X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin.php;h=fde00d3fc69cc3e4c8c8e2037d8e815ed69eb232;hp=a4e8aeb1e4151bdc803cf70b141cd716893941e6;hb=07612d2debcc78a93678db0deed050d82df432f1;hpb=302284be34ec6342a279566e1167837033c6fd62 diff --git a/inc/modules/admin.php b/inc/modules/admin.php index a4e8aeb1e4..fde00d3fc6 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -10,7 +10,12 @@ * -------------------------------------------------------------------- * * Kurzbeschreibung : Administrationsmodul * * -------------------------------------------------------------------- * - * * + * $Revision:: $ * + * $Date:: $ * + * $Tag:: 0.2.1-FINAL $ * + * $Author:: $ * + * Needs to be in all Files and every File needs "svn propset * + * svn:keywords Date Revision" (autoprobset!) at least!!!!!! * * -------------------------------------------------------------------- * * Copyright (c) 2003 - 2008 by Roland Haeder * * For more information visit: http://www.mxchange.org * @@ -32,316 +37,362 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { - $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; +if (!defined('__SECURITY')) { + $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), '/inc') + 4) . '/security.php'; require($INC); -} - -// Login is default -if ((empty($GLOBALS['action'])) && ($check == "admin_only")) { - // Redirect to right URL - LOAD_URL("modules.php?module=admin&action=login"); -} +} // END - if // Load include file -require_once(PATH."inc/modules/admin/admin-inc.php"); +loadIncludeOnce('inc/modules/admin/admin-inc.php'); // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!) -FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to')); +fixDeletedCookies(array('admin_login', 'admin_md5', 'admin_last', 'admin_to')); -// Is the logout empty? -if (empty($_GET['logout'])) $_GET['logout'] = ""; +// Init return value +$ret = 'init'; -if (!admin_registered) { +// Is no admin registered? +if (!isAdminRegistered()) { // Admin is not registered so we have to inform the user - if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; - if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { - // Hash the password with our new generateHash() function - $hashedPass = generateHash($_POST['pass']); + if ((isFormSent()) && ((!REQUEST_ISSET_POST('login')) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) { + REQUEST_SET_POST('ok', '***'); + } // END - if - // If the password has not been hashed we have to fall-back to md5() - if ($hashedPass == $_POST['pass']) $hashedPass = md5($hashedPass); + if ((isFormSent()) && (REQUEST_POST('ok') != '***')) { + // Hash the password with the old function because we are here in install mode + $hashedPass = md5(REQUEST_POST('pass')); - // Do registration - $ret = REGISTER_ADMIN($_POST['login'], $hashedPass); - switch ($ret) - { - case "done": - admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define ('admin_registered', ", ");", "true", 0); - if (!_FATAL) { - // Registering is done - LOAD_URL(URL."/modules.php?module=admin&action=login®ister=done"); - } else { - $ret = ADMIN_CANNOT_COMPLETE; - } - break; + // Kill maybe existing session variables + destroyAdminSession(false); - case "failed": - $ret = ADMIN_REGISTER_FAILED; - break; + // Do registration + $ret = REGISTER_ADMIN(REQUEST_POST('login'), $hashedPass, constant('WEBMASTER')); + + // Check if registration wents fine + switch ($ret) { + case 'done': + $done = changeDataInFile(constant('PATH') . 