<?php
class phpListAdminAuthentication
{
public $name = 'Default phpList Authentication';
public $version = 0.1;
public $authors = 'Michiel Dethmers';
public $description = 'Provides authentication to phpList using the internal phpList administration database';
/**
* validateLogin, verify that the login credentials are correct.
*
* @param string $login the login field
* @param string $password the password
*
* @return array
* index 0 -> false if login failed, index of the administrator if successful
* index 1 -> error message when login fails
*
* eg
* return array(5,'OK'); // -> login successful for admin 5
* return array(0,'Incorrect login details'); // login failed
*/
public function validateLogin($login, $password)
{
if (empty($login) || ($password == '')) {
return array(0, s('Please enter your credentials.'));
}
$query = sprintf('select password, disabled, id from %s where loginname = "%s"', $GLOBALS['tables']['admin'],
sql_escape($login));
$req = Sql_Query($query);
$admindata = Sql_Fetch_Assoc($req);
if (!$admindata) {
return array(0, s('incorrect password'));
}
$encryptedPass = hash(HASH_ALGO, $password);
$passwordDB = $admindata['password'];
//Password encryption verification.
if (strlen($passwordDB) < $GLOBALS['hash_length']) { // Passwords are encrypted but the actual is not.
//Encrypt the actual DB password before performing the validation below.
$encryptedPassDB = hash(HASH_ALGO, $passwordDB);
$query = sprintf('update %s set password = "%s" where loginname = "%s"', $GLOBALS['tables']['admin'],
$encryptedPassDB, sql_escape($login));
$passwordDB = $encryptedPassDB;
$req = Sql_Query($query);
}
if ($admindata['disabled']) {
return array(0, s('your account has been disabled'));
}
if (
!empty($passwordDB) && $encryptedPass === $passwordDB
) {
return array($admindata['id'], 'OK');
}
else {
if (!empty($GLOBALS['admin_auth_module'])) {
Error(s('Admin authentication has changed, please update your admin module'),
'https://resources.phplist.com/documentation/errors/adminauthchange');
return;
}
return array(0, s('incorrect password'));
}
}
public function getPassword($email)
{
$email = preg_replace("/[;,\"\']/", '', $email);
$req = Sql_Query('select email,password,loginname from '.$GLOBALS['tables']['admin'].' where email = "'.sql_escape($email).'"');
if (Sql_Affected_Rows()) {
$row = Sql_Fetch_Row($req);
return $row[1];
}
}
/**
* validateAccount, verify that the logged in admin is still valid.
*
* this allows verification that the admin still exists and is valid
*
* @param int $id the ID of the admin as provided by validateLogin
*
* @return array
* index 0 -> false if failed, true if successful
* index 1 -> error message when validation fails
*
* eg
* return array(1,'OK'); // -> admin valid
* return array(0,'No such account'); // admin failed
*/
public function validateAccount($id)
{
/* can only do this after upgrade, which means
* that the first login will always fail
*/
$query = sprintf('select id, disabled,password from %s where id = %d', $GLOBALS['tables']['admin'], $id);
$data = Sql_Fetch_Row_Query($query);
if (!$data[0]) {
return array(0, s('No such account'));
} elseif ($data[1]) {
return array(0, s('your account has been disabled'));
}
//# do this separately from above, to avoid lock out when the DB hasn't been upgraded.
//# so, ignore the error
$query = sprintf('select privileges from %s where id = %d', $GLOBALS['tables']['admin'], $id);
$req = Sql_Query($query);
if ($req) {
$data = Sql_Fetch_Row($req);
} else {
$data = array();
}
if (!empty($data[0])) {
$_SESSION['privileges'] = unserialize($data[0]);
}
return array(1, 'OK');
}
/**
* adminName.
