}
if ($id) {
print '<div class="actionresult">';
reset($struct);
while (list($key, $val) = each($struct)) {
$a = $b = '';
if (strstr($val[1], ':')) {
list($a, $b) = explode(":", $val[1]);
}
if ($a != "sys" && isset($_POST[$key])) {
Sql_Query("update {$tables["admin"]} set {$key} = \"" . addslashes($_POST[$key]) . "\" where id = {$id}");
}
}
if (ENCRYPT_ADMIN_PASSWORDS && !empty($_POST['updatepassword'])) {
//Send token email.
print sendAdminPasswordToken($id) . '<br/>';
## check for password changes
} elseif (isset($_POST['password'])) {
# Sql_Query("update {$tables["admin"]} set password = \"".sql_escape($_POST['password'])."\" where id = $id");
}
if (isset($_POST["attribute"]) && is_array($_POST["attribute"])) {
while (list($key, $val) = each($_POST["attribute"])) {
Sql_Query(sprintf('replace into %s (adminid,adminattributeid,value)
values(%d,%d,"%s")', $tables["admin_attribute"], $id, $key, addslashes($val)));
}
}
$privs = array('subscribers' => !empty($_POST['subscribers']), 'campaigns' => !empty($_POST['campaigns']), 'statistics' => !empty($_POST['statistics']), 'settings' => !empty($_POST['settings']));
Sql_Query(sprintf('update %s set modified=now(), modifiedby = "%s", privileges = "%s" where id = %d', $GLOBALS['tables']["admin"], adminName($_SESSION["logindetails"]["id"]), sql_escape(serialize($privs)), $id));
print $GLOBALS['I18N']->get('Changes saved');
print '</div>';
} else {
logEvent(sprintf($GLOBALS['I18N']->get('invalid login from %s, tried logging in as %s'), $_SERVER['REMOTE_ADDR'], $_REQUEST["login"]));
$msg = $loginresult[1];
} else {
$_SESSION["adminloggedin"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["logindetails"] = array("adminname" => $_REQUEST["login"], "id" => $loginresult[0], "superuser" => $admin_auth->isSuperUser($loginresult[0]), "passhash" => sha1($_REQUEST["password"]));
##16692 - make sure admin permissions apply at first login
$GLOBALS["admin_auth"]->validateAccount($_SESSION["logindetails"]["id"]);
if (!empty($_POST["page"])) {
$page = preg_replace('/\\W+/', '', $_POST["page"]);
}
}
#If passwords are encrypted and a password recovery request was made, send mail to the admin of the given email address.
} elseif (isset($_REQUEST["forgotpassword"])) {
$adminId = $GLOBALS["admin_auth"]->adminIdForEmail($_REQUEST['forgotpassword']);
if ($adminId) {
$msg = sendAdminPasswordToken($adminId);
} else {
$msg = $GLOBALS['I18N']->get('Failed sending a change password token');
}
$page = "login";
} elseif (!isset($_SESSION["adminloggedin"]) || !$_SESSION["adminloggedin"]) {
#$msg = 'Not logged in';
$page = "login";
} elseif (CHECK_SESSIONIP && $_SESSION["adminloggedin"] && $_SESSION["adminloggedin"] != $_SERVER["REMOTE_ADDR"]) {
logEvent(sprintf($GLOBALS['I18N']->get('login ip invalid from %s for %s (was %s)'), $_SERVER['REMOTE_ADDR'], $_SESSION["logindetails"]['adminname'], $_SESSION["adminloggedin"]));
$msg = $GLOBALS['I18N']->get('Your IP address has changed. For security reasons, please login again');
$_SESSION["adminloggedin"] = "";
$_SESSION["logindetails"] = "";
$page = "login";
} elseif ($_SESSION["adminloggedin"] && $_SESSION["logindetails"]) {
$validate = $GLOBALS["admin_auth"]->validateAccount($_SESSION["logindetails"]["id"]);
# add a testlist
$info = $GLOBALS['I18N']->get('List for testing');
$result = Sql_query("insert into {$tables['list']} (name,description,entered,active,owner) values(\"test\",\"{$info}\",now(),0,1)");
$info = s('Sign up to our newsletter');
$result = Sql_query("insert into {$tables['list']} (name,description,entered,active,owner) values(\"newsletter\",\"{$info}\",now(),1,1)");
## add the admin to the lists
Sql_Query(sprintf('insert into %s (listid, userid, entered) values(%d,%d,now())', $tables['listuser'], 1, $userid));
Sql_Query(sprintf('insert into %s (listid, userid, entered) values(%d,%d,now())', $tables['listuser'], 2, $userid));
$uri = $_SERVER['REQUEST_URI'];
$uri = str_replace('?' . $_SERVER['QUERY_STRING'], '', $uri);
$body = '
Version: ' . VERSION . "\r\n" . ' Url: ' . $_SERVER['SERVER_NAME'] . $uri . "\r\n";
printf('<p class="information">' . $GLOBALS['I18N']->get('Success') . ': <a class="button" href="mailto:info@phplist.com?subject=Successful installation of phplist&body=%s">' . $GLOBALS['I18N']->get('Tell us about it') . '</a>. </p>', $body);
//printf('<p class="information">
//'.$GLOBALS['I18N']->get("Please make sure to read the file README.security that can be found in the zip file.").'</p>');
print subscribeToAnnouncementsForm($_REQUEST['adminemail']);
if (ENCRYPT_ADMIN_PASSWORDS && !empty($adminid)) {
print sendAdminPasswordToken($adminid);
}
# make sure the 0 template has the powered by image
$query = sprintf('insert into %s (template, mimetype, filename, data, width, height) values (0, "image/png", "powerphplist.png", "%s", 70, 30)', $GLOBALS['tables']['templateimage'], $newpoweredimage);
Sql_Query($query);
print '<div id="continuesetup" style="display:none;" class="fleft">' . $GLOBALS['I18N']->get('Continue with') . ' ' . PageLinkButton('setup', $GLOBALS['I18N']->get('phpList Setup')) . '</div>';
unset($_SESSION['hasI18Ntable']);
## load language files
# this is too slow
$GLOBALS['I18N']->initFSTranslations();
} else {
print '<div class="initialiseOptions"><ul><li>' . s('Maybe you want to') . ' ' . PageLinkButton('upgrade', s('Upgrade')) . ' ' . s('instead?') . '</li>
<li>' . PageLinkButton('initialise', s('Force Initialisation'), 'force=yes') . ' ' . s('(will erase all data!)') . ' ' . "</li></ul></div>\n";
}