'inc/cache/config-local.php', "ADMIN-SETUP", "setConfigEntry('ADMIN_REGISTERED', \"", "\");", 'Y', 0); + if ($done === true) { + // Registering is done + redirectToUrl('modules.php?module=admin&register=done'); + } else { + $ret = getMessage('ADMIN_CANNOT_COMPLETE'); + } + break; + + case 'failed': + $ret = getMessage('ADMIN_REGISTER_FAILED'); + break; + + case 'already': + default: + if ($ret == 'already') { + // Admin does already exists! + $ret = getMessage('ADMIN_LOGIN_ALREADY_REG'); + } else { + // Any other kind will be logged and interpreted as 'done' + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN() and interpreted as 'done'!", $ret)); + // @TODO Why is this set to 'done'? + $ret = 'done'; + } - case "already": - default: - if ($ret == "already") { - // Admin does already exists! - $ret = ADMIN_LOGIN_ALREADY_REG; - } else { - // Any other kind - $ret = "done"; - } - if (!admin_registered) { - // Write to config that registration is done - admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define ('admin_registered', ", ");", "true", 0); + // Admin still not registered? + if (!isAdminRegistered()) { + // Write to config that registration is done + changeDataInFile(constant('PATH') . 'inc/cache/config-local.php', "ADMIN-SETUP", "setConfigEntry('ADMIN_REGISTERED', \"", "\");", 'Y', 0); - // Load URL for login - $URL = URL."/modules.php?module=admin&action=login"; - LOAD_URL($URL); - } - break; - } + // Load URL for login + redirectToUrl('modules.php?module=admin'); + } // END - if + break; + } // END - switch } - if ($ret != "done") { - // Fixes another "Notice" - if (!empty($_POST['login'])) { - define('__LOGIN_VALUE', $_POST['login']); + + // Whas that action okay? + if ($ret != 'done') { + // Fixes another notice + if (REQUEST_ISSET_POST('login')) { + define('__LOGIN_VALUE', REQUEST_POST('login')); } else { - define('__LOGIN_VALUE', ""); + define('__LOGIN_VALUE', ''); } - // Yet-another "Notice" fix - if ((!empty($_POST['ok'])) && ($_POST['ok'] == "***")) { + // Yet-another notice-fix + if ((isFormSent()) && (REQUEST_POST('ok') == '***')) { // No login entered? - if (empty($_POST['login'])) $MSG1 = ADMIN_NO_LOGIN; + if (!REQUEST_ISSET_POST('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); // An error comes back from registration? - if (!empty($ret)) $MSG1 = $ret; + if (!empty($ret)) $loginMessage = $ret; // No password entered? - if (empty($_POST['pass'])) $MSG2 = ADMIN_NO_PASS; + if (!REQUEST_ISSET_POST(('pass'))) $passwdMessage = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen($_POST['pass']) < 4) $MSG2 = ADMIN_SHORT_PASS; + if (strlen(REQUEST_POST('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); // Output error messages - define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1)); - define('__MSG_PASS', LOAD_TEMPLATE("admin_login_msg", true, $MSG2)); + define('__MSG_LOGIN', LOAD_TEMPLATE('admin_login_msg', true, $loginMessage)); + define('__MSG_PASS', LOAD_TEMPLATE('admin_login_msg', true, $passwdMessage)); // Reset variables - $MSG1 = ""; $MSG2 = ""; - } else { + $loginMessage = ''; $passwdMessage = ''; + } else { // Reset values to nothing - define('__MSG_LOGIN', ""); - define('__MSG_PASS' , ""); + define('__MSG_LOGIN', ''); + define('__MSG_PASS' , ''); } + // Output message in seperate template + LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_NOT_REGISTERED')); + // Load register template - LOAD_TEMPLATE("admin_reg_form"); + LOAD_TEMPLATE('admin_reg_form'); } -} elseif ((empty($_SESSION['admin_login'])) || (empty($_SESSION['admin_md5'])) || (empty($_SESSION['admin_last'])) || (empty($_SESSION['admin_to'])) || (($_SESSION['admin_last'] + bigintval($_SESSION['admin_to']) * 3600 * 24) < time())) { +} elseif (REQUEST_ISSET_GET('reset_pass')) { + // Is the form submitted? + if ((REQUEST_ISSET_POST('send_link')) && (REQUEST_ISSET_POST('email'))) { + // Try to send the link out + $OUT = ADMIN_SEND_PASSWORD_RESET_LINK(REQUEST_POST('email')); + + // Output result + LOAD_TEMPLATE('admin_settings_saved', false, $OUT); + } elseif (REQUEST_ISSET_GET('hash')) { + // Output form for hash validation + LOAD_TEMPLATE('admin_validate_reset_hash_form', false, REQUEST_GET('hash')); + } elseif ((REQUEST_ISSET_POST('validate_hash')) && (REQUEST_ISSET_POST('login')) && (REQUEST_ISSET_POST('hash'))) { + // Validate the login data and hash + $valid = ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login')); + + // Valid? + if ($valid === true) { + // Prepare content first + $content = array( + 'hash' => SQL_ESCAPE(REQUEST_POST('hash')), + 'login' => SQL_ESCAPE(REQUEST_POST('login')) + ); + + // Validation okay so display form for final password change + LOAD_TEMPLATE('admin_reset_password_form', false, $content); + } else { + // Cannot validate the login data and hash + LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED')); + } + } elseif ((REQUEST_ISSET_POST('reset_pass')) && (REQUEST_ISSET_POST('hash')) && (REQUEST_ISSET_POST('login')) && (REQUEST_ISSET_POST('pass1')) && (REQUEST_POST('pass1') == REQUEST_POST('pass2'))) { + // Okay, we shall the admin password here. So first revalidate the hash + if (ADMIN_VALIDATE_RESET_LINK_HASH_LOGIN(REQUEST_POST('hash'), REQUEST_POST('login'))) { + // Set the password now + $OUT = ADMIN_RESET_PASSWORD(REQUEST_POST('login'), REQUEST_POST('pass1')); + + // Output result + LOAD_TEMPLATE('admin_reset_pass_done', false, $OUT); + } else { + // Validation failed + LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2')); + } + } else { + // Output reset password form + LOAD_TEMPLATE('admin_send_reset_link'); + } +} elseif ((!isSessionVariableSet('admin_login')) || (!isSessionVariableSet('admin_md5')) || (!isSessionVariableSet('admin_last')) || (!isSessionVariableSet('admin_to')) || ((getSession('admin_last') + bigintval(getSession('admin_to')) * 3600 * 24) < time())) { // At leat one administrator account was created - if ((!empty($_SESSION['admin_login'])) && (!empty($_SESSION['admin_md5'])) && (!empty($_SESSION['admin_last'])) && (!empty($_SESSION['admin_to']))) { + if ((isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5')) && (isSessionVariableSet('admin_last')) && (isSessionVariableSet('admin_to'))) { // Timeout for last login, we have to logout first! - $URL = URL."/modules.php?module=admin&action=login&logout=1"; - LOAD_URL($URL); - } - if (!empty($_GET['register'])) { + redirectToUrl('modules.php?module=admin&logout=1'); + } // END - if + + if (REQUEST_ISSET_GET(('register'))) { // Registration of first admin is done - if ($_GET['register'] == "done") OUTPUT_HTML("".ADMIN_REGISTER_DONE.""); - } + if (REQUEST_GET('register') == 'done') LOAD_TEMPLATE('admin_settings_saved', false, getMessage('ADMIN_REGISTER_DONE')); + } // END - if // Check if the admin has submitted data or not - $ret = ""; - if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; - if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { + if ((isFormSent()) && ((!REQUEST_ISSET_POST('login')) || (!REQUEST_ISSET_POST(('pass'))) || (strlen(REQUEST_POST('pass')) < 4))) { + REQUEST_SET_POST('ok', '***'); + } // END - if + + if ((isFormSent()) && (REQUEST_POST('ok') != '***')) { // All required data was