X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=899bd4c36ae215796af42622702046358dd6a016;hp=ae5db92b5b7706f61a24a76be471bd80073c6475;hb=306158d5fb74ec96f0c2321834f702ecb0874a7d;hpb=df4543d96d8b13dd770c34f7c84fdfa1786a4595

diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index ae5db92b5b..899bd4c36a 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -39,20 +39,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
 }
 
 //
-function REGISTER_ADMIN ($user, $md5)
+function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER)
 {
 	$ret = "failed";
 	$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
 	 array($user), __FILE__, __LINE__);
-	if (SQL_NUMROWS($result) == 0)
-	{
+	if (SQL_NUMROWS($result) == 0) {
 		// Ok, let's create the admin login
-		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')",
-		 array($user, $md5), __FILE__, __LINE__);
+		$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')",
+		 array($user, $md5, $email), __FILE__, __LINE__);
 		$ret = "done";
-	}
-	 else
-	{
+	} else {
 		// Free memory
 		SQL_FREERESULT($result);
 
@@ -66,35 +63,30 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
 {
 	global $cacheArray, $_CONFIG, $cacheInstance;
 	$ret = "404"; $pass = "";
-	if (!empty($cacheArray['admins']['aid'][$admin_login]))
-	{
+	if (!empty($cacheArray['admins']['aid'][$admin_login])) {
 		// Get password from cache
 		$pass = $cacheArray['admins']['password'][$admin_login];
 		$ret = "pass";
 		$_CONFIG['cache_hits']++;
-	}
-	 else
-	{
+	} else {
 		// Get password from DB
 		$result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
 		 array($admin_login), __FILE__, __LINE__);
-		if (SQL_NUMROWS($result) == 1)
-		{
+		if (SQL_NUMROWS($result) == 1) {
 			$ret = "pass";
 			list($pass) = SQL_FETCHROW($result);
 			SQL_FREERESULT($result);
 		}
 	}
 
-	//* DEBUG: */ echo "*".$pass."/".$password."/".$ret."<br />";
-	if ((strlen($pass) == 32) && ($pass == md5($password)))
-	{
+	/* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."<br />";
+	if ((strlen($pass) == 32) && ($pass == md5($password))) {
 		// Generate new hash
 		$pass = generateHash($password);
-		if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done";
-	}
-	 elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))
-	{
+
+		// Is the sql_patches not installed, than we cannot have a valid hashed password here!
+		if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done";
+	} elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) {
 		// Old hashing way
 		return $ret;
 	}
@@ -104,36 +96,63 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
 	$salt = __SALT;
 
 	// Check if password is same
-	if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt)))
-	{
+	//* DEBUG: */ echo "*".$ret.",".$pass.",".$password.",".$salt."*<br >\n";
+	if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) 	{
+		// Change the passord hash here
+		$pass = generateHash($password);
+
 		// Update password
 		$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
 		 array($pass, $admin_login), __FILE__, __LINE__);
 
 		// Shall I remove the cache file?
-		if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false))
-		{
+		if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) {
 			if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
 		}
 
-		// Password matches!
-		$ret = "done";
-	}
-	 elseif ((empty($salt)) && ($ret == "pass"))
-	{
+		// Login has failed by default... ;-)
+		$ret = "failed";
+
+		// Password matches so login here
+		if (LOGIN_ADMIN($admin_login, $pass)) {
+			// All done now
+			$ret = "done";
+		}
+	} elseif ((empty($salt)) && ($ret == "pass")) {
 		// Something bad went wrong
 		$ret = "failed";
+	} elseif ($ret == "done") {
+		// Try to login here if we have the old hashing way (sql_patches not installed?)
+		if (!LOGIN_ADMIN($admin_login, $pass)) {
+			// Something went wrong
+			$ret = "failed";
+		}
 	}
+
+	// Return the result
+	//* DEBUG: */ die("RETURN=".$ret);
 	return $ret;
 }
+
+// Try to login the admin by setting some session/cookie variables
+function LOGIN_ADMIN ($adminLogin, $passHash) {
+	// Now set all session variables and return the result
+	return (
+		(
+			set_session("admin_md5", generatePassString($passHash))
+		) && (
+			set_session("admin_login", $adminLogin)
+		) && (
+			set_session("admin_last", time())
+		) && (
+			set_session("admin_to", $_POST['timeout'])
+		)
+	);
+}
+
 // Only be executed on cookie checking
 function CHECK_ADMIN_COOKIES ($admin_login, $password) {
 	global $cacheArray, $_CONFIG;
-
-	// Get login and password hash
-	$admin_login = SQL_ESCAPE(get_session($admin_login));
-	$password = SQL_ESCAPE(get_session($password));
-
 	$ret = "404"; $pass = "";
 	if (!empty($cacheArray['admins']['aid'][$admin_login])) {
 		// Get password from cache
@@ -145,16 +164,21 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) {
 		$result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
 		 array($admin_login), __FILE__, __LINE__);
 		if (SQL_NUMROWS($result) == 1) {
+			// Entry found
 			$ret = "pass";
+
+			// Fetch password
 			list($pass) = SQL_FETCHROW($result);
-			SQL_FREERESULT($result);
 		}
+
+		// Free result
+		SQL_FREERESULT($result);
 	}
 
