X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=75f57901e1a2c3c32f5abc7f9be247c7c209d166;hp=05deff7ed5b7ecef3c7aff7161a69803b0db362e;hb=fb573d4c3d981d52fd969a6d7167d8dc839be688;hpb=04b69ac9f33369cbf654396c4a42cb1fff710ff4 diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 05deff7ed5..75f57901e1 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -14,12 +14,10 @@ * $Date:: $ * * $Tag:: 0.2.1-FINAL $ * * $Author:: $ * - * Needs to be in all Files and every File needs "svn propset * - * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009, 2010 by Mailer Developer Team * - * For more information visit: http://www.mxchange.org * + * Copyright (c) 2009 - 2011 by Mailer Developer Team * + * For more information visit: http://mxchange.org * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * @@ -46,7 +44,7 @@ if (!defined('__SECURITY')) { loadIncludeOnce('inc/modules/admin/admin-inc.php'); // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!) -fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last')); +fixDeletedCookies(array('admin_id', 'admin_md5', 'admin_last')); // Init return value $ret = 'init'; @@ -54,51 +52,54 @@ $ret = 'init'; // Is no admin registered? if (!isAdminRegistered()) { // Admin is not registered so we have to inform the user - if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass1')) || (strlen(postRequestParameter('pass1')) < 4) || (!isPostRequestParameterSet('pass2')) || (strlen(postRequestParameter('pass2')) < 4) || (postRequestParameter('pass1') != postRequestParameter('pass2')))) { - setPostRequestParameter('ok', '***'); + if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_pass1')) || (strlen(postRequestElement('admin_pass1')) < getConfig('minium_admin_pass_length')) || (!isPostRequestElementSet('admin_pass2')) || (strlen(postRequestElement('admin_pass2')) < getConfig('minium_admin_pass_length')) || (postRequestElement('admin_pass1') != postRequestElement('admin_pass2')))) { + setPostRequestElement('ok', '***'); } // END - if // Clear error message $errorMessage = ''; - if ((isFormSent()) && (postRequestParameter('ok') != '***')) { + if ((isFormSent()) && (postRequestElement('ok') != '***')) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5(postRequestParameter('pass1')); + $hashedPass = md5(postRequestElement('admin_pass1')); // Kill maybe existing session variables destroyAdminSession(false); // Do registration - $ret = addAdminAccount(postRequestParameter('login'), $hashedPass, getConfig('WEBMASTER')); + $ret = addAdminAccount(postRequestElement('admin_login'), $hashedPass, getWebmaster()); // Check if registration wents fine switch ($ret) { case 'done': - $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); + // Change ADMIN_REGISTERED entry + $done = changeDataInLocalConfigurationFile('ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); + + // Was it successfull? if ($done === true) { // Registering is done redirectToUrl('modules.php?module=admin&register=done'); } else { // Registration incomplete - $errorMessage = getMessage('ADMIN_CANNOT_COMPLETE'); + $errorMessage = '{--ADMIN_CANNOT_COMPLETE--}'; // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); + setPostRequestElement('ok', '***'); } break; case 'failed': // Registration has failed - $errorMessage = getMessage('ADMIN_REGISTER_FAILED'); + $errorMessage = '{--ADMIN_REGISTER_FAILED--}'; // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); + setPostRequestElement('ok', '***'); break; case 'already': // Admin does already exists! - $errorMessage = getMessage('ADMIN_LOGIN_ALREADY_REG'); + $errorMessage = '{--ADMIN_LOGIN_ALREADY_REG--}'; // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); + setPostRequestElement('ok', '***'); break; default: @@ -107,7 +108,7 @@ if (!isAdminRegistered()) { logDebugMessage(__FILE__, __LINE__, $errorMessage); // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); + setPostRequestElement('ok', '***'); break; } // END - switch } // END - if @@ -115,115 +116,130 @@ if (!isAdminRegistered()) { // Whas that action okay? if ($ret != 'done') { // Init login name - $content['login'] = ''; - if (isPostRequestParameterSet('login')) { - $content['login'] = postRequestParameter('login'); + $content['admin_login'] = ''; + if (isPostRequestElementSet('admin_login')) { + $content['admin_login'] = postRequestElement('admin_login'); } // END - if // Init array elements - $content['login_message'] = ''; - $content['pass1_message'] = ''; - $content['pass2_message'] = ''; + $content['login_message'] = ''; + $content['pass1_message'] = ''; + $content['pass2_message'] = ''; + $content['error_message'] = ''; // Yet-another notice-fix - if ((isFormSent()) && (postRequestParameter('ok') == '***')) { + if ((isFormSent()) && (postRequestElement('ok') == '***')) { // Init variables $loginMessage = ''; $pass1Message = ''; $pass2Message = ''; // No login entered? - if (empty($content['login'])) $loginMessage = getMessage('ADMIN_NO_LOGIN'); + if (empty($content['admin_login'])) { + $loginMessage = '{--ADMIN_NO_LOGIN--}'; + } // END - if // An error comes back from registration? - if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $errorMessage; + if ((!empty($ret)) && ($ret != 'init')) { + $loginMessage = $errorMessage; + } // END - if // No password 1 entered or to short? - if (!isPostRequestParameterSet('pass1')) $pass1Message = getMessage('ADMIN_NO_PASS1'); - elseif (strlen(postRequestParameter('pass1')) < 4) $pass1Message = getMessage('ADMIN_SHORT_PASS1'); + if (!isPostRequestElementSet('admin_pass1')) { + $pass1Message = '{--ADMIN_NO_PASSWORD1--}'; + } elseif (strlen(postRequestElement('admin_pass1')) < getConfig('minium_admin_pass_length')) { + $pass1Message = '{--ADMIN_SHORT_PASSWORD1--}'; + } // No password 2 entered or to short? - if (!isPostRequestParameterSet('pass2')) $pass2Message = getMessage('ADMIN_NO_PASS2'); - elseif (strlen(postRequestParameter('pass2')) < 4) $pass2Message = getMessage('ADMIN_SHORT_PASS2'); + if (!isPostRequestElementSet('admin_pass2')) { + $pass2Message = '{--ADMIN_NO_PASSWORD2--}'; + } elseif (strlen(postRequestElement('admin_pass2')) < getConfig('minium_admin_pass_length')) { + $pass2Message = '{--ADMIN_SHORT_PASSWORD2--}'; + } // Both didn't match? - if (postRequestParameter('pass1') != postRequestParameter('pass2')) { + if (postRequestElement('admin_pass1') != postRequestElement('admin_pass2')) { // No match - if (empty($pass1Message)) $pass1Message = getMessage('ADMIN_PASS1_MISMATCH'); - if (empty($pass2Message)) $pass2Message = getMessage('ADMIN_PASS2_MISMATCH'); + if (empty($pass1Message)) $pass1Message = '{--ADMIN_PASSWORD1_MISMATCH--}'; + if (empty($pass2Message)) $pass2Message = '{--ADMIN_PASSWORD2_MISMATCH--}'; } // END - if // Output error messages $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message); $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message); + $content['error_message'] = loadTemplate('admin_login_msg', true, $errorMessage); } // END - if // Output message in seperate template - loadTemplate('admin_settings_saved', false, '{--ADMIN_ACCOUNT_NOT_REGISTERED_YET--}'); + displayMessage('{--ADMIN_ACCOUNT_NOT_REGISTERED_YET--}'); // Load register template loadTemplate('admin_reg_form', false, $content); } // END - if -} elseif (isGetRequestParameterSet('reset_pass')) { +} elseif (isGetRequestElementSet('reset_pass')) { // Is the form submitted? - if ((isPostRequestParameterSet('send_link')) && (isPostRequestParameterSet('email'))) { + if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) { // Output result - loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestParameter('email'))); - } elseif (isGetRequestParameterSet('hash')) { + displayMessage(sendAdminPasswordResetLink(postRequestElement('email'))); + } elseif (isGetRequestElementSet('hash')) { // Output form for hash validation - loadTemplate('admin_validate_reset_hash_form', false, getRequestParameter('hash')); - } elseif ((isPostRequestParameterSet('validate_hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('hash'))) { + loadTemplate('admin_validate_reset_hash_form', false, getRequestElement('hash')); + } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('hash'))) { // Validate the login data and hash - $valid = adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login')); + $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login')); // Valid? if ($valid === true) { // Prepare content first $content = array( - 'hash' => secureString(postRequestParameter('hash')), - 'login' => secureString(postRequestParameter('login')) + 'hash' => postRequestElement('hash'), + 'admin_login' => postRequestElement('admin_login') ); // Validation okay so display form for final password change loadTemplate('admin_reset_password_form', false, $content); } else { // Cannot validate the login data and hash - loadTemplate('admin_settings_saved', false, '{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}'); + displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}'); } - } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) { + } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('admin_pass1')) && (postRequestElement('admin_pass1') == postRequestElement('admin_pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) { + if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'))) { // Output result - loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1'))); + loadTemplate('admin_reset_password_done', false, doResetAdminPassword(postRequestElement('admin_login'), postRequestElement('admin_pass1'))); } else { // Validation failed - loadTemplate('admin_settings_saved', false, '{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}'); + displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}'); } } else { // Output reset password form - loadTemplate('admin_send_reset_link'); + loadTemplate('admin_reset_password_send_link'); } -} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) { +} elseif ((!isSessionVariableSet('admin_id')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) { // At leat one administrator account was created - if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) { + if ((isSessionVariableSet('admin_id')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) { // Timeout for last login, we have to logout first! redirectToUrl('modules.php?module=admin&logout=1'); } // END - if - if (isGetRequestParameterSet('register')) { + if (isGetRequestElementSet('register')) { // Registration of first admin is done - if (getRequestParameter('register') == 'done') loadTemplate('admin_settings_saved', false, '{--ADMIN_REGISTER_DONE--}'); + if (getRequestElement('register') == 'done') { + // Regisration done! + displayMessage('{--ADMIN_REGISTER_DONE--}'); + } // END - if } // END - if // Check if the admin has submitted data or not - if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass')) || (strlen(postRequestParameter('pass')) < 4))) { - setPostRequestParameter('ok', '***'); + if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password')) || (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')))) { + setPostRequestElement('ok', '***'); } // END - if - if ((isFormSent()) && (postRequestParameter('ok') != '***')) { + if ((isFormSent()) && (postRequestElement('ok') != '***')) { // All required data was entered so we check his account - $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('pass')); + $ret = ifAdminLoginDataIsValid(postRequestElement('admin_login'), postRequestElement('admin_password')); // Which status do we have? switch ($ret) { @@ -237,22 +253,26 @@ if (!isAdminRegistered()) { } // END - if // Add data to URL - if (isWhatSet()) $url .= 'what='.getWhat(); - elseif (isActionSet()) $url .= 'action='.getAction(); - elseif (isGetRequestParameterSet('area')) $url .= 'area='.getRequestParameter('area'); + if (isWhatSet()) { + $url .= 'what=' . getWhat(); + } elseif (isActionSet()) { + $url .= 'action=' . getAction(); + } elseif (isGetRequestElementSet('area')) { + $url .= 'area=' . getRequestElement('area'); + } - // Load URL - redirectToUrl($url); - break; + // Load URL + redirectToUrl($url); + break; case '404': // Administrator login not found - setPostRequestParameter('ok', $ret); - $ret = getMaskedMessage('ADMIN_ACCOUNT_404', postRequestParameter('login')); + setPostRequestElement('ok', $ret); + $ret = '{%message,ADMIN_ACCOUNT_404=' . postRequestElement('admin_login') . '%}'; destroyAdminSession(); break; - case 'pass': // Wrong password - setPostRequestParameter('ok', $ret); + case 'password': // Wrong password + setPostRequestElement('ok', $ret); $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; destroyAdminSession(); break; @@ -265,9 +285,9 @@ if (!isAdminRegistered()) { // Error detected? if ($ret != 'done') { - $content['login'] = ''; - if (isPostRequestParameterSet('login')) { - $content['login'] = postRequestParameter('login'); + $content['admin_login'] = ''; + if (isPostRequestElementSet('admin_login')) { + $content['admin_login'] = postRequestElement('admin_login'); } // END - if // Init array elements @@ -276,26 +296,37 @@ if (!isAdminRegistered()) { if (isFormSent()) { // Set messages to zero - $loginMessage = ''; $passwdMessage = ''; - - // No login entered? - if (!isPostRequestParameterSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); - - // An error comes back from login? - if ((!empty($ret)) && (postRequestParameter('ok') == '404')) $loginMessage = $ret; - - // No password entered? - if (!isPostRequestParameterSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS'); - - // Or password too short? - if (strlen(postRequestParameter('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); + $loginMessage = ''; + $passwdMessage = ''; + + // Check for login + if (!isPostRequestElementSet('admin_login')) { + // No