X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=0b483d1c7ffd716cde5164f32cd0df028af27b83;hp=b61077330aeb92fc765ba5ed331f4b7016474033;hb=27272fdaa3ad8895e6b55ec77658ad5c1f80e89c;hpb=606e585919ff565b55fb3c2cdee4a80c4e61a9c6
diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index b61077330a..0b483d1c7f 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -18,6 +18,7 @@
* svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
+ * Copyright (c) 2009, 2010 by Mailer Developer Team *
* For more information visit: http://www.mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -42,22 +43,22 @@ if (!defined('__SECURITY')) {
} // END - if
// Register an administrator account
-function addAdminAccount ($user, $md5, $email) {
+function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
// Login does already exist
$ret = 'already';
// Lookup the admin
$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1",
- array($user), __FUNCTION__, __LINE__);
+ array($adminLogin), __FUNCTION__, __LINE__);
// Is the entry there?
- if (SQL_NUMROWS($result) == '0') {
+ if (SQL_HASZERONUMS($result)) {
// Ok, let's create the admin login
SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
array(
- $user,
- $md5,
- $email
+ $adminLogin,
+ $passHash,
+ $adminEmail
), __FUNCTION__, __LINE__);
// All done
@@ -71,169 +72,79 @@ function addAdminAccount ($user, $md5, $email) {
return $ret;
}
-// Only be executed on login procedure!
-function ifAdminLoginDataIsValid ($admin, $password) {
- // By default no admin is found
+// This function will be executed when the admin is not logged in and has submitted his login data
+function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) {
+ // First of all, no admin login is found
$ret = '404';
- // Get admin id
- $adminId = getAdminId($admin);
-
- // Init array with admin id by default
- $data = array('admin_id' => $adminId);
-
- // Is the cache valid?
- if (isAdminHashSet($admin)) {
- // Get password from cache
- $data['password'] = getAdminHash($admin);
- $ret = 'pass';
- incrementStatsEntry('cache_hits');
-
- // Include more admins data?
- if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($GLOBALS['cache_array']['admin']['login_failures'][$adminId]))) {
- // Load them here
- $data['login_failures'] = $GLOBALS['cache_array']['admin']['login_failures'][$adminId];
- $data['last_failure'] = $GLOBALS['cache_array']['admin']['last_failure'][$adminId];
- } // END - if
- } elseif (!isExtensionActive('cache')) {
- // Add extra data via filter now
- $add = runFilterChain('sql_admin_extra_data');
-
- // Get password from DB
- $result = SQL_QUERY_ESC("SELECT `password`" . $add . " FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1",
- array($adminId), __FUNCTION__, __LINE__);
-
- // Entry found?
- if (SQL_NUMROWS($result) == 1) {
- // Login password found
- $ret = 'pass';
-
- // Fetch data
- $data = SQL_FETCHARRAY($result);
- } // END - if
-
- // Free result
- SQL_FREERESULT($result);
- }
+ // Get admin id from login
+ $adminId = getAdminId($adminLogin);
- //* DEBUG: */ outputHtml("*".$data['password'].'/'.md5($password).'/'.$ret." ");
- if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
- // Generate new hash
- $data['password'] = generateHash($password);
-
- // Is the sql_patches not installed, than we cannot have a valid hashed password here!
- if (($ret == 'pass') && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) $ret = 'done';
- } elseif ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches'))) {
- // Old hashing way
- return $ret;
- } elseif (!isset($data['password'])) {
- // Password not found, so no valid login!
- return $ret;
- }
+ // Continue only with found admin ids
+ if ($adminId > 0) {
+ // Then we need to lookup the login name by getting the admin hash
+ $adminHash = getAdminHash($adminId);
- // Generate salt of password
- $salt = substr($data['password'], 0, -40);
-
- // Check if password is same
- //* DEBUG: */ outputHtml("*".$ret.','.$data['password'].','.$password.','.$salt."* ");
- if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == $password)) {
- // Re-hash the plain passord with new random salt
- $data['password'] = generateHash($password);
-
- // Do we have 0.7.0 of admins or later?
