X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=7822bf081ffafcc12e37c2c6716ded7d0f16f7e7;hp=c347fa817d6677ae05707b5126b51a4a479280a4;hb=d9f35786166902b9bc3f402d4f2abeed5ae0528d;hpb=5b8d588fdbfa375fa859ca80a9b9e1735a13300e
diff --git a/inc/modules/admin.php b/inc/modules/admin.php
index c347fa817d..7822bf081f 100644
--- a/inc/modules/admin.php
+++ b/inc/modules/admin.php
@@ -1,7 +1,7 @@
SQL_ESCAPE(REQUEST_POST('hash')),
- 'login' => SQL_ESCAPE(REQUEST_POST('login'))
+ 'hash' => secureString(postRequestParameter('hash')),
+ 'login' => secureString(postRequestParameter('login'))
);
// Validation okay so display form for final password change
- LOAD_TEMPLATE('admin_reset_password_form', false, $content);
+ loadTemplate('admin_reset_password_form', false, $content);
} else {
// Cannot validate the login data and hash
- LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
+ loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED'));
}
- } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) {
+ } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) {
// Okay, we shall the admin password here. So first revalidate the hash
- if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) {
- // Set the password now
- $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1'));
-
+ if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) {
// Output result
- LOAD_TEMPLATE('admin_reset_pass_done', false, $OUT);
+ loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1')));
} else {
// Validation failed
- LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2'));
+ loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2'));
}
} else {
// Output reset password form
- LOAD_TEMPLATE('admin_send_reset_link');
+ loadTemplate('admin_send_reset_link');
}
-} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((getSession('admin_last') + bigintval(getSession('admin_to')) * 3600 * 24) < time())) {
+} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) {
// At leat one administrator account was created
- if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) {
+ if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) {
// Timeout for last login, we have to logout first!
redirectToUrl('modules.php?module=admin&logout=1');
} // END - if
- if (REQUEST_ISSET_GET(('register'))) {
+ if (isGetRequestParameterSet('register')) {
// Registration of first admin is done
- if (REQUEST_GET('register') == 'done') LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE'));
+ if (getRequestParameter('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE'));
} // END - if
// Check if the admin has submitted data or not
- if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) {
- REQUEST_SET_POST('ok', '***');
+ if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass')) || (strlen(postRequestParameter('pass')) < 4))) {
+ setPostRequestParameter('ok', '***');
} // END - if
- if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != '***')) {
+ if ((isFormSent()) && (postRequestParameter('ok') != '***')) {
// All required data was entered so we check his account
- $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass'));
+ $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('pass'));
// Which status do we have?
- switch ($ret)
- {
+ switch ($ret) {
case 'done': // Admin and password are okay, so we log in now
// Construct URL and redirect
$URL = 'modules.php?module=admin&';
// Rewrite overview module
- if ($GLOBALS['what'] == 'overview') {
- $GLOBALS['action'] = getModeAction($GLOBALS['module'], $GLOBALS['what']);
+ if (getWhat() == 'overview') {
+ setAction(getActionFromModuleWhat(getModule(), getWhat()));
} // END - if
// Add data to URL
- if (!empty($GLOBALS['what'])) $URL .= 'what='.$GLOBALS['what'];
- elseif (!empty($GLOBALS['action'])) $URL .= 'action='.$GLOBALS['action'];
- elseif (REQUEST_ISSET_GET('area')) $URL .= 'area='.REQUEST_GET('area');
+ if (isWhatSet()) $URL .= 'what='.getWhat();
+ elseif (isActionSet()) $URL .= 'action='.getAction();
+ elseif (isGetRequestParameterSet('area')) $URL .= 'area='.getRequestParameter('area');
// Load URL
redirectToUrl($URL);
break;
case '404': // Administrator login not found
- REQUEST_SET_POST('ok', $ret);
- $ret = getMessage('ADMIN_NOT_FOUND');
+ setPostRequestParameter('ok', $ret);
+ $ret = getMaskedMessage('ADMIN_404', postRequestParameter('login'));
destroyAdminSession();
break;
case 'pass': // Wrong password
- REQUEST_SET_POST('ok', $ret);
- $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]';
+ setPostRequestParameter('ok', $ret);
+ $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]';
destroyAdminSession();
break;
default: // Others will be logged
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret));
+ logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret));
break;
} // END - switch
} // END - if
// Error detected?
- // @TODO Rewrite all these constants
if ($ret != 'done') {
- if (REQUEST_ISSET_POST(('login'))) {
- define('__LOGIN_VALUE', REQUEST_POST('login'));
- } else {
- define('__LOGIN_VALUE', '');
- }
+ $content['login'] = '';
+ if (isPostRequestParameterSet('login')) {
+ $content['login'] = postRequestParameter('login');
+ } // END - if
+
+ // Init array elements
+ $content['login_message'] = '';
+ $content['pass_message'] = '';
- if (IS_FORM_SENT()) {
+ if (isFormSent()) {
// Set messages to zero
$loginMessage = ''; $passwdMessage = '';
// No login entered?
- if (!REQUEST_ISSET_POST(('login'))) $loginMessage = getMessage('ADMIN_NO_LOGIN');
+ if (!isPostRequestParameterSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN');
// An error comes back from login?
- if ((!empty($ret)) && (REQUEST_POST('ok') == '404')) $loginMessage = $ret;
+ if ((!empty($ret)) && (postRequestParameter('ok') == '404')) $loginMessage = $ret;
// No password entered?
- if (!REQUEST_ISSET_POST(('pass'))) $passwdMessage = getMessage('ADMIN_NO_PASS');
+ if (!isPostRequestParameterSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS');
// Or password too short?
