9f67b..198995ae10 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -38,7 +38,7 @@ if (!defined('__SECURITY')) { } // Login is default -if ((empty($GLOBALS['action'])) && ($check == "admin_only")) { +if ((empty($GLOBALS['action'])) && (CHECK_MODULE($GLOBALS['module']) == "admin_only")) { // Redirect to right URL LOAD_URL("modules.php?module=admin&action=login"); } // END - if @@ -53,22 +53,25 @@ FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to')) $ret = "init"; // Is no admin registered? -if (!isBooleanConstantAndTrue('admin_registered')) { +if (!isAdminRegistered()) { // Admin is not registered so we have to inform the user - if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; - if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { + if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) { + REQUEST_SET_POST('ok', "***"); + } + + if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5($_POST['pass']); + $hashedPass = md5(REQUEST_POST('pass')); // Kill maybe existing session variables destroyAdminSession(false); // Do registration - $ret = REGISTER_ADMIN($_POST['login'], $hashedPass); + $ret = REGISTER_ADMIN(REQUEST_POST('login'), $hashedPass); switch ($ret) { case "done": - admin_WriteData(constant('PATH')."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); + changeDataInFile(constant('PATH')."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); if (!constant('_FATAL')) { // Registering is done LOAD_URL("modules.php?module=admin&action=login®ister=done"); @@ -94,9 +97,9 @@ if (!isBooleanConstantAndTrue('admin_registered')) { } // Admin still not registered? - if (!isBooleanConstantAndTrue('admin_registered')) { + if (!isAdminRegistered()) { // Write to config that registration is done - admin_WriteData(constant('PATH')."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); + changeDataInFile(constant('PATH')."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); // Load URL for login LOAD_URL("modules.php?module=admin&action=login"); @@ -108,25 +111,25 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Whas that action okay? if ($ret != "done") { // Fixes another "Notice" - if (!empty($_POST['login'])) { - define('__LOGIN_VALUE', $_POST['login']); + if (REQUEST_ISSET_POST(('login'))) { + define('__LOGIN_VALUE', REQUEST_POST('login')); } else { define('__LOGIN_VALUE', ""); } // Yet-another "Notice" fix - if ((!empty($_POST['ok'])) && ($_POST['ok'] == "***")) { + if ((IS_FORM_SENT()) && (REQUEST_POST('ok') == "***")) { // No login entered? - if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN'); + if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN'); // An error comes back from registration? if (!empty($ret)) $MSG1 = $ret; // No password entered? - if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS'); + if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); + if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); // Output error messages define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1)); @@ -143,27 +146,27 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Load register template LOAD_TEMPLATE("admin_reg_form"); } -} elseif (isset($_GET['reset_pass'])) { +} elseif (REQUEST_ISSET_GET(('reset_pass'))) { // Is the form submitted? - if ((isset($_POST['send_link'])) && (!empty($_POST['email']))) { + if ((REQUEST_ISSET_POST(('send_link'))) && (REQUEST_ISSET_POST(('email')))) { // Try to send the link out - $OUT = ADMIN_SEND_PASSWORD_RESET_LINK($_POST['email']); + $OUT = ADMIN_SEND_PASSWORD_RESET_LINK(REQUEST_POST('email')); // Output result LOAD_TEMPLATE("admin_settings_saved", false, $OUT); - } elseif (!empty($_GET['hash'])) { + } elseif (REQUEST_ISSET_GET(('hash'))) { // Output form for hash validation - LOAD_TEMPLATE("admin_validate_reset_hash_form", false, $_GET['hash']); - } elseif ((isset($_POST['validate_hash'])) && (!empty($_POST['login'])) && (!empty($_POST['hash']))) { + LOAD_TEMPLATE("admin_validate_reset_hash_form", false, REQUEST_GET('hash')); + } elseif ((REQUEST_ISSET_POST(('validate_hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('hash')))) { // Validate the login data and hash - $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login']); + $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login')); // Valid? if ($valid === true) { // Prepare content first $content = array( - 'hash' => SQL_ESCAPE($_POST['hash']), - 'login' => SQL_ESCAPE($_POST['login']) + 'hash' => SQL_ESCAPE(REQUEST_POST('hash')), + 'login' => SQL_ESCAPE(REQUEST_POST('login')) ); // Validation okay so display form for final password change @@ -172,11 +175,11 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Cannot validate the login data and hash LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); } - } elseif ((isset($_POST['reset_pass'])) && (!empty($_POST['hash'])) && (!empty($_POST['login'])) && (!empty($_POST['pass1'])) && ($_POST['pass1'] == $_POST['pass2'])) { + } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login'])) { + if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) { // Set the password now - $OUT = ADMIN_RESET_PASSWORD($_POST['login'], $_POST['pass1']); + $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1')); // Output result LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT); @@ -195,16 +198,19 @@ if (!isBooleanConstantAndTrue('admin_registered')) { LOAD_URL("modules.php?module=admin&action=login&logout=1"); } // END - if - if (!empty($_GET['register'])) { + if (REQUEST_ISSET_GET(('register'))) { // Registration of first admin is done - if ($_GET['register'] == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE')); + if (REQUEST_GET('register') == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE')); } // END - if // Check if the admin has submitted data or not - if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; - if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { + if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) { + REQUEST_SET_POST('ok', "***"); + } + + if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != "***")) { // All required data was entered so we check his account - $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']); + $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass')); // Which status do we have? switch ($ret) @@ -221,20 +227,20 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Add data to URL if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what']; elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action']; - elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area']; + elseif (REQUEST_ISSET_GET(('area'))) $URL .= "area=".REQUEST_GET('area'); // Load URL LOAD_URL($URL); break; case "404": // Administrator login not found - $_POST['ok'] = $ret; + REQUEST_SET_POST('ok', $ret); $ret = getMessage('ADMIN_NOT_FOUND'); destroyAdminSession(); break; case "pass": // Wrong password - $_POST['ok'] = $ret; + REQUEST_SET_POST('ok', $ret); $ret = "{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]\n"; destroyAdminSession(); break; @@ -247,30 +253,30 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Error detected? if ($ret != "done") { - if (!empty($_POST['login'])) { - define('__LOGIN_VALUE', $_POST['login']); + if (REQUEST_ISSET_POST(('login'))) { + define('__LOGIN_VALUE', REQUEST_POST('login')); } else { define('__LOGIN_VALUE', ""); } - if (isset($_POST['ok'])) { + if (IS_FORM_SENT()) { // Set messages to zero $MSG1 = ""; $MSG2 = ""; // No login entered? - if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN'); + if (!REQUEST_ISSET_POST(('login'))) $MSG1 = getMessage('ADMIN_NO_LOGIN'); // An error comes back from login? - if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret; + if ((!empty($ret)) && (REQUEST_POST('ok') == "404")) $MSG1 = $ret; // No password entered? - if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS'); + if (!REQUEST_ISSET_POST(('pass'))) $MSG2 = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); + if (strlen(REQUEST_POST('pass')) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); // An error comes back from login? - if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret; + if ((!empty($ret)) && (REQUEST_POST('ok') == "pass")) $MSG2 = $ret; // Load message template define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1)); @@ -296,9 +302,9 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Set default values $content = array('target' => "action", 'value' => "login"); } - } elseif (!empty($_GET['area'])) { + } elseif (REQUEST_ISSET_GET(('area'))) { // Restore old area value - $content = array('target' => "area", 'value' => $_GET['area']); + $content = array('target' => "area", 'value' => REQUEST_GET('area')); } else { // Set default values $content = array('target' => "action", 'value' => "login"); @@ -307,19 +313,19 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Load login form template LOAD_TEMPLATE("admin_login_form", false, $content); } // END - if -} elseif (isset($_GET['logout'])) { +} elseif (REQUEST_ISSET_GET(('logout'))) { // Only try to remove cookies if (destroyAdminSession()) { // Load logout template - if (isset($_GET['register'])) { + if (REQUEST_ISSET_GET(('register'))) { // Secure input - $register = SQL_ESCAPE($_GET['register']); + $register = REQUEST_GET(('register')); // Special logout redirect for installation of given extension LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register)); - } elseif (isset($_GET['remove'])) { + } elseif (REQUEST_ISSET_GET(('remove'))) { // Secure input - $remove = SQL_ESCAPE($_GET['remove']); + $remove = REQUEST_GET(('remove')); // Special logout redirect for removal of given extension LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove)); @@ -352,7 +358,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { $area = "entrance"; // Check for similar URL variable - if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']); + if (REQUEST_ISSET_GET(('area'))) $area = REQUEST_GET(('area')); // Load "logical-area menu-system" file LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php"); @@ -367,13 +373,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) { break; case "404": // Administrator login not found - $_POST['ok'] = $ret; + REQUEST_SET_POST('ok', $ret); destroyAdminSession(); addFatalMessage(getMessage('ADMIN_NOT_FOUND')); break; case "pass": // Wrong password - $_POST['ok'] = $ret; + REQUEST_SET_POST('ok', $ret); destroyAdminSession(); addFatalMessage(getMessage('WRONG_PASS')); break;