- // Remmeber login failures if available
- if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($data['login_failures']))) {
- // Store it in session
- setSession('mxchange_admin_failures', $data['login_failures']);
- setSession('mxchange_admin_last_fail', $data['last_failure']);
-
- // Update password and reset login failures
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s',`login_failures`=0,`last_failure`='0000-00-00 00:00:00' WHERE `id`=%s LIMIT 1",
- array($data['password'], $adminId), __FUNCTION__, __LINE__);
- } else {
- // Update password
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `id`=%s LIMIT 1",
- array($data['password'], $adminId), __FUNCTION__, __LINE__);
- }
+ // If this is fine, we can continue
+ if ($adminHash != '-1') {
+ // Get admin id and set it as current
+ setCurrentAdminId($adminId);
- // Rebuild cache
- rebuildCacheFile('admin', 'admin');
+ // Now, we need to encode the password in the same way the one is encoded in database
+ $testHash = generateHash($adminPassword, $adminHash);
- // Login has failed by default... ;-)
- $ret = 'failed1';
-
- // Password matches so login here
- if (doAdminLogin($admin, $data['password'])) {
- // All done now
- $ret = 'done';
- } // END - if
- } elseif ((empty($salt)) && ($ret == 'pass')) {
- // Something bad went wrong
- $ret = 'failed_salt';
- } elseif ($ret == 'done') {
- // Try to login here if we have the old hashing way (sql_patches not installed?)
- if (!doAdminLogin($admin, $data['password'])) {
- // Something went wrong
- $ret = 'failed2';
+ // If they both match, the login data is valid
+ if ($testHash == $adminHash) {
+ // All fine
+ $ret = 'done';
+ } else {
+ // Set status
+ $ret = 'password';
+ }
} // END - if
- }
-
- // Count login failure if admins extension version is 0.7.0+
- if (($ret == 'pass') && (getExtensionVersion('admins') >= '0.7.0')) {
- // Update counter
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `id`=%s LIMIT 1",
- array($adminId), __FUNCTION__, __LINE__);
-
- // Rebuild cache
- rebuildCacheFile('admin', 'admin');
} // END - if
- // Return the result
- //* DEBUG: */ die('RETURN=' . $ret);
- return $ret;
-}
-
-// Try to login the admin by setting some session/cookie variables
-function doAdminLogin ($adminLogin, $passHash) {
- // Reset failure counter on matching admins version
- if ((isExtensionInstalledAndNewer('admins', '0.7.0')) && ((isExtensionOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) {
- // Reset counter on out-dated sql_patches version
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login_failures`=0, `last_failure`='0000-00-00 00:00:00' WHERE `login`='%s' LIMIT 1",
- array($adminLogin), __FUNCTION__, __LINE__);
+ // Prepare data array
+ $data = array(
+ 'id' => $adminId,
+ 'login' => $adminLogin,
+ 'plain_pass' => $adminPassword,
+ 'pass_hash' => $adminHash
+ );
- // Rebuild cache
- rebuildCacheFile('admin', 'admin');
- } // END - if
+ // Run a special filter
+ runFilterChain('do_admin_login_' . $ret, $data);
- // Now set all session variables and return the result
- return ((
- setSession('admin_md5', generatePassString($passHash))
- ) && (
- setSession('admin_login', $adminLogin)
- ) && (
- setSession('admin_last', time())
- ));
+ // Return status
+ return $ret;
}
// Only be executed on cookie checking
-function ifAdminCookiesAreValid ($admin, $password) {
- // By default no admin cookies are found
- $ret = '404';
- $pass = '';
+function ifAdminCookiesAreValid ($adminLogin, $passHash) {
+ // First of all, no admin login is found
+ $ret = '404';
- // Get hash
- $pass = getAdminHash($admin);
- if ($pass != '-1') $ret = 'pass';
+ // Then we need to lookup the login name by getting the admin hash
+ $adminHash = getAdminHash($adminLogin);
- //* DEBUG: */ outputHtml(__FUNCTION__."(".__LINE__."):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).") ");
+ // If this is fine, we can continue
+ if ($adminHash != '-1') {
+ // Now, we need to encode the password in the same way the one is encoded in database
+ $testHash = encodeHashForCookie($adminHash);
+ //* DEBUG: */ debugOutput('adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash);
- // Check if password matches
- if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass))) && (isAdmin())) {
- // Passwords matches!
- $ret = 'done';
+ // If they both match, the login data is valid
+ if ($testHash == $passHash) {
+ // All fine
+ $ret = 'done';
+ } else {
+ // Set status
+ $ret = 'password';
+ }
} // END - if
- // Return result
+ // Return status
+ //* DEBUG: */ debugOutput('ret='.$ret);
return $ret;
}
@@ -242,7 +153,7 @@ function doAdminAction () {
// Get default what
$what = getWhat();
- //* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."* ");
+ //* DEBUG: */ debugOutput(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*');
// Remove any spaces from variable
if (empty($what)) {
@@ -254,10 +165,10 @@ function doAdminAction () {
}
// Get action value
- $action = getModeAction(getModule(), $what);
+ $action = getActionFromModuleWhat(getModule(), $what);
// Define admin login name and id number
- $content['login'] = getSession('admin_login');
+ $content['login'] = getAdminLogin(getSession('admin_id'));
$content['id'] = getCurrentAdminId();
// Preload templates
@@ -306,14 +217,14 @@ LIMIT 1",
loadInclude($inc);
} elseif ($GLOBALS['acl_allow'] === false) {
// Access denied
- loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACCESS_DENIED'), $what));
+ loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what));
} else {
// Include file not found! :-(
- loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_404'), $action));
+ loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action));
}
} else {
// Invalid action/what pair found!
- loadTemplate('admin_menu_failed', false, sprintf(getMessage('ADMIN_ACTION_INVALID'), $action . '/' . $what));
+ loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what));
}
// Free memory
@@ -345,12 +256,11 @@ ORDER BY
`id` DESC", __FUNCTION__, __LINE__);
// Do we have entries?
- if (SQL_NUMROWS($result_main) > 0) {
- $OUT = "
\n";
- $OUT .= "
\n";
+ if (!SQL_HASZERONUMS($result_main)) {
+ $OUT .= '
';
// @TODO Rewrite this to $content = SQL_FETCHARRAY()
while (list($menu, $title, $descr) = SQL_FETCHROW($result_main)) {
- if ((isExtensionActive('admins')) && (getExtensionVersion('admins') > '0.2.0')) {
+ if (isExtensionInstalledAndNewer('admins', '0.2.0')) {
$ACL = adminsCheckAdminAcl($menu, '');
} else {
// @TODO ACL is 'allow'... hmmm
@@ -369,33 +279,33 @@ ORDER BY
$GLOBALS['menu']['title'][$menu] = $title;
$GLOBALS['menu']['description'][$menu] = $descr;
}
- $OUT .= "
';
}
} // END - if
@@ -1350,5 +1286,150 @@ function generateAdminLink ($adminId) {
return $adminLink;
}
+// Verifies if the current admin has confirmed to alter expert settings
+//
+// Return values:
+// 'failed' = Something goes wrong (default)
+// 'agreed' = Has verified and and confirmed it to see them
+// 'forbidden' = Has not the proper right to alter them
+// 'update' = Need to update extension 'admins'
+// 'ask' = A form was send to the admin
+function doVerifyExpertSettings () {
+ // Default return status is failed
+ $return = 'failed';
+
+ // Is the extension installed and recent?
