X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=899bd4c36ae215796af42622702046358dd6a016;hp=8f4623b052226b630c1cd7a9a91967ddc4f8f329;hb=306158d5fb74ec96f0c2321834f702ecb0874a7d;hpb=dbef43c3a859518367f9ee0dde8e895ec677af23
diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 8f4623b052..899bd4c36a 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -79,7 +79,7 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
}
}
- //* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."
";
+ /* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."
";
if ((strlen($pass) == 32) && ($pass == md5($password))) {
// Generate new hash
$pass = generateHash($password);
@@ -96,7 +96,11 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
$salt = __SALT;
// Check if password is same
+ //* DEBUG: */ echo "*".$ret.",".$pass.",".$password.",".$salt."*
\n";
if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) {
+ // Change the passord hash here
+ $pass = generateHash($password);
+
// Update password
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
array($pass, $admin_login), __FILE__, __LINE__);
@@ -106,15 +110,46 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
}
- // Password matches!
- $ret = "done";
+ // Login has failed by default... ;-)
+ $ret = "failed";
+
+ // Password matches so login here
+ if (LOGIN_ADMIN($admin_login, $pass)) {
+ // All done now
+ $ret = "done";
+ }
} elseif ((empty($salt)) && ($ret == "pass")) {
// Something bad went wrong
$ret = "failed";
+ } elseif ($ret == "done") {
+ // Try to login here if we have the old hashing way (sql_patches not installed?)
+ if (!LOGIN_ADMIN($admin_login, $pass)) {
+ // Something went wrong
+ $ret = "failed";
+ }
}
+
+ // Return the result
+ //* DEBUG: */ die("RETURN=".$ret);
return $ret;
}
+// Try to login the admin by setting some session/cookie variables
+function LOGIN_ADMIN ($adminLogin, $passHash) {
+ // Now set all session variables and return the result
+ return (
+ (
+ set_session("admin_md5", generatePassString($passHash))
+ ) && (
+ set_session("admin_login", $adminLogin)
+ ) && (
+ set_session("admin_last", time())
+ ) && (
+ set_session("admin_to", $_POST['timeout'])
+ )
+ );
+}
+
// Only be executed on cookie checking
function CHECK_ADMIN_COOKIES ($admin_login, $password) {
global $cacheArray, $_CONFIG;
@@ -140,7 +175,7 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) {
SQL_FREERESULT($result);
}
- //* DEBUG: */ echo __FUNCTION__.":".$pass."/".$password."
";
+ //* DEBUG: */ echo __FUNCTION__.":".$pass."(".strlen($pass).")/".$password."(".strlen($password).")
\n";
// Check if password matches
if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {