X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=b9b59ece5f405ce696c877bf469619881f8cb448;hp=c347fa817d6677ae05707b5126b51a4a479280a4;hb=4aad3058ce8599e89886118be8b1edaac220661c;hpb=5b8d588fdbfa375fa859ca80a9b9e1735a13300e diff --git a/inc/modules/admin.php b/inc/modules/admin.php index c347fa817d..b9b59ece5f 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -17,7 +17,7 @@ * Needs to be in all Files and every File needs "svn propset * * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * - * Copyright (c) 2003 - 2008 by Roland Haeder * + * Copyright (c) 2003 - 2009 by Roland Haeder * * For more information visit: http://www.mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -38,9 +38,8 @@ // Some security stuff... if (!defined('__SECURITY')) { - $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php'; - require($INC); -} + die(); +} // END - if // Load include file loadIncludeOnce('inc/modules/admin/admin-inc.php'); @@ -54,23 +53,24 @@ $ret = 'init'; // Is no admin registered? if (!isAdminRegistered()) { // Admin is not registered so we have to inform the user - if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) { - REQUEST_SET_POST('ok', '***'); - } + if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass')) || (strlen(postRequestElement('pass')) < 4))) { + setRequestPostElement('ok', '***'); + } // END - if - if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != '***')) { + if ((isFormSent()) && (postRequestElement('ok') != '***')) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5(REQUEST_POST('pass')); + $hashedPass = md5(postRequestElement('pass')); // Kill maybe existing session variables destroyAdminSession(false); // Do registration - $ret = REGISTER_ADMIN(REQUEST_POST('login'), $hashedPass, constant('WEBMASTER')); - switch ($ret) - { + $ret = addAdminAccount(postRequestElement('login'), $hashedPass, getConfig('WEBMASTER')); + + // Check if registration wents fine + switch ($ret) { case 'done': - $done = changeDataInFile(constant('PATH') . 'inc/cache/config-local.php', "ADMIN-SETUP", "setConfigEntry('ADMIN_REGISTERED', \"", "\");", 'Y', 0); + $done = changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); if ($done === true) { // Registering is done redirectToUrl('modules.php?module=admin&register=done'); @@ -90,7 +90,7 @@ if (!isAdminRegistered()) { $ret = getMessage('ADMIN_LOGIN_ALREADY_REG'); } else { // Any other kind will be logged and interpreted as 'done' - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN() and interpreted as 'done'!", $ret)); + logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid() and interpreted as 'done'!", $ret)); // @TODO Why is this set to 'done'? $ret = 'done'; } @@ -98,100 +98,93 @@ if (!isAdminRegistered()) { // Admin still not registered? if (!isAdminRegistered()) { // Write to config that registration is done - changeDataInFile(constant('PATH') . 'inc/cache/config-local.php', "ADMIN-SETUP", "setConfigEntry('ADMIN_REGISTERED', \"", "\");", 'Y', 0); + changeDataInFile(getConfig('CACHE_PATH') . 'config-local.php', 'ADMIN-SETUP', "setConfigEntry('ADMIN_REGISTERED', '", "');", 'Y', 0); // Load URL for login - redirectToUrl('modules.php?module=admin'); + redirectToUrl('admin.php'); } // END - if break; - } + } // END - switch } // Whas that action okay? if ($ret != 'done') { // Fixes another notice - if (REQUEST_ISSET_POST(('login'))) { - define('__LOGIN_VALUE', REQUEST_POST('login')); - } else { - define('__LOGIN_VALUE', ''); - } + $content['login'] = ''; + if (isPostRequestElementSet('login')) { + $content['login'] = postRequestElement('login'); + } // END - if + + // Init array elements + $content['login_message'] = ''; + $content['pass_message'] = ''; // Yet-another notice-fix - if ((IS_FORM_SENT()) && (REQUEST_POST('ok') == '***')) { + if ((isFormSent()) && (postRequestElement('ok') == '***')) { // No login entered? - if (!REQUEST_ISSET_POST(('login'))) $loginMessage = getMessage('ADMIN_NO_LOGIN'); + if (!isPostRequestElementSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); // An error comes back from registration? if (!empty($ret)) $loginMessage = $ret; // No password entered? - if (!REQUEST_ISSET_POST(('pass'))) $passwdMessage = getMessage('ADMIN_NO_PASS'); + if (!isPostRequestElementSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen(REQUEST_POST('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); + if (strlen(postRequestElement('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); // Output error messages - define('__MSG_LOGIN', LOAD_TEMPLATE('admin_login_msg', true, $loginMessage)); - define('__MSG_PASS', LOAD_TEMPLATE('admin_login_msg', true, $passwdMessage)); + $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); + $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); // Reset variables $loginMessage = ''; $passwdMessage = ''; - } else { - // Reset values to nothing - define('__MSG_LOGIN', ''); - define('__MSG_PASS' , ''); - } + } // END - if // Output message in seperate template - LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_NOT_REGISTERED')); + loadTemplate('admin_settings_saved', false, getMessage('ADMIN_NOT_REGISTERED')); // Load register template - LOAD_TEMPLATE('admin_reg_form'); + loadTemplate('admin_reg_form', false, $content); } -} elseif (REQUEST_ISSET_GET(('reset_pass'))) { +} elseif (isGetRequestElementSet('reset_pass')) { // Is the form submitted? - if ((REQUEST_ISSET_POST(('send_link'))) && (REQUEST_ISSET_POST('email'))) { - // Try to send the link out - $OUT = ADMIN_SEND_PASSWORD_RESET_LINK(REQUEST_POST('email')); - + if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) { // Output result - LOAD_TEMPLATE('admin_settings_saved', false, $OUT); - } elseif (REQUEST_ISSET_GET(('hash'))) { + loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestElement('email'))); + } elseif (isGetRequestElementSet('hash')) { // Output form for hash validation - LOAD_TEMPLATE('admin_validate_reset_hash_form', false, REQUEST_GET('hash')); - } elseif ((REQUEST_ISSET_POST(('validate_hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('hash')))) { + loadTemplate('admin_validate_reset_hash_form', false, getRequestElement('hash')); + } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('hash'))) { // Validate the login data and hash - $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login')); + $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login')); // Valid? if ($valid === true) { // Prepare content first $content = array( - 'hash' => SQL_ESCAPE(REQUEST_POST('hash')), - 'login' => SQL_ESCAPE(REQUEST_POST('login')) + 'hash' => SQL_ESCAPE(postRequestElement('hash')), + 'login' => SQL_ESCAPE(postRequestElement('login')) ); // Validation okay so display form for final password change - LOAD_TEMPLATE('admin_reset_password_form', false, $content); + loadTemplate('admin_reset_password_form', false, $content); } else { // Cannot validate the login data and hash - LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); + loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); } - } elseif ((REQUEST_ISSET_POST(('reset_pass'))) && (REQUEST_ISSET_POST(('hash'))) && (REQUEST_ISSET_POST(('login'))) && (REQUEST_ISSET_POST(('pass1'))) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) { + } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('pass1')) && (postRequestElement('pass1') == postRequestElement('pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) { - // Set the password now - $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1')); - + if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'))) { // Output result - LOAD_TEMPLATE('admin_reset_pass_done', false, $OUT); + loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestElement('login'), postRequestElement('pass1'))); } else { // Validation failed - LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2')); + loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2')); } } else { // Output reset password form - LOAD_TEMPLATE('admin_send_reset_link'); + loadTemplate('admin_send_reset_link'); } } elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((getSession('admin_last') + bigintval(getSession('admin_to')) * 3600 * 24) < time())) { // At leat one administrator account was created @@ -200,199 +193,197 @@ if (!isAdminRegistered()) { redirectToUrl('modules.php?module=admin&logout=1'); } // END - if - if (REQUEST_ISSET_GET(('register'))) { + if (isGetRequestElementSet('register')) { // Registration of first admin is done - if (REQUEST_GET('register') == 'done') LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE')); + if (getRequestElement('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE')); } // END - if // Check if the admin has submitted data or not - if ((IS_FORM_SENT()) && ((!REQUEST_ISSET_POST(('login'))) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) { - REQUEST_SET_POST('ok', '***'); + if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass')) || (strlen(postRequestElement('pass')) < 