*
* Name of the currently logged in administrator
* Use for logging, eg "subscriber updated by XXXX"
* and to display ownership of lists
*
* @param int $id ID of the admin
*
* @return string;
*/
public function adminName($id)
{
$req = Sql_Fetch_Row_Query(sprintf('select loginname from %s where id = %d', $GLOBALS['tables']['admin'], $id));
return $req[0] ? $req[0] : s('Nobody');
}
/**
* adminEmail.
*
* Email address of the currently logged in administrator
* used to potentially pre-fill the "From" field in a campaign
*
* @param int $id ID of the admin
*
* @return string;
*/
public function adminEmail($id)
{
$req = Sql_Fetch_Row_Query(sprintf('select email from %s where id = %d', $GLOBALS['tables']['admin'], $id));
return $req[0] ? $req[0] : '';
}
/**
* adminIdForEmail.
*
* Return matching admin ID for an email address
* used for verifying the admin email address on a Forgot Password request
*
* @param string $email email address
*
* @return ID if found or false if not;
*/
public function adminIdForEmail($email)
{ //Obtain admin Id from a given email address.
$req = Sql_Fetch_Row_Query(sprintf('select id from %s where email = "%s"', $GLOBALS['tables']['admin'],
sql_escape($email)));
return $req[0] ? $req[0] : '';
}
/**
* isSuperUser.
*
* Return whether this admin is a super-admin or not
*
* @param int $id admin ID
*
* @return true if super-admin false if not
*/
public function isSuperUser($id)
{
$req = Sql_Fetch_Row_Query(sprintf('select superuser from %s where id = %d', $GLOBALS['tables']['admin'], $id));
return $req[0];
}
/**
* listAdmins.
*
* Return array of admins in the system
* Used in the list page to allow assigning ownership to lists
*
* @param none
*
* @return array of admins
* id => name
*/
public function listAdmins()
{
$result = array();
$req = Sql_Query("select id,loginname from {$GLOBALS['tables']['admin']} order by loginname");
while ($row = Sql_Fetch_Array($req)) {
$result[$row['id']] = $row['loginname'];
}
return $result;
}
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| PEAR | Folder | 0755 |
|
|
| PHPMailer | Folder | 0755 |
|
|
| PHPMailer6 | Folder | 0755 |
|
|
| actions | Folder | 0755 |
|
|
| css | Folder | 0755 |
|
|
| data | Folder | 0755 |
|
|
| help | Folder | 0755 |
|
|
| images | Folder | 0755 |
|
|
| inc | Folder | 0755 |
|
|
| info | Folder | 0755 |
|
|
| js | Folder | 0755 |
|
|
| locale | Folder | 0755 |
|
|
| onyxrss | Folder | 0755 |
|
|
| plugins | Folder | 0755 |
|
|
| tests | Folder | 0755 |
|
|
| ui | Folder | 0755 |
|
|
| .gitignore | File | 20 B | 0644 |
|
| .htaccess | File | 489 B | 0644 |
|
| .minceconf | File | 994 B | 0644 |
|
| AnalyticsQuery.php | File | 985 B | 0644 |
|
| CsvReader.php | File | 1.27 KB | 0644 |
|
| EmailSender.php | File | 477 B | 0644 |
|
| Updater.php | File | 193 B | 0644 |
|
| about.php | File | 7.4 KB | 0644 |
|
| accesscheck.php | File | 715 B | 0644 |
|
