X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=2f9bd54d5a8c13873776e11da90e8e2969791d1e;hp=cd753943fbede721c8c014dd8d3fd72b2364ae01;hb=6d8886333b637f5bace7d9a6e4e04cf28d3fbf2e;hpb=f5ebd83b36f343022977241bd9b570051ece4b0f
diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index cd753943fb..2f9bd54d5a 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -18,6 +18,7 @@
* svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
+ * Copyright (c) 2009, 2010 by Mailer Developer Team *
* For more information visit: http://www.mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -42,22 +43,22 @@ if (!defined('__SECURITY')) {
} // END - if
// Register an administrator account
-function addAdminAccount ($user, $md5, $email) {
+function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
// Login does already exist
$ret = 'already';
// Lookup the admin
$result = SQL_QUERY_ESC("SELECT `id` FROM `{?_MYSQL_PREFIX?}_admins` WHERE `login`='%s' LIMIT 1",
- array($user), __FUNCTION__, __LINE__);
+ array($adminLogin), __FUNCTION__, __LINE__);
// Is the entry there?
- if (SQL_NUMROWS($result) == '0') {
+ if (SQL_HASZERONUMS($result)) {
// Ok, let's create the admin login
SQL_QUERY_ESC("INSERT INTO `{?_MYSQL_PREFIX?}_admins` (`login`, `password`, `email`) VALUES ('%s', '%s', '%s')",
array(
- $user,
- $md5,
- $email
+ $adminLogin,
+ $passHash,
+ $adminEmail
), __FUNCTION__, __LINE__);
// All done
@@ -71,170 +72,72 @@ function addAdminAccount ($user, $md5, $email) {
return $ret;
}
-// Only be executed on login procedure!
-function ifAdminLoginDataIsValid ($admin, $password) {
- // By default no admin is found
+// This function will be executed when the admin is not logged in and has submitted his login data
+function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) {
+ // First of all, no admin login is found
$ret = '404';
- // Get admin id
- $adminId = getAdminId($admin);
-
- // Init array with admin id by default
- $data = array('admin_id' => $adminId);
-
- // Is the cache valid?
- if (isAdminHashSet($admin)) {
- // Get password from cache
- $data['password'] = getAdminHash($admin);
- $ret = 'pass';
- incrementStatsEntry('cache_hits');
-
- // Include more admins data?
- if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($GLOBALS['cache_array']['admin']['login_failures'][$adminId]))) {
- // Load them here
- $data['login_failures'] = $GLOBALS['cache_array']['admin']['login_failures'][$adminId];
- $data['last_failure'] = $GLOBALS['cache_array']['admin']['last_failure'][$adminId];
- } // END - if
- } elseif (!isExtensionActive('cache')) {
- // Add extra data via filter now
- $add = runFilterChain('sql_admin_extra_data');
-
- // Get password from DB
- $result = SQL_QUERY_ESC("SELECT `password`" . $add . " FROM `{?_MYSQL_PREFIX?}_admins` WHERE `id`=%s LIMIT 1",
- array($adminId), __FUNCTION__, __LINE__);
+ // Then we need to lookup the login name by getting the admin hash
+ $adminHash = getAdminHash($adminLogin);
- // Entry found?
- if (SQL_NUMROWS($result) == 1) {
- // Login password found
- $ret = 'pass';
+ // If this is fine, we can continue
+ if ($adminHash != '-1') {
+ // Get admin id and set it as current
+ setCurrentAdminId(getAdminId($adminLogin));
- // Fetch data
- $data = SQL_FETCHARRAY($result);
- } // END - if
-
- // Free result
- SQL_FREERESULT($result);
- }
+ // Now, we need to encode the password in the same way the one is encoded in database
+ $testHash = generateHash($adminPassword, $adminHash);
- //* DEBUG: */ outputHtml('*' . $data['password'] . '/' . md5($password) .'/' . $ret . '* ');
- if ((isset($data['password'])) && (strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
- // Generate new hash
- $data['password'] = generateHash($password);
-
- // Is the sql_patches not installed, than we cannot have a valid hashed password here!
