X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=899bd4c36ae215796af42622702046358dd6a016;hp=385f7375d9e220eae2883a071cf78b17ec2886e1;hb=306158d5fb74ec96f0c2321834f702ecb0874a7d;hpb=0e899620c7a065952d6787c236fb2b33ae337d6a diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index 385f7375d9..899bd4c36a 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -39,20 +39,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // -function REGISTER_ADMIN ($user, $md5) +function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER) { $ret = "failed"; $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($user), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 0) - { + if (SQL_NUMROWS($result) == 0) { // Ok, let's create the admin login - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')", - array($user, $md5), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')", + array($user, $md5, $email), __FILE__, __LINE__); $ret = "done"; - } - else - { + } else { // Free memory SQL_FREERESULT($result); @@ -66,35 +63,30 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { global $cacheArray, $_CONFIG, $cacheInstance; $ret = "404"; $pass = ""; - if (!empty($cacheArray['admins']['aid'][$admin_login])) - { + if (!empty($cacheArray['admins']['aid'][$admin_login])) { // Get password from cache $pass = $cacheArray['admins']['password'][$admin_login]; $ret = "pass"; $_CONFIG['cache_hits']++; - } - else - { + } else { // Get password from DB $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { $ret = "pass"; list($pass) = SQL_FETCHROW($result); SQL_FREERESULT($result); } } - //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."
"; - if ((strlen($pass) == 32) && ($pass == md5($password))) - { + /* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."
"; + if ((strlen($pass) == 32) && ($pass == md5($password))) { // Generate new hash $pass = generateHash($password); - if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done"; - } - elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) - { + + // Is the sql_patches not installed, than we cannot have a valid hashed password here! + if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done"; + } elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) { // Old hashing way return $ret; } @@ -104,28 +96,60 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) $salt = __SALT; // Check if password is same - if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) - { + //* DEBUG: */ echo "*".$ret.",".$pass.",".$password.",".$salt."*
\n"; + if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) { + // Change the passord hash here + $pass = generateHash($password); + // Update password $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", array($pass, $admin_login), __FILE__, __LINE__); // Shall I remove the cache file? - if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) - { + if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) { if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy(); } - // Password matches! - $ret = "done"; - } - elseif ((empty($salt)) && ($ret == "pass")) - { + // Login has failed by default... ;-) + $ret = "failed"; + + // Password matches so login here + if (LOGIN_ADMIN($admin_login, $pass)) { + // All done now + $ret = "done"; + } + } elseif ((empty($salt)) && ($ret == "pass")) { // Something bad went wrong $ret = "failed"; + } elseif ($ret == "done") { + // Try to login here if we have the old hashing way (sql_patches not installed?) + if (!LOGIN_ADMIN($admin_login, $pass)) { + // Something went wrong + $ret = "failed"; + } } + + // Return the result + //* DEBUG: */ die("RETURN=".$ret); return $ret; } + +// Try to login the admin by setting some session/cookie variables +function LOGIN_ADMIN ($adminLogin, $passHash) { + // Now set all session variables and return the result + return ( + ( + set_session("admin_md5", generatePassString($passHash)) + ) && ( + set_session("admin_login", $adminLogin) + ) && ( + set_session("admin_last", time()) + ) && ( + set_session("admin_to", $_POST['timeout']) + ) + ); +} + // Only be executed on cookie checking function CHECK_ADMIN_COOKIES ($admin_login, $password) { global $cacheArray, $_CONFIG; @@ -140,16 +164,21 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { + // Entry found $ret = "pass"; + + // Fetch password list($pass) = SQL_FETCHROW($result); - SQL_FREERESULT($result); } + + // Free result + SQL_FREERESULT($result); } - //* DEBUG: */ echo "*".$pass."/".$password."
"; + //* DEBUG: */ echo __FUNCTION__.":".$pass."(".strlen($pass).")/".$password."(".strlen($password).")
