X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=889af1f25d99cc59ae119a5cb974253c2ae89ca7;hp=dae1e4cdfeb98ed1d4442679f27722d0033db896;hb=2379934be6a196a54f4155bb8e24c49b20736969;hpb=ffe213c8e3f85119ddd5544214d0de9ecb833d98 diff --git a/inc/modules/admin.php b/inc/modules/admin.php index dae1e4cdfe..889af1f25d 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -14,11 +14,9 @@ * $Date:: $ * * $Tag:: 0.2.1-FINAL $ * * $Author:: $ * - * Needs to be in all Files and every File needs "svn propset * - * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * - * Copyright (c) 2009, 2010 by Mailer Developer Team * + * Copyright (c) 2009 - 2011 by Mailer Developer Team * * For more information visit: http://www.mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -54,27 +52,30 @@ $ret = 'init'; // Is no admin registered? if (!isAdminRegistered()) { // Admin is not registered so we have to inform the user - if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass1')) || (strlen(postRequestParameter('pass1')) < 4) || (!isPostRequestParameterSet('pass2')) || (strlen(postRequestParameter('pass2')) < 4) || (postRequestParameter('pass1') != postRequestParameter('pass2')))) { - setPostRequestParameter('ok', '***'); + if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_pass1')) || (strlen(postRequestElement('admin_pass1')) < getConfig('minium_admin_pass_length')) || (!isPostRequestElementSet('admin_pass2')) || (strlen(postRequestElement('admin_pass2')) < getConfig('minium_admin_pass_length')) || (postRequestElement('admin_pass1') != postRequestElement('admin_pass2')))) { + setPostRequestElement('ok', '***'); } // END - if // Clear error message $errorMessage = ''; - if ((isFormSent()) && (postRequestParameter('ok') != '***')) { + if ((isFormSent()) && (postRequestElement('ok') != '***')) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5(postRequestParameter('pass1')); + $hashedPass = md5(postRequestElement('admin_pass1')); // Kill maybe existing session variables destroyAdminSession(false); // Do registration - $ret = addAdminAccount(postRequestParameter('login'), $hashedPass, getConfig('WEBMASTER')); + $ret = addAdminAccount(postRequestElement('admin_login'), $hashedPass, getWebmaster()); // Check if registration wents fine switch ($ret) { case 'done': - $done = changeDataInFile(getCachePath() . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); + // Change ADMIN_REGISTERED entry + $done = changeDataInLocalConfigurationFile('ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); + + // Was it successfull? if ($done === true) { // Registering is done redirectToUrl('modules.php?module=admin&register=done'); @@ -83,7 +84,7 @@ if (!isAdminRegistered()) { $errorMessage = '{--ADMIN_CANNOT_COMPLETE--}'; // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); + setPostRequestElement('ok', '***'); } break; @@ -91,14 +92,14 @@ if (!isAdminRegistered()) { $errorMessage = '{--ADMIN_REGISTER_FAILED--}'; // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); + setPostRequestElement('ok', '***'); break; case 'already': // Admin does already exists! $errorMessage = '{--ADMIN_LOGIN_ALREADY_REG--}'; // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); + setPostRequestElement('ok', '***'); break; default: @@ -107,7 +108,7 @@ if (!isAdminRegistered()) { logDebugMessage(__FILE__, __LINE__, $errorMessage); // Set this to have our error message displayed - setPostRequestParameter('ok', '***'); + setPostRequestElement('ok', '***'); break; } // END - switch } // END - if @@ -115,94 +116,106 @@ if (!isAdminRegistered()) { // Whas that action okay? if ($ret != 'done') { // Init login name - $content['login'] = ''; - if (isPostRequestParameterSet('login')) { - $content['login'] = postRequestParameter('login'); + $content['admin_login'] = ''; + if (isPostRequestElementSet('admin_login')) { + $content['admin_login'] = postRequestElement('admin_login'); } // END - if // Init array elements - $content['login_message'] = ''; - $content['pass1_message'] = ''; - $content['pass2_message'] = ''; + $content['login_message'] = ''; + $content['pass1_message'] = ''; + $content['pass2_message'] = ''; + $content['error_message'] = ''; // Yet-another notice-fix - if ((isFormSent()) && (postRequestParameter('ok') == '***')) { + if ((isFormSent()) && (postRequestElement('ok') == '***')) { // Init variables $loginMessage = ''; $pass1Message = ''; $pass2Message = ''; // No login entered? - if (empty($content['login'])) $loginMessage = '{--ADMIN_NO_LOGIN--}'; + if (empty($content['admin_login'])) { + $loginMessage = '{--ADMIN_NO_LOGIN--}'; + } // END - if // An error comes back from registration? - if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $errorMessage; + if ((!empty($ret)) && ($ret != 'init')) { + $loginMessage = $errorMessage; + } // END - if // No password 1 entered or to short? - if (!isPostRequestParameterSet('pass1')) $pass1Message = '{--ADMIN_NO_PASS1--}'; - elseif (strlen(postRequestParameter('pass1')) < 4) $pass1Message = '{--ADMIN_SHORT_PASS1--}'; + if (!isPostRequestElementSet('admin_pass1')) { + $pass1Message = '{--ADMIN_NO_PASSWORD1--}'; + } elseif (strlen(postRequestElement('admin_pass1')) < getConfig('minium_admin_pass_length')) { + $pass1Message = '{--ADMIN_SHORT_PASSWORD1--}'; + } // No password 2 entered or to short? - if (!isPostRequestParameterSet('pass2')) $pass2Message = '{--ADMIN_NO_PASS2--}'; - elseif (strlen(postRequestParameter('pass2')) < 4) $pass2Message = '{--ADMIN_SHORT_PASS2--}'; + if (!isPostRequestElementSet('admin_pass2')) { + $pass2Message = '{--ADMIN_NO_PASSWORD2--}'; + } elseif (strlen(postRequestElement('admin_pass2')) < getConfig('minium_admin_pass_length')) { + $pass2Message = '{--ADMIN_SHORT_PASSWORD2--}'; + } // Both didn't match? - if (postRequestParameter('pass1') != postRequestParameter('pass2')) { + if (postRequestElement('admin_pass1') != postRequestElement('admin_pass2')) { // No match - if (empty($pass1Message)) $pass1Message = '{--ADMIN_PASS1_MISMATCH--}'; - if (empty($pass2Message)) $pass2Message = '{--ADMIN_PASS2_MISMATCH--}'; + if (empty($pass1Message)) $pass1Message = '{--ADMIN_PASSWORD1_MISMATCH--}'; + if (empty($pass2Message)) $pass2Message = '{--ADMIN_PASSWORD2_MISMATCH--}'; } // END - if // Output error messages $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); $content['pass1_message'] = loadTemplate('admin_login_msg', true, $pass1Message); $content['pass2_message'] = loadTemplate('admin_login_msg', true, $pass2Message); + $content['error_message'] = loadTemplate('admin_login_msg', true, $errorMessage); } // END - if // Output message in seperate template - loadTemplate('admin_settings_saved', false, '{--ADMIN_ACCOUNT_NOT_REGISTERED_YET--}'); + displayMessage('{--ADMIN_ACCOUNT_NOT_REGISTERED_YET--}'); // Load register template loadTemplate('admin_reg_form', false, $content); } // END - if -} elseif (isGetRequestParameterSet('reset_pass')) { +} elseif (isGetRequestElementSet('reset_pass')) { // Is the form submitted? - if ((isPostRequestParameterSet('send_link')) && (isPostRequestParameterSet('email'))) { + if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) { // Output result - loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestParameter('email'))); - } elseif (isGetRequestParameterSet('hash')) { + displayMessage(sendAdminPasswordResetLink(postRequestElement('email'))); + } elseif (isGetRequestElementSet('hash')) { // Output form for hash validation - loadTemplate('admin_validate_reset_hash_form', false, getRequestParameter('hash')); - } elseif ((isPostRequestParameterSet('validate_hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('hash'))) { + loadTemplate('admin_validate_reset_hash_form', false, getRequestElement('hash')); + } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('hash'))) { // Validate the login data and hash - $valid = adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login')); + $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login')); // Valid? if ($valid === true) { // Prepare content first $content = array( - 'hash' => secureString(postRequestParameter('hash')), - 'login' => secureString(postRequestParameter('login')) + 'hash' => postRequestElement('hash'), + 'admin_login' => postRequestElement('admin_login') ); // Validation okay so display form for final password change loadTemplate('admin_reset_password_form', false, $content); } else { // Cannot validate the login data and hash - loadTemplate('admin_settings_saved', false, '{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}'); + displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED--}'); } - } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) { + } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('admin_pass1')) && (postRequestElement('admin_pass1') == postRequestElement('admin_pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) { + if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'))) { // Output result - loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1'))); + loadTemplate('admin_reset_password_done', false, doResetAdminPassword(postRequestElement('admin_login'), postRequestElement('admin_pass1'))); } else { // Validation failed - loadTemplate('admin_settings_saved', false, '{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}'); + displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}'); } } else { // Output reset password form - loadTemplate('admin_send_reset_link'); + loadTemplate('admin_reset_password_send_link'); } } elseif ((!isSessionVariableSet('admin_id')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last'))) { // At leat one administrator account was created @@ -211,19 +224,22 @@ if (!isAdminRegistered()) { redirectToUrl('modules.php?module=admin&logout=1'); } // END - if - if (isGetRequestParameterSet('register')) { + if (isGetRequestElementSet('register')) { // Registration of first admin is done - if (getRequestParameter('register') == 'done') loadTemplate('admin_settings_saved', false, '{--ADMIN_REGISTER_DONE--}'); + if (getRequestElement('register') == 'done') { + // Regisration done! + displayMessage('{--ADMIN_REGISTER_DONE--}'); + } // END - if } // END - if // Check if the admin has submitted data or not - if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass')) || (strlen(postRequestParameter('pass')) < 4))) { - setPostRequestParameter('ok', '***'); + if ((isFormSent()) && ((!isPostRequestElementSet('admin_login')) || (!isPostRequestElementSet('admin_password')) || (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')))) { + setPostRequestElement('ok', '***'); } // END - if - if ((isFormSent()) && (postRequestParameter('ok') != '***')) { + if ((isFormSent()) && (postRequestElement('ok') != '***')) { // All required data was entered so we check his account - $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('pass')); + $ret = ifAdminLoginDataIsValid(postRequestElement('admin_login'), postRequestElement('admin_password')); // Which status do we have? switch ($ret) { @@ -237,22 +253,26 @@ if (!isAdminRegistered()) { } // END - if // Add data to URL - if (isWhatSet()) $url .= 'what='.getWhat(); - elseif (isActionSet()) $url .= 'action='.getAction(); - elseif (isGetRequestParameterSet('area')) $url .= 'area='.getRequestParameter('area'); + if (isWhatSet()) { + $url .= 'what=' . getWhat(); + } elseif (isActionSet()) { + $url .= 'action=' . getAction(); + } elseif (isGetRequestElementSet('area')) { + $url .= 'area=' . getRequestElement('area'); + } - // Load URL - redirectToUrl($url); - break; + // Load URL + redirectToUrl($url); + break; case '404': // Administrator login not found - setPostRequestParameter('ok', $ret); - $ret = getMaskedMessage('ADMIN_ACCOUNT_404', postRequestParameter('login')); + setPostRequestElement('ok', $ret); + $ret = '{%message,ADMIN_ACCOUNT_404=' . postRequestElement('admin_login') . '%}'; destroyAdminSession(); break; - case 'pass': // Wrong password - setPostRequestParameter('ok', $ret); + case 'password': // Wrong password + setPostRequestElement('ok', $ret); $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; destroyAdminSession(); break; @@ -265,9 +285,9 @@ if (!isAdminRegistered()) { // Error detected? if ($ret != 'done') { - $content['login'] = ''; - if (isPostRequestParameterSet('login')) { - $content['login'] = postRequestParameter('login'); + $content['admin_login'] = ''; + if (isPostRequestElementSet('admin_login')) { + $content['admin_login'] = postRequestElement('admin_login'); } // END - if // Init array elements @@ -276,26 +296,37 @@ if (!isAdminRegistered()) { if (isFormSent()) { // Set messages to zero - $loginMessage = ''; $passwdMessage = ''; - - // No login entered? - if (!isPostRequestParameterSet('login')) $loginMessage = '{--ADMIN_NO_LOGIN--}'; - - // An error comes back from login? - if ((!empty($ret)) && (postRequestParameter('ok') == '404')) $loginMessage = $ret; - - // No password entered? - if (!isPostRequestParameterSet('pass')) $passwdMessage = '{--ADMIN_NO_PASS--}'; - - // Or password too short? - if (strlen(postRequestParameter('pass')) < 4) $passwdMessage = '{--ADMIN_SHORT_PASS--}'; + $loginMessage = ''; + $passwdMessage = ''; + + // Check for login + if (!isPostRequestElementSet('admin_login')) { + // No login entered? + $loginMessage = '{--ADMIN_NO_LOGIN--}'; + } elseif ((!empty($ret)) && (postRequestElement('ok') == '404')) { + // An