4))) { + setRequestPostElement('ok', '***'); } // END - if - if ((IS_FORM_SENT()) && (REQUEST_POST('ok') != '***')) { + if ((isFormSent()) && (postRequestElement('ok') != '***')) { // All required data was entered so we check his account - $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass')); + $ret = ifAdminLoginDataIsValid(postRequestElement('login'), postRequestElement('pass')); // Which status do we have? - switch ($ret) - { + switch ($ret) { case 'done': // Admin and password are okay, so we log in now // Construct URL and redirect $URL = 'modules.php?module=admin&'; // Rewrite overview module - if ($GLOBALS['what'] == 'overview') { - $GLOBALS['action'] = getModeAction($GLOBALS['module'], $GLOBALS['what']); + if (getWhat() == 'overview') { + setAction(getModeAction(getModule(), getWhat())); } // END - if // Add data to URL - if (!empty($GLOBALS['what'])) $URL .= 'what='.$GLOBALS['what']; - elseif (!empty($GLOBALS['action'])) $URL .= 'action='.$GLOBALS['action']; - elseif (REQUEST_ISSET_GET('area')) $URL .= 'area='.REQUEST_GET('area'); + if (isWhatSet()) $URL .= 'what='.getWhat(); + elseif (isActionSet()) $URL .= 'action='.getAction(); + elseif (isGetRequestElementSet('area')) $URL .= 'area='.getRequestElement('area'); // Load URL redirectToUrl($URL); break; case '404': // Administrator login not found - REQUEST_SET_POST('ok', $ret); - $ret = getMessage('ADMIN_NOT_FOUND'); + setRequestPostElement('ok', $ret); + $ret = sprintf(getMessage('ADMIN_404'), postRequestElement('login')); destroyAdminSession(); break; case 'pass': // Wrong password - REQUEST_SET_POST('ok', $ret); - $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; + setRequestPostElement('ok', $ret); + $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; destroyAdminSession(); break; default: // Others will be logged - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret)); + logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid()", $ret)); break; } // END - switch } // END - if // Error detected? - // @TODO Rewrite all these constants if ($ret != 'done') { - if (REQUEST_ISSET_POST(('login'))) { - define('__LOGIN_VALUE', REQUEST_POST('login')); - } else { - define('__LOGIN_VALUE', ''); - } + $content['login'] = ''; + if (isPostRequestElementSet('login')) { + $content['login'] = postRequestElement('login'); + } // END - if - if (IS_FORM_SENT()) { + // Init array elements + $content['login_message'] = ''; + $content['pass_message'] = ''; + + if (isFormSent()) { // Set messages to zero $loginMessage = ''; $passwdMessage = ''; // No login entered? - if (!REQUEST_ISSET_POST(('login'))) $loginMessage = getMessage('ADMIN_NO_LOGIN'); + if (!isPostRequestElementSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); // An error comes back from login? - if ((!empty($ret)) && (REQUEST_POST('ok') == '404')) $loginMessage = $ret; + if ((!empty($ret)) && (postRequestElement('ok') == '404')) $loginMessage = $ret; // No password entered? - if (!REQUEST_ISSET_POST(('pass'))) $passwdMessage = getMessage('ADMIN_NO_PASS'); + if (!isPostRequestElementSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen(REQUEST_POST('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); + if (strlen(postRequestElement('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); // An error comes back from login? - if ((!empty($ret)) && (REQUEST_POST('ok') == 'pass')) $passwdMessage = $ret; + if ((!empty($ret)) && (postRequestElement('ok') == 'pass')) $passwdMessage = $ret; // Load message template - define('__MSG_LOGIN', LOAD_TEMPLATE('admin_login_msg', true, $loginMessage)); - define('__MSG_PASS' , LOAD_TEMPLATE('admin_login_msg', true, $passwdMessage)); + $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); + $content['pass_message'] = loadTemplate('admin_login_msg', true, $passwdMessage); // Reset variables unset($loginMessage); unset($passwdMessage); - } else { - // Set constants to empty for hiding them - define('__MSG_LOGIN', ''); - define('__MSG_PASS' , ''); - } + } // END - if // Load login form - if (!empty($GLOBALS['what'])) { + if (isWhatSet()) { // Restore old what value - $content = array('target' => 'what', 'value' => $GLOBALS['what']); - } elseif (!empty($GLOBALS['action'])) { - if ($GLOBALS['action'] != 'logout') { + $content = merge_array($content, array('target' => 'what', 'value' => getWhat())); + } elseif (isActionSet()) { + if (getAction() != 'logout') { // Restore old action value - $content = array('target' => 'action', 'value' => $GLOBALS['action']); + $content = merge_array($content, array('target' => 'action', 'value' => getAction())); } else { // Set default values - $content = array('target' => 'action', 'value' => 'login'); + $content = merge_array($content, array('target' => 'action', 'value' => 'login')); } - } elseif (REQUEST_ISSET_GET('area')) { + } elseif (isGetRequestElementSet('area')) { // Restore old area value - $content = array('target' => 'area', 'value' => REQUEST_GET('area')); + $content = merge_array($content, array('target' => 'area', 'value' => getRequestElement('area'))); } else { // Set default values - $content = array('target' => 'action', 'value' => 'login'); + $content = merge_array($content, array('target' => 'action', 'value' => 'login')); } // Load login form template - LOAD_TEMPLATE('admin_login_form', false, $content); + loadTemplate('admin_login_form', false, $content); } // END - if -} elseif (REQUEST_ISSET_GET(('logout'))) { +} elseif (isGetRequestElementSet('logout')) { // Only try to remove cookies if (destroyAdminSession()) { // Load logout template - if (REQUEST_ISSET_GET(('register'))) { + if (isGetRequestElementSet('register')) { // Secure input - $register = REQUEST_GET(('register')); + $register = getRequestElement('register'); // Special logout redirect for installation of given extension - LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register)); - } elseif (REQUEST_ISSET_GET('remove')) { + loadTemplate(sprintf("admin_logout_%s_install", $register)); + } elseif (isGetRequestElementSet('remove')) { // Secure input - $remove = REQUEST_GET('remove'); + $remove = getRequestElement('remove'); // Special logout redirect for removal of given extension - LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove)); + loadTemplate(sprintf("admin_logout_%s_remove", $remove)); } else { // Logged out normally - LOAD_TEMPLATE('admin_logout'); + loadTemplate('admin_logout'); } } else { // Something went wrong here... - LOAD_TEMPLATE('admin_settings_saved', false, '
{--ADMIN_LOGOUT_FAILED--}
'); + loadTemplate('admin_settings_saved', false, '
{--ADMIN_LOGOUT_FAILED--}
'); // Add fatal message addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS')); } } else { // Maybe an Admin want's to login? - $ret = CHECK_ADMIN_COOKIES(getSession('admin_login'), getSession('admin_md5')); - switch ($ret) - { + $ret = ifAdminCookiesAreValid(getSession('admin_login'), getSession('admin_md5')); + + // Check status + switch ($ret) { case 'done': // Check for access control line of current menu entry - $GLOBALS['acl_allow'] = runFilterChain('check_admin_acl'); + runFilterChain('check_admin_acl'); // When type of admin menu is not set fallback to old menu system if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD'); // Check for version and switch between old menu system and new intelligent menu system - if ((ADMIN_CHECK_MENU_MODE() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) { + if ((adminGetMenuMode() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) { // Default area is the entrance, of course $area = 'entrance'; // Check for similar URL variable - if (REQUEST_ISSET_GET('area')) $area = REQUEST_GET('area'); + if (isGetRequestElementSet('area')) $area = getRequestElement('area'); // Load logical-area menu-system file loadIncludeOnce('inc/modules/admin/lasys-inc.php'); // Create new-style menu system will logical areas - ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']); + doAdminLogicalArea($area, $action, getWhat()); } else { // This little call constructs the whole default old and lacky menu system // on left side. It also renders the content on right side - ADMIN_DO_ACTION($GLOBALS['what']); + doAdminAction(); } break; case '404': // Administrator login not found - REQUEST_SET_POST('ok', $ret); + setRequestPostElement('ok', $ret); + loadTemplate('admin_settings_saved', false, sprintf(getMessage('ADMIN_404'), getSession('admin_login'))); destroyAdminSession(); - addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_NOT_FOUND')); break; case 'pass': // Wrong password - REQUEST_SET_POST('ok', $ret); + setRequestPostElement('ok', $ret); + loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS')); destroyAdminSession(); - addFatalMessage(__FILE__, __LINE__, getMessage('WRONG_PASS')); break; default: // Others will be logged - DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_COOKIES()", $ret)); + logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminCookiesAreValid()", $ret)); break; - } + } // END - switch } -// +// [EOF] ?>