X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=f798980ef65caba77bd40755dd7a1d79cd81d907;hp=19c484adbd57a87f2480c505e3774a5d1df9afd2;hb=0715fa7aa8e5e70bcf1d957fb09ae655c3896c4e;hpb=039203d5428c9c6a3bed61fb3a9a16958c6fd44c diff --git a/inc/modules/admin.php b/inc/modules/admin.php index 19c484adbd..f798980ef6 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -18,6 +18,7 @@ * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2009 by Roland Haeder * + * Copyright (c) 2009, 2010 by Mailer Developer Team * * For more information visit: http://www.mxchange.org * * * * This program is free software; you can redistribute it and/or modify * @@ -53,19 +54,22 @@ $ret = 'init'; // Is no admin registered? if (!isAdminRegistered()) { // Admin is not registered so we have to inform the user - if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass1')) || (strlen(postRequestElement('pass1')) < 4) || (!isPostRequestElementSet('pass2')) || (strlen(postRequestElement('pass2')) < 4) || (postRequestElement('pass1') != postRequestElement('pass2')))) { - setRequestPostElement('ok', '***'); + if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass1')) || (strlen(postRequestParameter('pass1')) < 4) || (!isPostRequestParameterSet('pass2')) || (strlen(postRequestParameter('pass2')) < 4) || (postRequestParameter('pass1') != postRequestParameter('pass2')))) { + setPostRequestParameter('ok', '***'); } // END - if - if ((isFormSent()) && (postRequestElement('ok') != '***')) { + // Clear error message + $errorMessage = ''; + + if ((isFormSent()) && (postRequestParameter('ok') != '***')) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5(postRequestElement('pass1')); + $hashedPass = md5(postRequestParameter('pass1')); // Kill maybe existing session variables destroyAdminSession(false); // Do registration - $ret = addAdminAccount(postRequestElement('login'), $hashedPass, getConfig('WEBMASTER')); + $ret = addAdminAccount(postRequestParameter('login'), $hashedPass, getConfig('WEBMASTER')); // Check if registration wents fine switch ($ret) { @@ -75,21 +79,35 @@ if (!isAdminRegistered()) { // Registering is done redirectToUrl('modules.php?module=admin&register=done'); } else { - $ret = getMessage('ADMIN_CANNOT_COMPLETE'); + // Registration incomplete + $errorMessage = getMessage('ADMIN_CANNOT_COMPLETE'); + + // Set this to have our error message displayed + setPostRequestParameter('ok', '***'); } break; case 'failed': // Registration has failed - $ret = getMessage('ADMIN_REGISTER_FAILED'); + $errorMessage = getMessage('ADMIN_REGISTER_FAILED'); + + // Set this to have our error message displayed + setPostRequestParameter('ok', '***'); break; case 'already': // Admin does already exists! - $ret = getMessage('ADMIN_LOGIN_ALREADY_REG'); + $errorMessage = getMessage('ADMIN_LOGIN_ALREADY_REG'); + + // Set this to have our error message displayed + setPostRequestParameter('ok', '***'); break; default: // Any other kind will be logged - logDebugMessage(__FILE__, __LINE__, sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret)); + $errorMessage = sprintf("Unknown return code %s from ifAdminLoginDataIsValid().", $ret); + logDebugMessage(__FILE__, __LINE__, $errorMessage); + + // Set this to have our error message displayed + setPostRequestParameter('ok', '***'); break; } // END - switch } // END - if @@ -98,8 +116,8 @@ if (!isAdminRegistered()) { if ($ret != 'done') { // Init login name $content['login'] = ''; - if (isPostRequestElementSet('login')) { - $content['login'] = postRequestElement('login'); + if (isPostRequestParameterSet('login')) { + $content['login'] = postRequestParameter('login'); } // END - if // Init array elements @@ -108,7 +126,7 @@ if (!isAdminRegistered()) { $content['pass2_message'] = ''; // Yet-another notice-fix - if ((isFormSent()) && (postRequestElement('ok') == '***')) { + if ((isFormSent()) && (postRequestParameter('ok') == '***')) { // Init variables $loginMessage = ''; $pass1Message = ''; @@ -118,18 +136,18 @@ if (!isAdminRegistered()) { if (empty($content['login'])) $loginMessage = getMessage('ADMIN_NO_LOGIN'); // An error comes back from registration? - if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $ret; + if ((!empty($ret)) && ($ret != 'init')) $loginMessage = $errorMessage; // No password 1 entered or to short? - if (!isPostRequestElementSet('pass1')) $pass1Message = getMessage('ADMIN_NO_PASS1'); - elseif (strlen(postRequestElement('pass1')) < 4) $pass1Message = getMessage('ADMIN_SHORT_PASS1'); + if (!isPostRequestParameterSet('pass1')) $pass1Message = getMessage('ADMIN_NO_PASS1'); + elseif (strlen(postRequestParameter('pass1')) < 4) $pass1Message = getMessage('ADMIN_SHORT_PASS1'); // No password 2 entered or to short? - if (!isPostRequestElementSet('pass2')) $pass2Message = getMessage('ADMIN_NO_PASS2'); - elseif (strlen(postRequestElement('pass2')) < 4) $pass2Message = getMessage('ADMIN_SHORT_PASS2'); + if (!isPostRequestParameterSet('pass2')) $pass2Message = getMessage('ADMIN_NO_PASS2'); + elseif (strlen(postRequestParameter('pass2')) < 4) $pass2Message = getMessage('ADMIN_SHORT_PASS2'); // Both didn't match? - if (postRequestElement('pass1') != postRequestElement('pass2')) { + if (postRequestParameter('pass1') != postRequestParameter('pass2')) { // No match if (empty($pass1Message)) $pass1Message = getMessage('ADMIN_PASS1_MISMATCH'); if (empty($pass2Message)) $pass2Message = getMessage('ADMIN_PASS2_MISMATCH'); @@ -146,25 +164,25 @@ if (!isAdminRegistered()) { // Load register template loadTemplate('admin_reg_form', false, $content); - } -} elseif (isGetRequestElementSet('reset_pass')) { + } // END - if +} elseif (isGetRequestParameterSet('reset_pass')) { // Is the form submitted? - if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) { + if ((isPostRequestParameterSet('send_link')) && (isPostRequestParameterSet('email'))) { // Output result - loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestElement('email'))); - } elseif (isGetRequestElementSet('hash')) { + loadTemplate('admin_settings_saved', false, sendAdminPasswordResetLink(postRequestParameter('email'))); + } elseif (isGetRequestParameterSet('hash')) { // Output form for hash validation - loadTemplate('admin_validate_reset_hash_form', false, getRequestElement('hash')); - } elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('hash'))) { + loadTemplate('admin_validate_reset_hash_form', false, getRequestParameter('hash')); + } elseif ((isPostRequestParameterSet('validate_hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('hash'))) { // Validate the login data and hash - $valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login')); + $valid = adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login')); // Valid? if ($valid === true) { // Prepare content first $content = array( - 'hash' => secureString(postRequestElement('hash')), - 'login' => secureString(postRequestElement('login')) + 'hash' => secureString(postRequestParameter('hash')), + 'login' => secureString(postRequestParameter('login')) ); // Validation okay so display form for final password change @@ -173,11 +191,11 @@ if (!isAdminRegistered()) { // Cannot validate the login data and hash loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); } - } elseif ((isPostRequestElementSet('reset_pass')) && (isPostRequestElementSet('hash')) && (isPostRequestElementSet('login')) && (isPostRequestElementSet('pass1')) && (postRequestElement('pass1') == postRequestElement('pass2'))) { + } elseif ((isPostRequestParameterSet('reset_pass')) && (isPostRequestParameterSet('hash')) && (isPostRequestParameterSet('login')) && (isPostRequestParameterSet('pass1')) && (postRequestParameter('pass1') == postRequestParameter('pass2'))) { // Okay, we shall the admin password here. So first revalidate the hash - if (adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('login'))) { + if (adminResetValidateHashLogin(postRequestParameter('hash'), postRequestParameter('login'))) { // Output result - loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestElement('login'), postRequestElement('pass1'))); + loadTemplate('admin_reset_pass_done', false, doResetAdminPassword(postRequestParameter('login'), postRequestParameter('pass1'))); } else { // Validation failed loadTemplate('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2')); @@ -193,48 +211,48 @@ if (!isAdminRegistered()) { redirectToUrl('modules.php?module=admin&logout=1'); } // END - if - if (isGetRequestElementSet('register')) { + if (isGetRequestParameterSet('register')) { // Registration of first admin is done - if (getRequestElement('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE')); + if (getRequestParameter('register') == 'done') loadTemplate('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE')); } // END - if // Check if the admin has submitted data or not - if ((isFormSent()) && ((!isPostRequestElementSet('login')) || (!isPostRequestElementSet('pass')) || (strlen(postRequestElement('pass')) < 4))) { - setRequestPostElement('ok', '***'); + if ((isFormSent()) && ((!isPostRequestParameterSet('login')) || (!isPostRequestParameterSet('pass')) || (strlen(postRequestParameter('pass')) < 4))) { + setPostRequestParameter('ok', '***'); } // END - if - if ((isFormSent()) && (postRequestElement('ok') != '***')) { + if ((isFormSent()) && (postRequestParameter('ok') != '***')) { // All required data was entered so we check his account - $ret = ifAdminLoginDataIsValid(postRequestElement('login'), postRequestElement('pass')); + $ret = ifAdminLoginDataIsValid(postRequestParameter('login'), postRequestParameter('pass')); // Which status do we have? switch ($ret) { case 'done': // Admin and password are okay, so we log in now // Construct URL and redirect - $URL = 'modules.php?module=admin&'; + $url = 'modules.php?module=admin&'; // Rewrite overview module if (getWhat() == 'overview') { - setAction(getModeAction(getModule(), getWhat())); + setAction(getActionFromModuleWhat(getModule(), getWhat())); } // END - if // Add data to URL - if (isWhatSet()) $URL .= 'what='.getWhat(); - elseif (isActionSet()) $URL .= 'action='.getAction(); - elseif (isGetRequestElementSet('area')) $URL .= 'area='.getRequestElement('area'); + if (isWhatSet()) $url .= 'what='.getWhat(); + elseif (isActionSet()) $url .= 'action='.getAction(); + elseif (isGetRequestParameterSet('area')) $url .= 'area='.getRequestParameter('area'); // Load URL - redirectToUrl($URL); + redirectToUrl($url); break; case '404': // Administrator login not found - setRequestPostElement('ok', $ret); - $ret = getMaskedMessage('ADMIN_404', postRequestElement('login')); + setPostRequestParameter('ok', $ret); + $ret = getMaskedMessage('ADMIN_404', postRequestParameter('login')); destroyAdminSession(); break; case 'pass': // Wrong password - setRequestPostElement('ok', $ret); + setPostRequestParameter('ok', $ret); $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; destroyAdminSession(); break; @@ -248,8 +266,8 @@ if (!isAdminRegistered()) { // Error detected? if ($ret != 'done') { $content['login'] = ''; - if (isPostRequestElementSet('login')) { - $content['login'] = postRequestElement('login'); + if (isPostRequestParameterSet('login')) { + $content['login'] = postRequestParameter('login'); } // END - if // Init array elements @@ -261,19 +279,19 @@ if (!isAdminRegistered()) { $loginMessage = ''; $passwdMessage = ''; // No login entered? - if (!isPostRequestElementSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); + if (!isPostRequestParameterSet('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); // An error comes back from login? - if ((!empty($ret)) && (postRequestElement('ok') == '404')) $loginMessage = $ret; + if ((!empty($ret)) && (postRequestParameter('ok') == '404')) $loginMessage = $ret; // No password entered? - if (!isPostRequestElementSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS'); + if (!isPostRequestParameterSet('pass')) $passwdMessage = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen(postRequestElement('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); + if (strlen(postRequestParameter('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); // An error comes back from login? - if ((!empty($ret)) && (postRequestElement('ok') == 'pass')) $passwdMessage = $ret; + if ((!empty($ret)) && (postRequestParameter('ok') == 'pass')) $passwdMessage = $ret; // Load message template $content['login_message'] = loadTemplate('admin_login_msg', true, $loginMessage); @@ -292,9 +310,15 @@ if (!isAdminRegistered()) { // Set default values $content = merge_array($content, array('target' => 'action', 'value' => 'login')); } - } elseif (isGetRequestElementSet('area')) { + } elseif (isGetRequestParameterSet('area')) { // Restore old area value - $content = merge_array($content, array('target' => 'area', 'value' => getRequestElement('area'))); + $content = merge_array( + $content, + array( + 'target' => 'area', + 'value' => getRequestParameter('area') + ) + ); } else { // Set default values $content = merge_array($content, array('target' => 'action', 'value' => 'login')); @@ -303,19 +327,19 @@ if (!isAdminRegistered()) { // Load login form template loadTemplate('admin_login_form', false, $content); } // END - if -} elseif (isGetRequestElementSet('logout')) { +} elseif (isGetRequestParameterSet('logout')) { // Only try to remove cookies if (destroyAdminSession()) { // Load logout template - if (isGetRequestElementSet('register')) { + if (isGetRequestParameterSet('register')) { // Secure input - $register = getRequestElement('register'); + $register = getRequestParameter('register'); // Special logout redirect for installation of given extension loadTemplate(sprintf("admin_logout_%s_install", $register)); - } elseif (isGetRequestElementSet('remove')) { + } elseif (isGetRequestParameterSet('remove')) { // Secure input - $remove = getRequestElement('remove'); + $remove = getRequestParameter('remove'); // Special logout redirect for removal of given extension loadTemplate(sprintf("admin_logout_%s_remove", $remove)); @@ -349,7 +373,7 @@ if (!isAdminRegistered()) { $area = 'entrance'; // Check for similar URL variable - if (isGetRequestElementSet('area')) $area = getRequestElement('area'); + if (isGetRequestParameterSet('area')) $area = getRequestParameter('area'); // Load logical-area menu-system file loadIncludeOnce('inc/modules/admin/lasys-inc.php'); @@ -364,13 +388,13 @@ if (!isAdminRegistered()) { break; case '404': // Administrator login not found - setRequestPostElement('ok', $ret); + setPostRequestParameter('ok', $ret); loadTemplate('admin_settings_saved', false, getMaskedMessage('ADMIN_404', getSession('admin_login'))); destroyAdminSession(); break; case 'pass': // Wrong password - setRequestPostElement('ok', $ret); + setPostRequestParameter('ok', $ret); loadTemplate('admin_settings_saved', false, getMessage('WRONG_PASS')); destroyAdminSession(); break;