-	//* DEBUG: */ echo "*".$pass."/".$password."<br />";
+	//* DEBUG: */ echo __FUNCTION__.":".$pass."(".strlen($pass).")/".$password."(".strlen($password).")<br />\n";
 
 	// Check if password matches
-	if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password))) {
+	if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {
 		// Passwords matches!
 		$ret = "done";
 	}
@@ -163,70 +187,79 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) {
 	return $ret;
 }
 //
-function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0)
-{
-	$done = false;	$seek++; $found = false;
-	if (file_exists($file))
-	{
+function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) {
+	// Initialize some variables
+	$done = false;
+	$seek++;
+	$found = false;
+
+	// Is the file there and read-/write-able?
+	if ((file_exists($file)) && (is_readable($file)) && (is_writeable($file))) {
 		$search = "CFG: ".$comment;
 		$tmp = $file.".tmp";
-		$fp = fopen($file, 'r') or OUTPUT_HTML("<STRONG>READ:</STRONG> ".$file."<br />");
-		if ($fp)
-		{
-			$fp_tmp = fopen($tmp, 'w') or OUTPUT_HTML("<STRONG>WRITE:</STRONG> ".$tmp."<br />");
-			if ($fp_tmp)
-			{
-				while (! feof($fp))
-				{
+
+		// Open the source file
+		$fp = @fopen($file, 'r') or OUTPUT_HTML("<STRONG>READ:</STRONG> ".$file."<br />");
+
+		// Is the resource valid?
+		if (is_resource($fp)) {
+			// Open temporary file
+			$fp_tmp = @fopen($tmp, 'w') or OUTPUT_HTML("<STRONG>WRITE:</STRONG> ".$tmp."<br />");
+
+			// Is the resource again valid?
+			if (is_resource($fp_tmp)) {
+				while (!feof($fp)) {
+					// Read from source file
 					$line = fgets ($fp, 1024);
+
 					if (strpos($line, $search) > -1) { $next = 0; $found = true; }
-					if ($next > -1)
-					{
-						if ($next == $seek)
-						{
+
+					if ($next > -1) {
+						if ($next == $seek) {
 							$next = -1;
 							$line = $prefix . $DATA . $suffix."\n";
-						}
-						 else
-						{
+						} else {
 							$next++;
 						}
 					}
+
+					// Write to temp file
 					fputs($fp_tmp, $line);
 				}
+
+				// Close temp file
 				fclose($fp_tmp);
+
 				// Finished writing tmp file
 				$done = true;
 			}
+
+			// Close source file
 			fclose($fp);
-			if (($done) && ($found))
-			{
+
+			if (($done) && ($found)) {
 				// Copy back tmp file and delete tmp :-)
 				@copy($tmp, $file);
 				@unlink($tmp);
-				define ('_FATAL', false);
-			}
-			 elseif (!$found)
-			{
+				define('_FATAL', false);
+			} elseif (!$found) {
 				OUTPUT_HTML("<STRONG>CHANGE:</STRONG> 404!");
-				define ('_FATAL', true);
-			}
-			 else
-			{
+				define('_FATAL', true);
+			} else {
 				OUTPUT_HTML("<STRONG>TMP:</STRONG> UNDONE!");
-				define ('_FATAL', true);
+				define('_FATAL', true);
 			}
 		}
-	}
-	 else
-	{
+	} else {
+		// File not found, not readable or writeable
 		OUTPUT_HTML("<STRONG>404:</STRONG> ".$file."<br />");
 	}
 }
+
 //
 function ADMIN_DO_ACTION($wht)
 {
-	global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $link, $DATA;
+	global $menuDesription, $menuTitle, $_CONFIG, $cacheArray, $link, $DATA, $DEPTH;
 	//* DEBUG: */ echo __LINE__."*".$wht."/".$GLOBALS['module']."/".$GLOBALS['action']."/".$GLOBALS['what']."*<br />\n";
 	if (EXT_IS_ACTIVE("cache"))
 	{