- //* DEBUG: */ outputHtml($ret . ',' . intval(isExtensionInstalledAndOlder('sql_patches', '0.3.6')) . '/' . intval(!isExtensionInstalled('sql_patches')).' ');
- if (($ret == 'pass') && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) $ret = 'done';
- } elseif ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches'))) {
- // Old hashing way
- return $ret;
- } elseif (!isset($data['password'])) {
- // Password not found, so no valid login!
- return $ret;
- }
-
- // Generate salt of password
- $salt = substr($data['password'], 0, -40);
-
- // Check if password is same
- //* DEBUG: */ outputHtml('*' . $ret . ',' . $data['password'] . ',' . $password . ',' . $salt . '* ');
- if (($ret == 'pass') && ($data['password'] == generateHash($password, $salt)) && ((!empty($salt))) || ($data['password'] == md5($password))) {
- // Re-hash the plain passord with new random salt
- $data['password'] = generateHash($password);
-
- // Do we have 0.7.0 of admins or later?
- // Remmeber login failures if available
- if ((isExtensionInstalledAndNewer('admins', '0.7.2')) && (isset($data['login_failures']))) {
- // Store it in session
- setSession('mxchange_admin_failures', $data['login_failures']);
- setSession('mxchange_admin_last_fail', $data['last_failure']);
-
- // Update password and reset login failures
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s',`login_failures`=0,`last_failure`='0000-00-00 00:00:00' WHERE `id`=%s LIMIT 1",
- array($data['password'], $adminId), __FUNCTION__, __LINE__);
+ // If they both match, the login data is valid
+ if ($testHash == $adminHash) {
+ // All fine
+ $ret = 'done';
} else {
- // Update password
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `password`='%s' WHERE `id`=%s LIMIT 1",
- array($data['password'], $adminId), __FUNCTION__, __LINE__);
+ // Set status
+ $ret = 'pass';
}
-
- // Rebuild cache
- rebuildCacheFile('admin', 'admin');
-
- // Login has failed by default... ;-)
- $ret = 'failed1';
-
- // Password matches so login here
- if (doAdminLogin($admin, $data['password'])) {
- // All done now
- $ret = 'done';
- } // END - if
- } elseif ((empty($salt)) && ($ret == 'pass')) {
- // Something bad went wrong
- $ret = 'failed_salt';
- } elseif ($ret == 'done') {
- // Try to login here if we have the old hashing way (sql_patches not installed?)
- if (!doAdminLogin($admin, $data['password'])) {
- // Something went wrong
- $ret = 'failed2';
- } // END - if
- }
-
- // Count login failure if admins extension version is 0.7.0+
- if (($ret == 'pass') && (getExtensionVersion('admins') >= '0.7.0')) {
- // Update counter
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET login_failures`=`login_failures`+1,`last_failure`=NOW() WHERE `id`=%s LIMIT 1",
- array($adminId), __FUNCTION__, __LINE__);
-
- // Rebuild cache
- rebuildCacheFile('admin', 'admin');
} // END - if
- // Return the result
- //* DEBUG: */ die('RETURN=' . $ret);
- return $ret;
-}
-
-// Try to login the admin by setting some session/cookie variables
-function doAdminLogin ($adminLogin, $passHash) {
- // Reset failure counter on matching admins version
- if ((isExtensionInstalledAndNewer('admins', '0.7.0')) && ((isExtensionInstalledAndOlder('sql_patches', '0.3.6')) || (!isExtensionInstalled('sql_patches')))) {
- // Reset counter on out-dated sql_patches version
- SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_admins` SET `login_failures`=0, `last_failure`='0000-00-00 00:00:00' WHERE `login`='%s' LIMIT 1",
- array($adminLogin), __FUNCTION__, __LINE__);
+ // Prepare data array
+ $data = array(
+ 'login' => $adminLogin,
+ 'plain_pass' => $adminPassword,
+ 'pass_hash' => $adminHash
+ );
- // Rebuild cache
- rebuildCacheFile('admin', 'admin');
- } // END - if