+ if (isExtensionInstalledAndNewer('admins', '0.7.3')) {
+ // Okay, load the status
+ $expertSettings = getAminsExpertSettings();
+
+ // Is he allowed?
+ if ($expertSettings == 'Y') {
+ // Okay, does he want to see them?
+ if (getAminsExpertWarning() == 'Y') {
+ // Ask for them
+ if (isFormSent()) {
+ // Is the element set, then we need to change the admin
+ if (isPostRequestParameterSet('expert_settings')) {
+ // Get it and prepare final post data array
+ $postData['login'][getCurrentAdminId()] = getAdminLogin(getCurrentAdminId());
+ $postData['expert_warning'][getCurrentAdminId()] = 'N';
+
+ // Change it in the admin
+ adminsChangeAdminAccount($postData, 'expert_warning');
+
+ // Clear form
+ unsetPostRequestParameter('ok');
+ } // END - if
+
+ // All fine!
+ $return = 'agreed';
+ } else {
+ // Send form
+ loadTemplate('admin_expert_settings_form');
+
+ // Asked for it
+ $return = 'ask';
+ }
+ } else {
+ // Do not display
+ $return = 'agreed';
+ }
+ } else {
+ // Forbidden
+ $return = 'forbidden';
+ }
+ } else {
+ // Out-dated extension or not installed
+ $return = 'update';
+ }
+
+ // Output message for other status than ask/agreed
+ if (($return != 'ask') && ($return != 'agreed')) {
+ // Output message
+ loadTemplate('admin_settings_saved', false, '{--ADMIN_EXPERT_SETTINGS_STATUS_' . strtoupper($return) . '--}');
+ } // END - if
+
+ // Return status
+ return $return;
+}
+
+// Generate link to unconfirmed mails for admin
+function generateUnconfirmedAdminLink ($id, $unconfirmed, $type = 'bid') {
+ // Init output
+ $OUT = $unconfirmed;
+
+ // Do we have unconfirmed mails?
+ if ($unconfirmed > 0) {
+ // Add link to list_unconfirmed what-file
+ $OUT = '' . translateComma($unconfirmed) . '';
+ } // END - if
+
+ // Return it
+ return $OUT;
+}
+
+// Generates a navigation row for listing emails
+function addEmailNavigation ($numPages, $offset, $show_form, $colspan, $return=false) {
+ // Don't do anything if $numPages is 1
+ if ($numPages == 1) {
+ // Abort here with empty content
+ return '';
+ } // END - if
+
+ $TOP = '';
+ if ($show_form === false) {
+ $TOP = ' top';
+ } // END - if
+
+ $NAV = '';
+ for ($page = 1; $page <= $numPages; $page++) {
+ // Is the page currently selected or shall we generate a link to it?
+ if (($page == getRequestParameter('page')) || ((!isGetRequestParameterSet('page')) && ($page == 1))) {
+ // Is currently selected, so only highlight it
+ $NAV .= '-';
+ } else {
+ // Open anchor tag and add base URL
+ $NAV .= '';
+ }
+ $NAV .= $page;
+ if (($page == getRequestParameter('page')) || ((!isGetRequestParameterSet('page')) && ($page == 1))) {
+ // Is currently selected, so only highlight it
+ $NAV .= '-';
+ } else {
+ // Close anchor tag
+ $NAV .= '';
+ }
+
+ // Add seperator if we have not yet reached total pages
+ if ($page < $numPages) {
+ // Add it
+ $NAV .= '|';
+ } // END - if
+ } // END - for
+
+ // Define constants only once
+ $content['nav'] = $NAV;
+ $content['span'] = $colspan;
+ $content['top'] = $TOP;
+
+ // Load navigation template
+ $OUT = loadTemplate('admin_email_nav_row', true, $content);
+
+ if ($return === true) {
+ // Return generated HTML-Code
+ return $OUT;
+ } else {
+ // Output HTML-Code
+ outputHtml($OUT);
+ }
+}
+
// [EOF]
?>