X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=7822bf081ffafcc12e37c2c6716ded7d0f16f7e7;hp=f72adf4b19c0210b9ef798cc2828c5ba1df85e33;hb=d9f35786166902b9bc3f402d4f2abeed5ae0528d;hpb=d52156d35605388b7554c31d08bc29f0bb167079 diff --git a/inc/modules/admin.php b/inc/modules/admin.php index f72adf4b19..7822bf081f 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -1,7 +1,7 @@ SQL_ESCAPE($_POST['hash']), - 'login' => SQL_ESCAPE($_POST['login']) + 'hash' => secureString(postRequestParameter('hash')), + 'login' => secureString(postRequestParameter('login')) ); // Validation okay so display form for final password change - LOAD_TEMPLATE("admin_reset_password_form", false, $content); + loadTemplate('admin_reset_password_form', false, $content); } else { // Cannot validate the login data and hash - LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); + loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); } - } elseif ((isset($_POST['reset_pass'])) && (!empty($_POST['hash'])) && (!empty($_POST['login'])) && (!empty($_POST['pass1'])) && ($_POST['pass1'] == $_POST['pass2'])) { + } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN($_POST['hash'], $_POST['login'])) { - // Set the password now - $OUT = ADMIN_RESET_PASSWORD($_POST['login'], $_POST['pass1']); - + if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) { // Output result - LOAD_TEMPLATE("admin_reset_pass_done", false, $OUT); + loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1'))); } else { // Validation failed - LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2')); + loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2')); } } else { // Output reset password form - LOAD_TEMPLATE("admin_send_reset_link"); + loadTemplate('admin_send_reset_link'); } -} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((get_session('admin_last') + bigintval(get_session('admin_to')) * 3600 * 24) < time())) { +} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) { // At leat one administrator account was created - if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) { + if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last'))) { // Timeout for last login, we have to logout first! - LOAD_URL("modules.php?module=admin&action=login&logout=1"); + redirectToUrl('modules.php?module=admin&logout=1'); } // END - if - if (!empty($_GET['register'])) { + if (isGetRequestParameterSet('register')) { // Registration of first admin is done - if ($_GET['register'] == "done") LOAD_TEMPLATE("admin_settings_saved", false, getMessage('ADMIN_REGISTER_DONE')); + if (getRequestParameter('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE')); } // END - if // Check if the admin has submitted data or not - if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; - if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { + if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass')) || (strlen(postRequestParameter('pass')) < 4))) { + setPostRequestParameter('ok', '***'); + } // END - if + + if ((isFormSent()) && (postRequestParameter('ok') != '***')) { // All required data was entered so we check his account - $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']); + $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('pass')); // Which status do we have? - switch ($ret) - { - case "done": // Admin and password are okay, so we log in now - // Construct URL and redirect - $URL = "modules.php?module=admin&"; - - // Rewrite overview module - if ($GLOBALS['what'] == "overview") { - $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']); - } // END - if - - // Add data to URL - if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what']; - elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action']; - elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area']; - - // Load URL - LOAD_URL($URL); - break; - - case "404": // Administrator login not found - $_POST['ok'] = $ret; - $ret = getMessage('ADMIN_NOT_FOUND'); - destroyAdminSession(); - break; - - case "pass": // Wrong password - $_POST['ok'] = $ret; - $ret = "{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]\n"; - destroyAdminSession(); - break; - - default: // Others will be logged - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret)); - break; + switch ($ret) { + case 'done': // Admin and password are okay, so we log in now + // Construct URL and redirect + $URL = 'modules.php?module=admin&'; + + // Rewrite overview module + if (getWhat() == 'overview') { + setAction(getActionFromModuleWhat(getModule(), getWhat())); + } // END - if + + // Add data to URL + if (isWhatSet()) $URL .= 'what='.getWhat(); + elseif (isActionSet()) $URL .= 'action='.getAction(); + elseif (isGetRequestParameterSet('area')) $URL .= 'area='.getRequestParameter('area'); + + // Load URL + redirectToUrl($URL); + break; + + case '404': // Administrator login not found + setPostRequestParameter('ok', $ret); + $ret = getMaskedMessage('ADMIN_404', postRequestParameter('login')); + destroyAdminSession(); + break; + + case 'pass': // Wrong password + setPostRequestParameter('ok', $ret); + $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; + destroyAdminSession(); + break; + + default: // Others will be logged + logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret)); + break; } // END - switch } // END - if // Error detected? - if ($ret != "done") { - if (!empty($_POST['login'])) { - define('__LOGIN_VALUE', $_POST['login']); - } else { - define('__LOGIN_VALUE', ""); - } + if ($ret != 'done') { + $content['login'] = ''; + if (isPostRequestParameterSet('login')) { + $content['login'] = postRequestParameter('login'); + } // END - if + + // Init array elements + $content['login_message'] = ''; + $content['pass_message'] = ''; - if (isset($_POST['ok'])) { + if (isFormSent()) { // Set messages to zero - $MSG1 = ""; $MSG2 = ""; + $loginMessage = ''; $passwdMessage = ''; // No login entered? - if (empty($_POST['login'])) $MSG1 = getMessage('ADMIN_NO_LOGIN'); + if (!isPostRequestParameterSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); // An error comes back from login? - if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret; + if ((!empty($ret)) && (postRequestParameter('ok') == '404')) $loginMessage = $ret; // No password entered? - if (empty($_POST['pass'])) $MSG2 = getMessage('ADMIN_NO_PASS'); + if (!isPostRequestParameterSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen($_POST['pass']) < 4) $MSG2 = getMessage('ADMIN_SHORT_PASS'); + if (strlen(postRequestParameter('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); // An