login entered? + $loginMessage = '{--ADMIN_NO_LOGIN--}'; + } elseif ((!empty($ret)) && (postRequestElement('ok') == '404')) { + // An error comes back from login? + $loginMessage = $ret; + } - // An error comes back from login? - if ((!empty($ret)) && (postRequestParameter('ok') == 'pass')) $passwdMessage = $ret; + // Check for password + if (!isPostRequestElementSet('admin_password')) { + // No password entered? + $passwdMessage = '{--ADMIN_NO_PASS--}'; + } elseif (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')) { + // Or password too short? + $passwdMessage = '{--ADMIN_SHORT_PASS--}'; + } elseif ((!empty($ret)) && (postRequestElement('ok') == 'password')) { + // An error comes back from login? + $passwdMessage = $ret; + } - // Load message template - $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); - $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); + // Load message templates if the messages have been set + if (!empty($loginMessage)) { + $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); + } // END - if + if (!empty($passwdMessage)) { + $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); + } // END - if } // END - if // Load login form @@ -310,13 +341,13 @@ if (!isAdminRegistered()) { // Set default values $content = merge_array($content, array('target' => 'action', 'value' => 'login')); } - } elseif (isGetRequestParameterSet('area')) { + } elseif (isGetRequestElementSet('area')) { // Restore old area value $content = merge_array( $content, array( 'target' => 'area', - 'value' => getRequestParameter('area') + 'value' => getRequestElement('area') ) ); } else { @@ -327,19 +358,19 @@ if (!isAdminRegistered()) { // Load login form template loadTemplate('admin_login_form', false, $content); } // END - if -} elseif (isGetRequestParameterSet('logout')) { +} elseif (isGetRequestElementSet('logout')) { // Only try to remove cookies if (destroyAdminSession()) { // Load logout template - if (isGetRequestParameterSet('register')) { + if (isGetRequestElementSet('register')) { // Secure input - $register = getRequestParameter('register'); + $register = getRequestElement('register'); // Special logout redirect for installation of given extension loadTemplate(sprintf("admin_logout_%s_install", $register)); - } elseif (isGetRequestParameterSet('remove')) { + } elseif (isGetRequestElementSet('remove')) { // Secure input - $remove = getRequestParameter('remove'); + $remove = getRequestElement('remove'); // Special logout redirect for removal of given extension loadTemplate(sprintf("admin_logout_%s_remove", $remove)); @@ -349,14 +380,14 @@ if (!isAdminRegistered()) { } } else { // Something went wrong here... - loadTemplate('admin_settings_saved', false, '
{--ADMIN_LOGOUT_FAILED--}
'); + loadTemplate('admin_settings_unsaved', false, '{--ADMIN_LOGOUT_FAILED--}'); // Add fatal message - addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS')); + addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}'); } } else { // Maybe an Admin want's to login? - $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5')); + $ret = ifAdminCookiesAreValid(getCurrentAdminId(), getAdminMd5()); // Check status switch ($ret) { @@ -364,16 +395,13 @@ if (!isAdminRegistered()) { // Check for access control line of current menu entry runFilterChain('check_admin_acl'); - // When type of admin menu is not set fallback to old menu system - if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD'); - // Check for version and switch between old menu system and new intelligent menu system if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) { // Default area is the entrance, of course $area = 'entrance'; // Check for similar URL variable - if (isGetRequestParameterSet('area')) $area = getRequestParameter('area'); + if (isGetRequestElementSet('area')) $area = getRequestElement('area'); // Load logical-area menu-system file loadIncludeOnce('inc/modules/admin/lasys-inc.php'); @@ -388,14 +416,14 @@ if (!isAdminRegistered()) { break; case '404': // Administrator login not found - setPostRequestParameter('ok', $ret); - loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_ACCOUNT_404', getSession('admin_login'))); + setPostRequestElement('ok', $ret); + displayMessage('{%message,ADMIN_ACCOUNT_404=' . getCurrentAdminId() . '%}'); destroyAdminSession(); break; - case 'pass': // Wrong password - setPostRequestParameter('ok', $ret); - loadTemplate('admin_settings_saved', false, '{--WRONG_PASS--}'); + case 'password': // Wrong password + setPostRequestElement('ok', $ret); + displayMessage('{--WRONG_PASS--}'); destroyAdminSession(); break;