+ // Run a special filter
+ runFilterChain('do_admin_login_' . $ret, $data);
- // Now set all session variables and return the result
- return ((
- setSession('admin_md5', generatePassString(generateHash($passHash, '', false)))
- ) && (
- setSession('admin_login', $adminLogin)
- ) && (
- setSession('admin_last', time())
- ));
+ // Return status
+ return $ret;
}
// Only be executed on cookie checking
-function ifAdminCookiesAreValid ($admin, $password) {
- // By default no admin cookies are found
- $ret = '404';
- $pass = '';
+function ifAdminCookiesAreValid ($adminLogin, $passHash) {
+ // First of all, no admin login is found
+ $ret = '404';
- // Get hash
- $pass = getAdminHash($admin);
- if ($pass != '-1') $ret = 'pass';
+ // Then we need to lookup the login name by getting the admin hash
+ $adminHash = getAdminHash($adminLogin);
- //* DEBUG: */ outputHtml(__FUNCTION__ . '(' . __LINE__."):".generatePassString($pass).'('.strlen($pass).")/".$password.'('.strlen($password).") ");
+ // If this is fine, we can continue
+ if ($adminHash != '-1') {
+ // Now, we need to encode the password in the same way the one is encoded in database
+ $testHash = encodeHashForCookie($adminHash);
+ //* DEBUG: */ outputHtml('adminLogin='.$adminLogin.', passHash='.$passHash.', adminHash='.$adminHash.', testHash='.$testHash.' ');
- // Check if password matches
- if (($ret == 'pass') && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass))) && (isAdmin())) {
- // Passwords matches!
- $ret = 'done';
+ // If they both match, the login data is valid
+ if ($testHash == $passHash) {
+ // All fine
+ $ret = 'done';
+ } else {
+ // Set status
+ $ret = 'pass';
+ }
} // END - if
- // Return result
+ // Return status
+ //* DEBUG: */ outputHtml('ret='.$ret);
return $ret;
}
@@ -243,7 +146,7 @@ function doAdminAction () {
// Get default what
$what = getWhat();
- //* DEBUG: */ outputHtml(__LINE__."*".$what.'/'.getModule().'/'.getAction().'/'.getWhat()."* ");
+ //* DEBUG: */ outputHtml(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'* ');
// Remove any spaces from variable
if (empty($what)) {
@@ -347,11 +250,10 @@ ORDER BY
// Do we have entries?
if (SQL_NUMROWS($result_main) > 0) {
- $OUT = '
';
$OUT .= '
';
// @TODO Rewrite this to $content = SQL_FETCHARRAY()
while (list($menu, $title, $descr) = SQL_FETCHROW($result_main)) {
- if ((isExtensionActive('admins')) && (getExtensionVersion('admins') > '0.2.0')) {
+ if (isExtensionInstalledAndNewer('admins', '0.2.0')) {
$ACL = adminsCheckAdminAcl($menu, '');
} else {
// @TODO ACL is 'allow'... hmmm
@@ -423,7 +325,7 @@ ORDER BY
// @TODO Rewrite this to $content = SQL_FETCHARRAY()
while (list($what_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) {
// Check for access level
- if ((isExtensionActive('admins')) && (getExtensionVersion('admins') > '0.2.0')) {
+ if (isExtensionInstalledAndNewer('admins', '0.2.0')) {
$ACL = adminsCheckAdminAcl('', $what_sub);
} else {
// @TODO ACL is 'allow'... hmmm
@@ -474,8 +376,6 @@ ORDER BY
$OUT .= '
';
} // END - if
-
- $OUT .= '
';
} // END - if
} // END - while
@@ -494,7 +394,7 @@ ORDER BY
}
// Create member selection box
-function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=false, $field='userid') {
+function addMemberSelectionBox ($def = 0, $add_all = false, $return = false, $none = false, $field = 'userid') {
// Output selection form with all confirmed user accounts listed
$result = SQL_QUERY("SELECT `userid`, `surname`, `family` FROM `{?_MYSQL_PREFIX?}_user_data` ORDER BY `userid` ASC", __FUNCTION__, __LINE__);
@@ -506,7 +406,7 @@ function addMemberSelectionBox ($def=0, $add_all=false, $return=false, $none=fal
elseif ($none === true) $OUT = ' ';
while ($content = SQL_FETCHARRAY($result)) {
- $OUT .= '