\n"; // Check if password matches - if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password))) { + if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) { // Passwords matches! $ret = "done"; } @@ -158,70 +187,79 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { return $ret; } // -function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) -{ - $done = false; $seek++; $found = false; - if (file_exists($file)) - { +function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) { + // Initialize some variables + $done = false; + $seek++; + $found = false; + + // Is the file there and read-/write-able? + if ((file_exists($file)) && (is_readable($file)) && (is_writeable($file))) { $search = "CFG: ".$comment; $tmp = $file.".tmp"; - $fp = fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); - if ($fp) - { - $fp_tmp = fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); - if ($fp_tmp) - { - while (! feof($fp)) - { + + // Open the source file + $fp = @fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); + + // Is the resource valid? + if (is_resource($fp)) { + // Open temporary file + $fp_tmp = @fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); + + // Is the resource again valid? + if (is_resource($fp_tmp)) { + while (!feof($fp)) { + // Read from source file $line = fgets ($fp, 1024); + if (strpos($line, $search) > -1) { $next = 0; $found = true; } - if ($next > -1) - { - if ($next == $seek) - { + + if ($next > -1) { + if ($next == $seek) { $next = -1; $line = $prefix . $DATA . $suffix."\n"; - } - else - { + } else { $next++; } } + + // Write to temp file fputs($fp_tmp, $line); } + + // Close temp file fclose($fp_tmp); + // Finished writing tmp file $done = true; } + + // Close source file fclose($fp); - if (($done) && ($found)) - { + + if (($done) && ($found)) { // Copy back tmp file and delete tmp :-) @copy($tmp, $file); @unlink($tmp); - define ('_FATAL', false); - } - elseif (!$found) - { + define('_FATAL', false); + } elseif (!$found) { OUTPUT_HTML("CHANGE: 404!"); - define ('_FATAL', true); - } - else - { + define('_FATAL', true); + } else { OUTPUT_HTML("TMP: UNDONE!"); - define ('_FATAL', true); + define('_FATAL', true); } } - } - else - { + } else { + // File not found, not readable or writeable OUTPUT_HTML("404: ".$file."
"); } } + // function ADMIN_DO_ACTION($wht) { - global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $link, $DATA; + global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $link, $DATA, $DEPTH; //* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*
\n"; if (EXT_IS_ACTIVE("cache")) { @@ -334,9 +372,9 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $menuDesription[$menu] = $descr; } $OUT .= " - -  · "; - if (($menu == $act) && (empty($wht))) + +  · "; + if (($menu == $act) && (empty($wht))) { $OUT .= ""; } @@ -345,7 +383,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $OUT .= "[ "; } $OUT .= $title; - if (($menu == $act) && (empty($wht))) + if (($menu == $act) && (empty($wht))) { $OUT .= ""; } @@ -362,10 +400,10 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $menuDesription = array(); $menuTitle = array(); $SUB = true; $OUT .= " -   - - \n"; - while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) + + + \n"; } $OUT .= "\n"; @@ -473,8 +511,7 @@ function ADD_MEMBER_SELECTION_BOX($add_all = false, $return = false, $none = fal // Remeber options in constant define('_MEMBER_SELECTION', $OUT); - if (!$return) - { + if (!$return) { // Display selection box define('__LANG_VALUE', GET_LANGUAGE()); @@ -483,8 +520,7 @@ function ADD_MEMBER_SELECTION_BOX($add_all = false, $return = false, $none = fal } } // -function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") -{ +function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") { $wht = "what != ''"; if ($MODE == "action") $wht = "what='' AND action !='login'"; $result = SQL_QUERY_ESC("SELECT %s, title FROM "._MYSQL_PREFIX."_admin_menu WHERE ".$wht." ORDER BY sort", @@ -495,7 +531,7 @@ function ADMIN_MENU_SELECTION($MODE, $default="", $defid="") $OUT = "
  + \n"; + while (list($wht_sub, $title_what, $desc_what) = SQL_FETCHROW($result_what)) { // Filename $INC = sprintf(PATH."inc/modules/admin/what-%s.php", $wht_sub); @@ -385,8 +423,8 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) $menuTitle[$wht_sub] = $title_what; $menuDesription[$wht_sub] = $desc_what; $OUT .= " -
-  --> "; + +  --> "; if ($readable) { if ($wht == $wht_sub) @@ -426,7 +464,7 @@ function ADD_ADMIN_MENU($act, $wht,$return=false) // Free memory SQL_FREERESULT($result_what); $OUT .= "
-