error comes back from login? - if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret; + if ((!empty($ret)) && (postRequestParameter('ok') == 'pass')) $passwdMessage = $ret; // Load message template - define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1)); - define('__MSG_PASS' , LOAD_TEMPLATE("admin_login_msg", true, $MSG2)); - - // Reset variables - $MSG1 = ""; $MSG2 = ""; - } else { - // Set constants to empty for hiding them - define('__MSG_LOGIN', ""); - define('__MSG_PASS' , ""); - } + $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); + $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); + } // END - if // Load login form - if (!empty($GLOBALS['what'])) { + if (isWhatSet()) { // Restore old what value - $content = array('target' => "what", 'value' => $GLOBALS['what']); - } elseif (!empty($GLOBALS['action'])) { - if ($GLOBALS['action'] != "logout") { + $content = merge_array($content, array('target' => 'what', 'value' => getWhat())); + } elseif (isActionSet()) { + if (getAction() != 'logout') { // Restore old action value - $content = array('target' => "action", 'value' => $GLOBALS['action']); + $content = merge_array($content, array('target' => 'action', 'value' => getAction())); } else { // Set default values - $content = array('target' => "action", 'value' => "login"); + $content = merge_array($content, array('target' => 'action', 'value' => 'login')); } - } elseif (!empty($_GET['area'])) { + } elseif (isGetRequestParameterSet('area')) { // Restore old area value - $content = array('target' => "area", 'value' => $_GET['area']); + $content = merge_array($content, array('target' => 'area', 'value' => getRequestParameter('area'))); } else { // Set default values - $content = array('target' => "action", 'value' => "login"); + $content = merge_array($content, array('target' => 'action', 'value' => 'login')); } // Load login form template - LOAD_TEMPLATE("admin_login_form", false, $content); + loadTemplate('admin_login_form', false, $content); } // END - if -} elseif (isset($_GET['logout'])) { +} elseif (isGetRequestParameterSet('logout')) { // Only try to remove cookies if (destroyAdminSession()) { // Load logout template - if (isset($_GET['register'])) { + if (isGetRequestParameterSet('register')) { // Secure input - $register = SQL_ESCAPE($_GET['register']); + $register = getRequestParameter('register'); // Special logout redirect for installation of given extension - LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register)); - } elseif (isset($_GET['remove'])) { + loadTemplate(sprintf("admin_logout_%s_install", $register)); + } elseif (isGetRequestParameterSet('remove')) { // Secure input - $remove = SQL_ESCAPE($_GET['remove']); + $remove = getRequestParameter('remove'); // Special logout redirect for removal of given extension - LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove)); + loadTemplate(sprintf("admin_logout_%s_remove", $remove)); } else { // Logged out normally - LOAD_TEMPLATE("admin_logout"); + loadTemplate('admin_logout'); } } else { // Something went wrong here... - LOAD_TEMPLATE("admin_settings_saved", false, "
{--ADMIN_LOGOUT_FAILED--}
"); + loadTemplate('admin_settings_saved', false, '
{--ADMIN_LOGOUT_FAILED--}
'); // Add fatal message - addFatalMessage(getMessage('CANNOT_UNREG_SESS')); + addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS')); } } else { // Maybe an Admin want's to login? - $ret = CHECK_ADMIN_COOKIES(get_session('admin_login'), get_session('admin_md5')); - switch ($ret) - { - case "done": - // Check for access control line of current menu entry - define('__ACL_ALLOW', RUN_FILTER('check_admin_acl')); + $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5')); - // When type of admin menu is not set fallback to old menu system - if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', "OLD"); + // Check status + switch ($ret) { + case 'done': + // Check for access control line of current menu entry + runFilterChain('check_admin_acl'); - // Check for version and switch between old menu system and new "intelligent menu system" - if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (INCLUDE_READABLE("inc/modules/admin/lasys-inc.php"))) { - // Default area is the entrance, of course - $area = "entrance"; + // When type of admin menu is not set fallback to old menu system + if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD'); - // Check for similar URL variable - if (!empty($_GET['area'])) $area = SQL_ESCAPE($_GET['area']); + // Check for version and switch between old menu system and new intelligent menu system + if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) { + // Default area is the entrance, of course + $area = 'entrance'; - // Load "logical-area menu-system" file - LOAD_INC_ONCE("inc/modules/admin/lasys-inc.php"); + // Check for similar URL variable + if (isGetRequestParameterSet('area')) $area = getRequestParameter('area'); - // Create new-style menu system will "logical areas" - ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']); - } else { - // This little call constructs the whole default old and lacky menu system - // on left side - ADMIN_DO_ACTION($GLOBALS['what']); - } - break; - - case "404": // Administrator login not found - $_POST['ok'] = $ret; - destroyAdminSession(); - addFatalMessage(getMessage('ADMIN_NOT_FOUND')); - break; - - case "pass": // Wrong password - $_POST['ok'] = $ret; - destroyAdminSession(); - addFatalMessage(getMessage('WRONG_PASS')); - break; - - default: // Others will be logged - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_COOKIES()", $ret)); - break; - } + // Load logical-area menu-system file + loadIncludeOnce('inc/modules/admin/lasys-inc.php'); + + // Create new-style menu system will logical areas + doAdminLogicalArea($area, $action, getWhat()); + } else { + // This little call constructs the whole default old and lacky menu system + // on left side. It also renders the content on right side + doAdminAction(); + } + break; + + case '404': // Administrator login not found + setPostRequestParameter('ok', $ret); + loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_404', getSession('admin_login'))); + destroyAdminSession(); + break; + + case 'pass': // Wrong password + setPostRequestParameter('ok', $ret); + loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS')); + destroyAdminSession(); + break; + + default: // Others will be logged + logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret)); + break; + } // END - switch } -// +// [EOF] ?>