- if (strlen(REQUEST_POST('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS');
+ if (strlen(postRequestParameter('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS');
// An error comes back from login?
- if ((!empty($ret)) && (REQUEST_POST('ok') == 'pass')) $passwdMessage = $ret;
+ if ((!empty($ret)) && (postRequestParameter('ok') == 'pass')) $passwdMessage = $ret;
// Load message template
- define('__MSG_LOGIN', LOAD_TEMPLATE('admin_login_msg', true, $loginMessage));
- define('__MSG_PASS' , LOAD_TEMPLATE('admin_login_msg', true, $passwdMessage));
-
- // Reset variables
- unset($loginMessage);
- unset($passwdMessage);
- } else {
- // Set constants to empty for hiding them
- define('__MSG_LOGIN', '');
- define('__MSG_PASS' , '');
- }
+ $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage);
+ $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage);
+ } // END - if
// Load login form
- if (!empty($GLOBALS['what'])) {
+ if (isWhatSet()) {
// Restore old what value
- $content = array('target' => 'what', 'value' => $GLOBALS['what']);
- } elseif (!empty($GLOBALS['action'])) {
- if ($GLOBALS['action'] != 'logout') {
+ $content = merge_array($content, array('target' => 'what', 'value' => getWhat()));
+ } elseif (isActionSet()) {
+ if (getAction() != 'logout') {
// Restore old action value
- $content = array('target' => 'action', 'value' => $GLOBALS['action']);
+ $content = merge_array($content, array('target' => 'action', 'value' => getAction()));
} else {
// Set default values
- $content = array('target' => 'action', 'value' => 'login');
+ $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
}
- } elseif (REQUEST_ISSET_GET('area')) {
+ } elseif (isGetRequestParameterSet('area')) {
// Restore old area value
- $content = array('target' => 'area', 'value' => REQUEST_GET('area'));
+ $content = merge_array($content, array('target' => 'area', 'value' => getRequestParameter('area')));
} else {
// Set default values
- $content = array('target' => 'action', 'value' => 'login');
+ $content = merge_array($content, array('target' => 'action', 'value' => 'login'));
}
// Load login form template
- LOAD_TEMPLATE('admin_login_form', false, $content);
+ loadTemplate('admin_login_form', false, $content);
} // END - if
-} elseif (REQUEST_ISSET_GET(('logout'))) {
+} elseif (isGetRequestParameterSet('logout')) {
// Only try to remove cookies
if (destroyAdminSession()) {
// Load logout template
- if (REQUEST_ISSET_GET(('register'))) {
+ if (isGetRequestParameterSet('register')) {
// Secure input
- $register = REQUEST_GET(('register'));
+ $register = getRequestParameter('register');
// Special logout redirect for installation of given extension
- LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register));
- } elseif (REQUEST_ISSET_GET('remove')) {
+ loadTemplate(sprintf("admin_logout_%s_install", $register));
+ } elseif (isGetRequestParameterSet('remove')) {
// Secure input
- $remove = REQUEST_GET('remove');
+ $remove = getRequestParameter('remove');
// Special logout redirect for removal of given extension
- LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove));
+ loadTemplate(sprintf("admin_logout_%s_remove", $remove));
} else {
// Logged out normally
- LOAD_TEMPLATE('admin_logout');
+ loadTemplate('admin_logout');
}
} else {
// Something went wrong here...
- LOAD_TEMPLATE('admin_settings_saved', false, '{--ADMIN_LOGOUT_FAILED--}
');
+ loadTemplate('admin_settings_saved', false, '{--ADMIN_LOGOUT_FAILED--}
');
// Add fatal message
addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS'));
}
} else {
// Maybe an Admin want's to login?
- $ret = CHECK_ADMIN_COOKIES(getSession('admin_login'), getSession('admin_md5'));
- switch ($ret)
- {
+ $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5'));
+
+ // Check status
+ switch ($ret) {
case 'done':
// Check for access control line of current menu entry
- $GLOBALS['acl_allow'] = runFilterChain('check_admin_acl');
+ runFilterChain('check_admin_acl');
// When type of admin menu is not set fallback to old menu system
if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD');
// Check for version and switch between old menu system and new intelligent menu system
- if ((ADMIN_CHECK_MENU_MODE() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) {
+ if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) {
// Default area is the entrance, of course
$area = 'entrance';
// Check for similar URL variable
- if (REQUEST_ISSET_GET('area')) $area = REQUEST_GET('area');
+ if (isGetRequestParameterSet('area')) $area = getRequestParameter('area');
// Load logical-area menu-system file
loadIncludeOnce('inc/modules/admin/lasys-inc.php');
// Create new-style menu system will logical areas
- ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']);
+ doAdminLogicalArea($area, $action, getWhat());
} else {
// This little call constructs the whole default old and lacky menu system
// on left side. It also renders the content on right side
- ADMIN_DO_ACTION($GLOBALS['what']);
+ doAdminAction();
}
break;
case '404': // Administrator login not found
- REQUEST_SET_POST('ok', $ret);
+ setPostRequestParameter('ok', $ret);
+ loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_404', getSession('admin_login')));
destroyAdminSession();
- addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_NOT_FOUND'));
break;
case 'pass': // Wrong password
- REQUEST_SET_POST('ok', $ret);
+ setPostRequestParameter('ok', $ret);
+ loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS'));
destroyAdminSession();
- addFatalMessage(__FILE__, __LINE__, getMessage('WRONG_PASS'));
break;
default: // Others will be logged
- DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_COOKIES()", $ret));
+ logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret));
break;
- }
+ } // END - switch
}
-//
+// [EOF]
?>