| addprefix.php | File | 1.01 KB | 0644 |
|
| adduser.php | File | 46 B | 0644 |
|
| admin.php | File | 12.77 KB | 0644 |
|
| adminattributes.php | File | 7.46 KB | 0644 |
|
| admins.php | File | 5.16 KB | 0644 |
|
| analytics.php | File | 2.84 KB | 0644 |
|
| attributes.php | File | 26.2 KB | 0644 |
|
| blacklistemail.php | File | 1.22 KB | 0644 |
|
| bounce.php | File | 11.14 KB | 0644 |
|
| bouncemgt.php | File | 1.44 KB | 0644 |
|
| bouncerule.php | File | 4.27 KB | 0644 |
|
| bouncerules.php | File | 6.33 KB | 0644 |
|
| bounces.php | File | 7.57 KB | 0644 |
|
| catlists.php | File | 3.34 KB | 0644 |
|
| checkbouncerules.php | File | 1.43 KB | 0644 |
|
| checki18n.php | File | 3.13 KB | 0644 |
|
| checkprerequisites.php | File | 1.62 KB | 0644 |
|
| class.image.inc | File | 3.9 KB | 0644 |
|
| class.phplistmailer.php | File | 30.73 KB | 0644 |
|
| class.phplistmailerbase.php | File | 1.67 KB | 0644 |
|
| community.php | File | 3.5 KB | 0644 |
|
| communityfeed.php | File | 2.36 KB | 0644 |
|
| configure.php | File | 7.85 KB | 0644 |
|
| connect.php | File | 89.86 KB | 0644 |
|
| convertstats.php | File | 5.83 KB | 0644 |
|
| converttoutf8.php | File | 3.78 KB | 0644 |
|
| cron.php | File | 3.34 KB | 0644 |
|
| date.php | File | 7.65 KB | 0644 |
|
| dbcheck.php | File | 3.7 KB | 0644 |
|
| defaultFrontendTexts.php | File | 9.79 KB | 0644 |
|
| defaultconfig.php | File | 30.66 KB | 0644 |
|
| defaultplugin.php | File | 31.59 KB | 0644 |
|
| defaults.php | File | 3.64 KB | 0644 |
|
| defaultsystemtemplate.php | File | 15.29 KB | 0644 |
|
| defaulttest.php | File | 1.23 KB | 0644 |
|
| dlusers.php | File | 235 B | 0644 |
|
| domainbounces.php | File | 507 B | 0644 |
|
| domainstats.php | File | 371 B | 0644 |
|
| editattributes.php | File | 8.78 KB | 0644 |
|
| editlist.php | File | 7.4 KB | 0644 |
|
| eventlog.php | File | 4.68 KB | 0644 |
|
| export.php | File | 6.86 KB | 0644 |
|
| exportuserdata.php | File | 8.26 KB | 0644 |
|
| fckphplist.php | File | 49.84 KB | 0644 |
|
| gchart.php | File | 903 B | 0644 |
|
| generatebouncerules.php | File | 5.51 KB | 0644 |
|
| home.php | File | 6.56 KB | 0644 |
|
| hostedprocessqueuesetup.php | File | 3.09 KB | 0644 |
|
| htaccess | File | 311 B | 0644 |
|
| image.php | File | 2.01 KB | 0644 |
|
| import.php | File | 2.75 KB | 0644 |
|
| import1.php | File | 11.09 KB | 0644 |
|
| import2.php | File | 34.16 KB | 0644 |
|
| import3.php | File | 22.72 KB | 0644 |
|
| import4.php | File | 16.86 KB | 0644 |
|
| importadmin.php | File | 17.08 KB | 0644 |
|
| importsimple.php | File | 7.32 KB | 0644 |
|
| index.php | File | 32.82 KB | 0644 |
|
| info.php | File | 1.07 KB | 0644 |
|
| init.php | File | 27.36 KB | 0644 |
|
| initialise.php | File | 12.05 KB | 0644 |
|
| initlanguages.php | File | 867 B | 0644 |
|
| languages.php | File | 21.37 KB | 0644 |
|
| lib.php | File | 86.79 KB | 0644 |
|