entered so we check his account - $ret = CHECK_ADMIN_LOGIN($_POST['login'], $_POST['pass']); - switch ($ret) - { - case "done": // Admin and password are okay, so we log in now - // Try to register the session variables - if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)))) && (set_session("admin_login", $_POST['login'])) && (set_session("admin_last", time())) && (set_session("admin_to", $_POST['timeout']))) { + $ret = CHECK_ADMIN_LOGIN(REQUEST_POST('login'), REQUEST_POST('pass')); + + // Which status do we have? + switch ($ret) { + case 'done': // Admin and password are okay, so we log in now // Construct URL and redirect - $URL = URL."/modules.php?module=admin&"; + $URL = 'modules.php?module=admin&'; // Rewrite overview module - if ($GLOBALS['what'] == "overview") { - $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']); - } + if (getWhat() == 'overview') { + setAction(getModeAction(getModule(), getWhat())); + } // END - if // Add data to URL - if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what']; - elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action']; - elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area']; - - // Load URL - LOAD_URL($URL); - } else { - OUTPUT_HTML("".ADMIN_LOGIN_FAILED.""); - ADD_FATAL(CANNOT_REGISTER_SESS); - } - break; - - case "404": // Administrator login not found - $_POST['ok'] = $ret; - $ret = ADMIN_NOT_FOUND; - break; - - case "pass": // Wrong password - $_POST['ok'] = $ret; - $ret = WRONG_PASS; - break; - } - } - if ($ret != "done") { - if (!empty($_POST['login'])) { - define('__LOGIN_VALUE', $_POST['login']); + if (isWhatSet()) $URL .= 'what='.getWhat(); + elseif (isActionSet()) $URL .= 'action='.getAction(); + elseif (REQUEST_ISSET_GET('area')) $URL .= 'area='.REQUEST_GET('area'); + + // Load URL + redirectToUrl($URL); + break; + + case '404': // Administrator login not found + REQUEST_SET_POST('ok', $ret); + $ret = getMessage('ADMIN_NOT_FOUND'); + destroyAdminSession(); + break; + + case 'pass': // Wrong password + REQUEST_SET_POST('ok', $ret); + $ret = '{--WRONG_PASS--} [{--ADMIN_RESET_PASS--}]'; + destroyAdminSession(); + break; + + default: // Others will be logged + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_LOGIN()", $ret)); + break; + } // END - switch + } // END - if + + // Error detected? + // @TODO Rewrite all these constants + if ($ret != 'done') { + if (REQUEST_ISSET_POST('login')) { + define('__LOGIN_VALUE', REQUEST_POST('login')); } else { - define('__LOGIN_VALUE', ""); + define('__LOGIN_VALUE', ''); } - if (isset($_POST['ok'])) { + if (isFormSent()) { // Set messages to zero + $loginMessage = ''; $passwdMessage = ''; - $MSG1 = ""; $MSG2 = ""; // No login entered? - if (empty($_POST['login'])) $MSG1 = ADMIN_NO_LOGIN; + if (!REQUEST_ISSET_POST('login')) $loginMessage = getMessage('ADMIN_NO_LOGIN'); // An error comes back from login? - if ((!empty($ret)) && ($_POST['ok'] == "404")) $MSG1 = $ret; + if ((!empty($ret)) && (REQUEST_POST('ok') == '404')) $loginMessage = $ret; // No password entered? - if (empty($_POST['pass'])) $MSG2 = ADMIN_NO_PASS; + if (!REQUEST_ISSET_POST(('pass'))) $passwdMessage = getMessage('ADMIN_NO_PASS'); // Or password too short? - if (strlen($_POST['pass']) < 4) $MSG2 = ADMIN_SHORT_PASS; + if (strlen(REQUEST_POST('pass')) < 4) $passwdMessage = getMessage('ADMIN_SHORT_PASS'); // An error comes back from login? - if ((!empty($ret)) && ($_POST['ok'] == "pass")) $MSG2 = $ret; + if ((!empty($ret)) && (REQUEST_POST('ok') == 'pass')) $passwdMessage = $ret; // Load message template - define('__MSG_LOGIN', LOAD_TEMPLATE("admin_login_msg", true, $MSG1)); - define('__MSG_PASS' , LOAD_TEMPLATE("admin_login_msg", true, $MSG2)); + define('__MSG_LOGIN', LOAD_TEMPLATE('admin_login_msg', true, $loginMessage)); + define('__MSG_PASS' , LOAD_TEMPLATE('admin_login_msg', true, $passwdMessage)); // Reset variables - $MSG1 = ""; $MSG2 = ""; - } else { + unset($loginMessage); + unset($passwdMessage); + } else { // Set constants to empty for hiding them - define('__MSG_LOGIN', ""); - define('__MSG_PASS' , ""); + define('__MSG_LOGIN', ''); + define('__MSG_PASS' , ''); } // Load login form - if (!empty($GLOBALS['what'])) { + if (isWhatSet()) { // Restore old what value - $content = array('target' => "what", 'value' => $GLOBALS['what']); - } elseif (!empty($GLOBALS['action'])) { - if ($GLOBALS['action'] != "logout") { + $content = array('target' => 'what', 'value' => getWhat()); + } elseif (isActionSet()) { + if (getAction() != 'logout') { // Restore old action value - $content = array('target' => "action", 'value' => $GLOBALS['action']); + $content = array('target' => 'action', 'value' => getAction()); } else { // Set default values - $content = array('target' => "action", 'value' => "login"); + $content = array('target' => 'action', 'value' => 'login'); } - } elseif (!empty($_GET['area'])) { + } elseif (REQUEST_ISSET_GET('area')) { // Restore old area value - $content = array('target' => "area", 'value' => $_GET['area']); + $content = array('target' => 'area', 'value' => REQUEST_GET('area')); } else { // Set default values - $content = array('target' => "action", 'value' => "login"); + $content = array('target' => 'action', 'value' => 'login'); } // Load login form template - LOAD_TEMPLATE("admin_login_form", false, $content); - } -} elseif ($_GET['logout'] == "1") { + LOAD_TEMPLATE('admin_login_form', false, $content); + } // END - if +} elseif (REQUEST_ISSET_GET(('logout'))) { // Only try to remove cookies - if (set_session("admin_login", "", (time() - 3600), COOKIE_PATH) && set_session("admin_md5", "", (time() - 3600), COOKIE_PATH) && set_session("admin_last", "", (time() - 3600), COOKIE_PATH) && set_session("admin_to", "", (time() - 3600), COOKIE_PATH)) { - // Also remove array elements - unset($_SESSION['admin_login']); - unset($_SESSION['admin_md5']); - unset($_SESSION['admin_last']); - unset($_SESSION['admin_to']); - - // Destroy session - @session_destroy(); - + if (destroyAdminSession()) { // Load logout template - LOAD_TEMPLATE("admin_logout"); + if (REQUEST_ISSET_GET(('register'))) { + // Secure input + $register = REQUEST_GET(('register')); + + // Special logout redirect for installation of given extension + LOAD_TEMPLATE(sprintf("admin_logout_%s_install", $register)); + } elseif (REQUEST_ISSET_GET('remove')) { + // Secure input + $remove = REQUEST_GET('remove'); + + // Special logout redirect for removal of given extension + LOAD_TEMPLATE(sprintf("admin_logout_%s_remove", $remove)); + } else { + // Logged out normally + LOAD_TEMPLATE('admin_logout'); + } } else { // Something went wrong here... - OUTPUT_HTML("".ADMIN_LOGOUT_FAILED.""); + LOAD_TEMPLATE('admin_settings_saved', false, '
{--ADMIN_LOGOUT_FAILED--}
'); // Add fatal message - ADD_FATAL(CANNOT_UNREG_SESS); + addFatalMessage(__FILE__, __LINE__, getMessage('CANNOT_UNREG_SESS')); } } else { // Maybe an Admin want's to login? - $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE($_SESSION['admin_login']), SQL_ESCAPE($_SESSION['admin_md5'])); - switch ($ret) { - case "done": - // Cookie-Data accepted - if ((set_session("admin_md5", SQL_ESCAPE($_SESSION['admin_md5']))) && (set_session("admin_login", SQL_ESCAPE($_SESSION['admin_login']))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval($_SESSION['admin_to'])))) { - // Ok, Cookie-Update done - if ((EXT_IS_ACTIVE("admins")) && (GET_EXT_VERSION("admins") > "0.2")) { - // Check if action GET variable was set - $act = SQL_ESCAPE($GLOBALS['action']); - if (!empty($GLOBALS['what'])) { - // Get action value by what-value - $act = GET_ACTION("admin", $GLOBALS['what']); - } - - // Check for access control line of current menu entry - define('__ACL_ALLOW', ADMINS_CHECK_ACL($act, $GLOBALS['what'])); - } else { - // Extension not installed so it's always allowed to access everywhere! - define('__ACL_ALLOW', true); - } + $ret = CHECK_ADMIN_COOKIES(getSession('admin_login'), getSession('admin_md5')); + switch ($ret) + { + case 'done': + // Check for access control line of current menu entry + $GLOBALS['acl_allow'] = runFilterChain('check_admin_acl'); // When type of admin menu is not set fallback to old menu system - if (empty($_CONFIG['admin_menu'])) $_CONFIG['admin_menu'] = "OLD"; + if (!isConfigEntrySet('admin_menu')) setConfigEntry('admin_menu', 'OLD'); - // Check for version and switch between old menu system and new "intelligent menu system" - if ((ADMIN_CHECK_MENU_MODE() == "NEW") && (file_exists(PATH."inc/modules/admin/la_sys-inc.php"))) { + // Check for version and switch between old menu system and new intelligent menu system + if ((ADMIN_CHECK_MENU_MODE() == 'NEW') && (isIncludeReadable('inc/modules/admin/lasys-inc.php'))) { // Default area is the entrance, of course - $area = "entrance"; + $area = 'entrance'; // Check for similar URL variable - if (!empty($_GET['area'])) $area = $_GET['area']; + if (REQUEST_ISSET_GET('area')) $area = REQUEST_GET('area'); - // Load "logical-area menu-system" file - require_once(PATH."inc/modules/admin/la_sys-inc.php"); + // Load logical-area menu-system file + loadIncludeOnce('inc/modules/admin/lasys-inc.php'); - // Create new-style menu system will "logical areas" - ADMIN_LOGICAL_AREA_SYSTEM($area, $act, $GLOBALS['what']); + // Create new-style menu system will logical areas + ADMIN_LOGICAL_AREA_SYSTEM($area, $act, getWhat()); } else { // This little call constructs the whole default old and lacky menu system - // on left side - ADMIN_DO_ACTION($GLOBALS['what']); + // on left side. It also renders the content on right side + ADMIN_DO_ACTION(getWhat()); } - } else { - // Login failed (cookies enabled?) - OUTPUT_HTML("".ADMIN_LOGIN_FAILED.""); - ADD_FATAL(CANNOT_RE_REGISTER_SESS); - } - break; + break; - case "404": // Administrator login not found - $_POST['ok'] = $ret; - ADD_FATAL(ADMIN_NOT_FOUND); - break; + case '404': // Administrator login not found + REQUEST_SET_POST('ok', $ret); + destroyAdminSession(); + addFatalMessage(__FILE__, __LINE__, getMessage('ADMIN_NOT_FOUND')); + break; - case "pass": // Wrong password - $_POST['ok'] = $ret; - ADD_FATAL(WRONG_PASS); - break; + case 'pass': // Wrong password + REQUEST_SET_POST('ok', $ret); + destroyAdminSession(); + addFatalMessage(__FILE__, __LINE__, getMessage('WRONG_PASS')); + break; + + default: // Others will be logged + DEBUG_LOG(__FILE__, __LINE__, sprintf("Unknown return code %s from CHECK_ADMIN_COOKIES()", $ret)); + break; } } -if (admin_registered) -{ - // Check config.php and inc directory for right access rights - if (is_INCWritable("config")) ADD_FATAL(FATAL_CONFIG_WRITABLE); - if (is_INCWritable("dummy")) ADD_FATAL(FATAL_INC_WRITABLE); -} // ?>