error comes back from login? + $loginMessage = $ret; + } - // An error comes back from login? - if ((!empty($ret)) && (postRequestParameter('ok') == 'pass')) $passwdMessage = $ret; + // Check for password + if (!isPostRequestElementSet('admin_password')) { + // No password entered? + $passwdMessage = '{--ADMIN_NO_PASS--}'; + } elseif (strlen(postRequestElement('admin_password')) < getConfig('minium_admin_pass_length')) { + // Or password too short? + $passwdMessage = '{--ADMIN_SHORT_PASS--}'; + } elseif ((!empty($ret)) && (postRequestElement('ok') == 'password')) { + // An error comes back from login? + $passwdMessage = $ret; + } - // Load message template - $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); - $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); + // Load message templates if the messages have been set + if (!empty($loginMessage)) { + $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); + } // END - if + if (!empty($passwdMessage)) { + $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); + } // END - if } // END - if // Load login form @@ -310,13 +341,13 @@ if (!isAdminRegistered()) { // Set default values $content = merge_array($content, array('target' => 'action', 'value' => 'login')); } - } elseif (isGetRequestParameterSet('area')) { + } elseif (isGetRequestElementSet('area')) { // Restore old area value $content = merge_array( $content, array( 'target' => 'area', - 'value' => getRequestParameter('area') + 'value' => getRequestElement('area') ) ); } else { @@ -327,19 +358,19 @@ if (!isAdminRegistered()) { // Load login form template loadTemplate('admin_login_form', false, $content); } // END - if -} elseif (isGetRequestParameterSet('logout')) { +} elseif (isGetRequestElementSet('logout')) { // Only try to remove cookies if (destroyAdminSession()) { // Load logout template - if (isGetRequestParameterSet('register')) { + if (isGetRequestElementSet('register')) { // Secure input - $register = getRequestParameter('register'); + $register = getRequestElement('register'); // Special logout redirect for installation of given extension loadTemplate(sprintf("admin_logout_%s_install", $register)); - } elseif (isGetRequestParameterSet('remove')) { + } elseif (isGetRequestElementSet('remove')) { // Secure input - $remove = getRequestParameter('remove'); + $remove = getRequestElement('remove'); // Special logout redirect for removal of given extension loadTemplate(sprintf("admin_logout_%s_remove", $remove)); @@ -349,14 +380,14 @@ if (!isAdminRegistered()) { } } else { // Something went wrong here... - loadTemplate('admin_settings_saved', false, '
{--ADMIN_LOGOUT_FAILED--}
'); + loadTemplate('admin_settings_unsaved', false, '{--ADMIN_LOGOUT_FAILED--}'); // Add fatal message addFatalMessage(__FILE__, __LINE__, '{--CANNOT_UNREG_SESS--}'); } } else { // Maybe an Admin want's to login? - $ret = ifAdminCookiesAreValid(getSession('admin_id'), getSession('admin_md5')); + $ret = ifAdminCookiesAreValid(getCurrentAdminId(), getAdminMd5()); // Check status switch ($ret) { @@ -364,16 +395,13 @@ if (!isAdminRegistered()) { // Check for access control line of current menu entry runFilterChain('check_admin_acl'); - // When type of admin menu is not set fallback to old menu system - if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD'); - // Check for version and switch between old menu system and new intelligent menu system if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) { // Default area is the entrance, of course $area = 'entrance'; // Check for similar URL variable - if (isGetRequestParameterSet('area')) $area = getRequestParameter('area'); + if (isGetRequestElementSet('area')) $area = getRequestElement('area'); // Load logical-area menu-system file loadIncludeOnce('inc/modules/admin/lasys-inc.php'); @@ -388,14 +416,14 @@ if (!isAdminRegistered()) { break; case '404': // Administrator login not found - setPostRequestParameter('ok', $ret); - loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_ACCOUNT_404', getSession('admin_id'))); + setPostRequestElement('ok', $ret); + displayMessage('{%message,ADMIN_ACCOUNT_404=' . getCurrentAdminId() . '%}'); destroyAdminSession(); break; - case 'pass': // Wrong password - setPostRequestParameter('ok', $ret); - loadTemplate('admin_settings_saved', false, '{--WRONG_PASS--}'); + case 'password': // Wrong password + setPostRequestElement('ok', $ret); + displayMessage('{--WRONG_PASS--}'); destroyAdminSession(); break;