| list.php | File | 11.32 KB | 0644 |
|
| listbounces.php | File | 4.13 KB | 0644 |
|
| login.php | File | 6.39 KB | 0644 |
|
| logout.php | File | 865 B | 0644 |
|
| massremove.php | File | 2.55 KB | 0644 |
|
| mclicks.php | File | 7.28 KB | 0644 |
|
| members.php | File | 19.99 KB | 0644 |
|
| mergeduplicates.php | File | 4.48 KB | 0644 |
|
| message.php | File | 9.08 KB | 0644 |
|
| messages.php | File | 26.27 KB | 0644 |
|
| minify.txt | File | 201 B | 0644 |
|
| msgbounces.php | File | 3.4 KB | 0644 |
|
| msgstatus.php | File | 1.27 KB | 0644 |
|
| mviews.php | File | 6.27 KB | 0644 |
|
| mysql.inc | File | 40 B | 0644 |
|
| mysqli.inc | File | 14.02 KB | 0644 |
|
| pageaction.php | File | 1.11 KB | 0644 |
|
| phpListAdminAuthentication.php | File | 6.82 KB | 0644 |
|
| pluginlib.php | File | 9.43 KB | 0644 |
|
| plugins.php | File | 17.78 KB | 0644 |
|
| preparesend.php | File | 669 B | 0644 |
|
| processbounces.php | File | 35.36 KB | 0644 |
|
| processqueue.php | File | 3.71 KB | 0644 |
|
| readtestmail.php | File | 11.59 KB | 0644 |
|
| reconcileusers.php | File | 27.71 KB | 0644 |
|
| redirecttoupdater.php | File | 187 B | 0644 |
|
| reindex.php | File | 1.82 KB | 0644 |
|
| rsslib.php | File | 3.17 KB | 0644 |
|
| runcommand.php | File | 583 B | 0644 |
|
| send.php | File | 6.17 KB | 0644 |
|
| send_core.php | File | 63.91 KB | 0644 |
|
| sendemaillib.php | File | 69.84 KB | 0644 |
|
| sendprepared.php | File | 4.87 KB | 0644 |
|
| sessionlib.php | File | 2.7 KB | 0644 |
|
| setpermissions.php | File | 2.08 KB | 0644 |
|
| setup.php | File | 2.56 KB | 0644 |
|
| spage.php | File | 4.35 KB | 0644 |
|
| spageedit.php | File | 19.08 KB | 0644 |
|
| statsmgt.php | File | 1.23 KB | 0644 |
|
| statsoverview.php | File | 6.19 KB | 0644 |
|
| stresstest.php | File | 4.82 KB | 0644 |
|
| structure.php | File | 29.21 KB | 0644 |
|
| subscribelib2.php | File | 70.22 KB | 0644 |
|
| subscriberstats.php | File | 617 B | 0644 |
|
| suppressionlist.php | File | 1.71 KB | 0644 |
|
| system.php | File | 795 B | 0644 |
|
| systemstats.php | File | 5.73 KB | 0644 |
|
| template.php | File | 16.4 KB | 0644 |
|
| templates.php | File | 3.01 KB | 0644 |
|
| tests.php | File | 1.67 KB | 0644 |
|
| uclicks.php | File | 6.74 KB | 0644 |
|
| update.php | File | 187 B | 0644 |
|
| updateLib.php | File | 2.2 KB | 0644 |
|
| updatetlds.php | File | 358 B | 0644 |
|
| updatetranslation.php | File | 2.51 KB | 0644 |
|
| upgrade.php | File | 23.82 KB | 0644 |
|
| user.php | File | 23.08 KB | 0644 |
|
| usercheck.php | File | 2.55 KB | 0644 |
|
| userclicks.php | File | 11.57 KB | 0644 |
|
| userhistory.php | File | 8.25 KB | 0644 |
|
| usermgt.php | File | 1.9 KB | 0644 |
|
| users.php | File | 19.3 KB | 0644 |
|
| vCard.php | File | 1.9 KB | 0644 |
|
| viewmessage.php | File | 635 B | 0644 |
|
| viewtemplate.php | File | 1.86 KB | 0644 |
|
| vote.php | File | 38 B | 0644 |
|